[Bug]: F5 WAF for NGINX's IP intelligence doesn't work with example Docker compose file.

[0jsong]

Describe the bug you have identified

Hi.
I followed the IP Intelligence documentation using the provided Docker Compose file.
I can see that the container is running correctly and the WAF policy with IP Intelligence is applied, but requests from known malicious IPs(Tor browser) are not being blocked.

When I added /var/IpRep volumes on waf-enforcer container, request with Tor browser was blocked.

services:
  waf-enforcer:
    container_name: waf-enforcer
    image: waf-enforcer:5.9.0
    environment:
      - ENFORCER_PORT=50000
    ports:
      - "50000:50000"
    volumes:
      - /opt/app_protect/bd_config:/opt/app_protect/bd_config
      - /var/IpRep:/var/IpRep  # added IpRep volume

......

I found this by checking the Modify Manifest configuration files section in the documentation, which shows that the /var/IpRep directory should be shared with the waf-enforcer container.
It seems that this step is missing from the Docker Compose example.

Which product or products does this request relate to?

F5 WAF for NGINX

Steps to reproduce the bug

Deploy IP intelligence container with guide(https://docs.nginx.com/waf/policies/ip-intelligence/#modify-docker-compose-file).

What is the expected or desired behaviour?

IP intelligence blocks request from malicious IP.

What environments or versions does this bug affect?

• NGINX Plus R35
• F5 WAF for NGINX 5.9.0

Any additional information

No response

[ADubhlaoich]

Thanks for the report, @0jsong!

I am working on a PR with a few WAF improvements: the detail you've given makes this very easy to implement.

I appreciate it.