nginx · ADubhlaoich · Jul 10, 2025 · Jul 10, 2025 · Aug 11, 2025 · Aug 13, 2025
@@ -0,0 +1,39 @@
+---
+# The title is the product name
+title: "F5 WAF for NGINX"
+# The URL is the base of the deployed path, becoming "docs.nginx.com/<url>/<other-pages>"
+url: /waf/
+# The cascade directive applies its nested parameters down the page tree until overwritten
+cascade:
+  # The logo file is resolved from the theme, in the folder /static/images/icons/
+  logo: NGINX-App-Protect-WAF-product-icon.svg
+# The subtitle displays directly underneath the heading of a given page
+nd-subtitle: A lightweight, high-performance web application firewall for protecting APIs and applications
+# Indicates that this is a custom landing page
+nd-landing-page: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: landing-page
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
+---
+
+## About
+
+Defend your applications and APIs with a software security solution that seamlessly integrates into DevOps environments as a lightweight web application firewall (WAF), layer 7 denial-of-service (DoS) protection, bot protection, API security, and threat intelligence services.
+
+## Featured content
+
+{{<card-layout>}}
+  {{<card-section showAsCards="true" isFeaturedSection="true">}}
+  {{<card title="Overview" titleUrl="/waf/fundamentals/overview">}}
+      Learn about how F5 WAF for NGINX works and how it can be used to protect your applications
+    {{</card>}}
+    {{<card title="Install F5 WAF for NGINX" titleUrl="/waf/install" >}}
+      Explore the methods available to deploy F5 WAF for NGINX in your environment
+    {{</card>}}
+    {{<card title="Changelog" titleUrl="/waf/changelog">}}
+      Review the latest changes and improvements to F5 WAF for NGINX
+    {{</card>}}
+  {{</card-section>}}
+{{</card-layout>}}
@@ -0,0 +1,159 @@
+---
+# We use sentence case and present imperative tone
+title: "Changelog"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 800
+# Creates a table of contents and sidebar, useful for large documents
+toc: true
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: reference
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
+---
+
+{{< call-out "warning" "Information architecture note" >}}
+
+The design intention for this page is to act as a single reference point for changes between each release. "Changelog" is the term being adopted across the entire NGINX product ecosystem.
+
+Since both versions of NGINX App Protect WAF are released at the same time, they can be stored in the same note. Change items for only one specific version are explicitly annotated when necessary.
+
+Updating the content of this page will likely be automated in the future, following some procedural changes to how tickets are managed within JIRA.
+
+{{</ call-out>}}
+
+This changelog lists all of the information for F5 WAF for NGINX releases in 2025.
+
+For older releases, check the changelogs for previous years: [2024](), [2023]().
+
+## NGINX App Protect WAF 5.7 / 4.15
+
+### New features
+
+- Added support for Rocky Linux 9
+- Added support for IP Intelligence
+- Added support for Override rules for IP Address Lists
+
+### Important notes
+
+- Ubuntu 20.04 is no longer supported
+- (12447) Upgrade libk5crypto3 package
+- (12520) Upgrade Go compiler to 1.23.8
+
+### Resolved issues
+
+- (12527) Remove CPAN - installed certs and source files
+- (11112) Remove systemd/init.d leftovers in NAP WAF v5 pkgs
+- (12400) Cookie attributes are not added to a TS cookie when there is more than one TS cookie
+- (12498) Undefined behavior when using huge XFF
+- (12731) Multiple clean_resp_reset internal error messages in logs when loading NAP
+
+### 5.7 packages
+
+#### NGINX Open Source
+
+| Distribution name        | Package file                                                      |
+|--------------------------|-------------------------------------------------------------------|
+| Alpine 3.19              | _app-protect-module-oss-1.27.4+5.442.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.27.4+5.442.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.27.4+5.442.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.27.4+5.442.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.27.4+5.442.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect-module-oss_1.27.4+5.442.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-oss_1.27.4+5.442.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.27.4+5.442.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-module-oss-1.27.4+5.442.0-1.el9.ngx.x86_64.rpm_      |
+
+#### NGINX Plus
+
+| Distribution name        | Package file                                                   |
+|--------------------------|----------------------------------------------------------------|
+| Alpine 3.19              | _app-protect-module-plus-34+5.442.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-plus-34+5.442.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-plus_34+5.442.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-plus_34+5.442.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-plus-34+5.442.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect-module-plus_34+5.442.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-plus_34+5.442.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-plus-34+5.442.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-module-plus-34+5.442.0-1.el9.ngx.x86_64.rpm_      |
