From 49291e7da9305b267396636fe26c2aee32f49657 Mon Sep 17 00:00:00 2001 From: Alan Dooley Date: Wed, 15 Oct 2025 12:52:23 +0100 Subject: [PATCH 1/3] feat: Add F5 WAF NGINX configuration examples --- .../waf/install-update-configuration.md | 94 ++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index cbe4183e0..f9a9bd546 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -26,4 +26,96 @@ You should only enable F5 WAF for NGINX on _proxy_pass_ and _grpc_pass_ location {{< /call-out >}} -Here are two examples of how these additions could look in configuration files: \ No newline at end of file +Here are two examples of how these additions could look in configuration files: + +{{< tabs name="configuration-examples" >}} + +{{% tab name="nginx.conf" %}} + +The default path for this file is _/etc/nginx/nginx.conf_. + +```nginx {hl_lines=[5, 33]} +user nginx; +worker_processes auto; + +# F5 WAF for NGINX +load_module modules/ngx_http_app_protect_module.so; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + # F5 WAF for NGINX + app_protect_enforcer_address 127.0.0.1:50000; + + include /etc/nginx/conf.d/*.conf; +} +``` + +{{% /tab %}} + +{{% tab name="default.conf" %}} + +The default path for this file is _/etc/nginx/conf.d/default.conf_. + +```nginx {hl_lines=[10]} +server { + listen 80; + server_name domain.com; + + proxy_http_version 1.1; + + location / { + + # F5 WAF for NGINX + app_protect_enable on; + + client_max_body_size 0; + default_type text/html; + proxy_pass http://127.0.0.1:8080/; + } +} + +server { + listen 8080; + server_name localhost; + + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} +``` + +{{% /tab %}} + +{{< /tabs >}} \ No newline at end of file From 25ff74072abe58121991e08194a213054b91649a Mon Sep 17 00:00:00 2001 From: Alan Dooley Date: Wed, 15 Oct 2025 13:34:16 +0100 Subject: [PATCH 2/3] Update content/includes/waf/install-update-configuration.md --- content/includes/waf/install-update-configuration.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index f9a9bd546..9e37a2bee 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -84,7 +84,6 @@ server { listen 80; server_name domain.com; - proxy_http_version 1.1; location / { From d628b0ea135ab7dc4b7b0be6e88fc4b04c18315e Mon Sep 17 00:00:00 2001 From: Alan Dooley Date: Wed, 15 Oct 2025 17:23:34 +0100 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> --- content/includes/waf/install-update-configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index 9e37a2bee..4ace1a9cb 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -32,7 +32,7 @@ Here are two examples of how these additions could look in configuration files: {{% tab name="nginx.conf" %}} -The default path for this file is _/etc/nginx/nginx.conf_. +The default path for this file is `_/etc/nginx/nginx.conf_`. ```nginx {hl_lines=[5, 33]} user nginx; @@ -77,7 +77,7 @@ http { {{% tab name="default.conf" %}} -The default path for this file is _/etc/nginx/conf.d/default.conf_. +The default path for this file is `_/etc/nginx/conf.d/default.conf_`. ```nginx {hl_lines=[10]} server {