+
+### 4.15 packages
+
+| Distribution name        | Package file                                       |
+|--------------------------|----------------------------------------------------|
+| Alpine 3.19              | _app-protect-34.5.442.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-34+5.442.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect_34+5.442.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect_34+5.442.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect_34+5.442.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect_34+5.442.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9 and Rocky Linux 9 | _app-protect-34+5.442.0-1.el9.ngx.x86_64.rpm_      |
+
+## NGINX App Protect WAF 5.6 / 4.14
+
+### New features
+
+- Added support for NGINX Plus R34
+- **5.6 Only:** You can now [deploy NGINX App Protect WAF 5+ using a Helm chart]({{< ref "/nap-waf/v5/admin-guide/deploy-with-helm.md">}})
+
+### Important notes
+
+- Alpine 3.17 is no longer supported
+
+### Resolved issues
+
+- Upgraded the Go compiler to 1.23.7
+- (12140) Changed the maximum memory of the XML processing engine to 8GB
+- (12254) A modified YAML file referenced by a JSON policy file causes a reload error when running `nginx -t`
+- (12296) "Violation Bad Unescape" is not enabled by default
+- (12297) "Violation Encoding" is not enabled by default
+
+### 5.6 packages
+
+#### NGINX Open Source
+
+| Distribution name        | Package file                                                      |
+|--------------------------|-------------------------------------------------------------------|
+| Alpine 3.19              | _app-protect-module-oss-1.27.4+5.342.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-oss-1.27.4+5.342.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-oss_1.27.4+5.342.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-oss_1.27.4+5.342.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-oss-1.27.4+5.342.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-oss_1.27.4+5.342.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-oss_1.27.4+5.342.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-oss_1.27.4+5.342.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.27.4+5.342.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-oss-1.27.4+5.342.0-1.el9.ngx.x86_64.rpm_      |
+
+#### NGINX Plus
+
+| Distribution name        | Package file                                                   |
+|--------------------------|----------------------------------------------------------------|
+| Alpine 3.19              | _app-protect-module-plus-34+5.342.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-module-plus-34+5.342.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect-module-plus_34+5.342.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect-module-plus_34+5.342.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-module-plus-34+5.342.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect-module-plus_34+5.342.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect-module-plus_34+5.342.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect-module-plus_34+5.342.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-module-plus-34+5.342.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-module-plus-34+5.342.0-1.el9.ngx.x86_64.rpm_      |
+
+### 4.14 packages
+
+| Distribution name        | Package file                                       |
+|--------------------------|----------------------------------------------------|
+| Alpine 3.19              | _app-protect-34.5.342.0-r1.apk_                    |
+| Amazon Linux 2023        | _app-protect-34+5.342.0-1.amzn2023.ngx.x86_64.rpm_ |
+| Debian 11                | _app-protect_34+5.342.0-1\~bullseye_amd64.deb_     |
+| Debian 12                | _app-protect_34+5.342.0-1\~bookworm_amd64.deb_     |
+| Oracle Linux 8.1         | _app-protect-34+5.342.0-1.el8.ngx.x86_64.rpm_      |
+| Ubuntu 20.04             | _app-protect_34+5.342.0-1\~focal_amd64.deb_        |
+| Ubuntu 22.04             | _app-protect_34+5.342.0-1\~jammy_amd64.deb_        |
+| Ubuntu 24.04             | _app-protect_34+5.342.0-1\~noble_amd64.deb_        |
+| RHEL 8 and Rocky Linux 8 | _app-protect-34+5.342.0-1.el8.ngx.x86_64.rpm_      |
+| RHEL 9                   | _app-protect-34+5.342.0-1.el9.ngx.x86_64.rpm_      |
@@ -0,0 +1,6 @@
+---
+title: "Features"
+url: /app-protect-waf/features/
+weight: 700
+draft: true
+---
@@ -0,0 +1,5 @@
+---
+title: "Fundamentals"
+url: /app-protect-waf/fundamentals/
+weight: 100
+---
@@ -0,0 +1,38 @@
+---
+# We use sentence case and present imperative tone
+title: "Overview"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: how-to
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
+---
+
+{{< call-out "warning" "Information architecture note" >}}
+
+The design intention for this page is to describing what NGINX App Protect is, expanding on the detail from the [landing page]({{< ref "/waf/" >}}).
+
+It is also an opportunity to explain the difference between NGINX App Protect versions, and how integrates with other products in the NGINX ecosystem.
+
+The text here will likely be synthesized from the Overview descriptions at the top of the [Administration Guides]({{< ref "/nap-waf/v4/admin-guide/install.md#overview" >}}), but there's also detail from [F5.com](https://www.f5.com/products/nginx/nginx-app-protect) that can be added.
+
+{{< /call-out >}}
+
+[F5 WAF for NGINX](https://www.f5.com/products/nginx/nginx-app-protect) is an advanced, lightweight and high-performance web application firewall (WAF) for applications and APIs. 
+
+It provides protection for the OWASP Top 10, with additional functionality:
+
+- HTTP response inspection and protocol compliance
+- Data schema validation (JSON & XML)
+- Meta character checking
+- Disallowing file types
+
+For more details, see the [Supported Security Policy features]({{< ref "/waf/fundamentals/technical-specifications.md#supported-security-policy-features">}}).
+
+F5 WAF for NGINX is part of the [NGINX One](https://www.f5.com/products/nginx/one) premium packages and runs natively on [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) and [NGINX Ingress Controller](https://www.f5.com/products/nginx/nginx-ingress-controller). 
+
+It is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.
@@ -0,0 +1,59 @@
+---
+# We use sentence case and present imperative tone
+title: "Technical specifications"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 200
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: reference
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
+---
+
+{{< call-out "warning" "Information architecture note" >}}
+
+The design intention for this page is to act as a single source of truth for supported operating systems and version compatibility.
+
+It follows a design pattern set by other NGINX product sets, showing various compatibility matrices:
+
+- [NGINX Plus]({{< ref "/nginx/technical-specs.md" >}})
+- [NGINX Instance Manager]({{< ref "/nim/fundamentals/tech-specs.md" >}})
+- [NGINX Ingress Controller]({{< ref "/nic/technical-specifications.md" >}})
+
+It is also where information about the [Supported Security Policy Features]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#supported-security-policy-features" >}}) could be referenced, though most of that detail will instead be kept in the new top-level "Policies" section.
+
+{{</ call-out>}}
+
+This page outlines the technical specifications for F5 WAF for NGINX, which includes the minimum requirements and supported platforms.
+
+## Supported deployment environments
+
+You can deploy F5 WAF for NGINX in the following environments:
+
+- **Virtual environment** (or bare metal)
+- **Container** (Docker)
+- **Kubernetes**
+
+View the [Install section]({{< ref "/waf/install/" >}}) for information on deploying F5 WAF for NGINX.
+
+## Supported operating systems
+
+| Distribution       | Version      |
+| ------------------ | ------------ |
+| Alpine Linux       | 3.19         |
+| Amazon Linux       | 2023         |
+| Debian             | 11, 12       |
+| Oracle Linux       | 8.1          |
+| Ubuntu             | 22.04, 24.04 |
+| RHEL / Rocky Linux | 8, 9         |
+
+For release-specific packages, view the [Changelog]({{< ref "/waf/changelog.md" >}}).
+
+
+## Supported Security Policy features
+
+The following Security Policy features are available with F5 WAF for NGINX.
+
+For additional information on each feature, view the [Configuring Policies]({{< ref "/waf/policies/configuration.md" >}}) topic.