nginx · mjang · Nov 5, 2025 · Nov 5, 2025 · Nov 5, 2025
@@ -7,9 +7,7 @@ weight: 300
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: WAF
 ---
 
 This document describes how to use the F5 WAF for NGINX compiler, a tool for converting security policies and logging profiles from JSON to a bundle file that F5 WAF can process and apply.
@@ -64,7 +62,7 @@ This example Dockerfile is based on a Debian image.
 
 ```dockerfile
 # syntax=docker/dockerfile:1
-ARG BASE_IMAGE=private-registry.nginx.com/nap/waf-compiler:<version-tag>
+ARG BASE_IMAGE=private-registry.nginx.com/nap/waf-compiler:{{< version-waf-compiler >}}
 FROM ${BASE_IMAGE}
 
 # Installing packages as root
@@ -114,23 +112,6 @@ Replace `<path-to-your-nginx-repo.key>` with the location of your client key and
 curl -s https://private-registry.nginx.com/v2/nap/waf-compiler/tags/list --key <path-to-your-nginx-repo.key> --cert <path-to-your-nginx-repo.crt>
 ```
 
-```json
-{
-  "name": "nap/waf-compiler",
-  "tags": [
-    "1.0.0",
-    "5.1.0",
-    "5.2.0"
-  ]
-}
-```
-
-{{< call-out "note" >}}
-
-The [jq](https://jqlang.github.io/jq/) command was used to format the example output.
-
-{{< /call-out >}}
-
 ## Build the container image
 
 Run the following command to build your image, where `waf-compiler-<version-tag>:custom` is an example of the image tag:
@@ -190,7 +171,7 @@ To compile a policy with global settings, add the `-g` parameter:
 ```shell
 docker run --rm \
  -v $(pwd):$(pwd) \
- waf-compiler-1.0.0:custom \
+ waf-compiler-<version-tag>:custom \
  -g $(pwd)/global_settings.json -p $(pwd)/policy.json -o $(pwd)/compiled_policy.tgz
 ```
 
@@ -199,7 +180,7 @@ You can incorporate the source of the policy (as `policy.json`) or logging profi
 ```shell
 docker run --rm \
  -v $(pwd):$(pwd) \
- waf-compiler-1.0.0:custom \
+ waf-compiler-<version-tag>:custom \
  -include-source -full-export -g $(pwd)/global_settings.json -p $(pwd)/policy.json -o $(pwd)/compiled_policy.tgz
 ```
 
@@ -236,6 +217,7 @@ When [configuring policies]({{< ref "/waf/policies/configuration.md">}}), you ma
 There are ways to remediate them based on the context:
 
 {{< table >}}
+
 | Description             | Solution  |
 | ----------------------- | --------  |
 | _Expected declarative policy_ | Ensure the JSON of the policy is well-formed | 
@@ -248,6 +230,7 @@ There are ways to remediate them based on the context:
 | _Duplicate policy name found_ | Don't compile multiple policies with the same name, or one policy to multiple bundles. Each policy can be compiled once but a bundle can be re-used. |
 | _Duplicate logging profile name found_ | Don't compile the same logging profile to multiple bundles. Each profile can be compiled once but a bundle can be re-used. |
 | _Timeout waiting for enforcer_ | Likely an internal issue: [contact Support]({{< ref "/waf/support.md" >}}) |
+
 {{< /table >}}
 
 ## Global settings

@@ -14,6 +14,8 @@ nd-product: NAP-WAF
 
 This page outlines the technical specifications for F5 WAF for NGINX, which includes the minimum requirements and supported platforms.
 
+The latest version of F5 WAF for NGINX is {{< version-waf >}}.
+
 ## Resource limitations
 
 - F5 WAF for NGINX supports a **maximum** of **127** CPU cores.

@@ -7,9 +7,7 @@ weight: 500
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: WAF
 ---
 
 This topic describes how to install F5 WAF for NGINX in a disconnected or air-gapped environment.
@@ -48,7 +46,6 @@ You will need `git` and `wget` in your connected environment.
 
 Run the following two commands: replace `<hugo-release>` with the tarball appropriate to the environment from [the release page](https://github.com/gohugoio/hugo/releases/tag/v0.147.8):
 
-
 ```shell
 git clone git@github.com:nginx/documentation.git
 wget <hugo-release>
@@ -97,10 +94,10 @@ Once you've obtained the package files and transferred them to your disconnected
 After pulling or building Docker images in a connected environment, you can save them to `.tar` files:
 
 ```shell
-docker save -o waf-enforcer.tar waf-enforcer:5.2.0
-docker save -o waf-config-mgr.tar waf-config-mgr:5.2.0
+docker save -o waf-enforcer.tar waf-enforcer:{{< version-waf-enforcer >}}
+docker save -o waf-config-mgr.tar waf-config-mgr:{{< version-waf-config-mgr >}}
 # Optional, if using IP intelligence
-docker save -o waf-ip-intelligence.tar waf-ip-intelligence:5.2.0
+docker save -o waf-ip-intelligence.tar waf-ip-intelligence:{{< version-waf-ip-intelligence >}}
 ```
 
 You can then transfer the files and load the images in your disconnected environment:
@@ -112,5 +109,4 @@ docker load -i waf-config-mgr.tar
 docker load -i waf-ip-intelligence.tar
 ```
 
-Ensure your Docker compose files use the tagged images you've transferred.
-
+Ensure your Docker compose files use the tagged images you've transferred.
@@ -7,9 +7,7 @@ weight: 400
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: WAF
 ---
 
 This page describes how to install F5 WAF for NGINX using Docker. 
@@ -466,7 +464,7 @@ services:
 
   waf-enforcer:
     container_name: waf-enforcer
-    image: waf-enforcer:5.2.0
+    image: waf-enforcer:{{< version-waf-enforcer >}}
     environment:
       - ENFORCER_PORT=50000
     ports:
@@ -479,7 +477,7 @@ services:
 
   waf-config-mgr:
     container_name: waf-config-mgr
-    image: waf-config-mgr:5.2.0
+    image: waf-config-mgr:{{< version-waf-config-mgr >}}
     volumes:
       - /opt/app_protect/bd_config:/opt/app_protect/bd_config
       - /opt/app_protect/config:/opt/app_protect/config

@@ -11,9 +11,7 @@ nd-banner:
     md: /_banners/waf-early-availability.md
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: WAF
 ---
 
 There are two new features available for Kubernetes through early access:
@@ -278,7 +276,7 @@ appprotect:
       ## The image repository of the WAF Config Mgr
       repository: private-registry.nginx.com/nap/waf-config-mgr
       ## The tag of the WAF Config Mgr image
-      tag: 5.9.0
+      tag: {{< version-waf-config-mgr >}}
     ## The pull policy for the WAF Config Mgr image
     imagePullPolicy: IfNotPresent
     ## The resources of the Waf Config Manager container
@@ -295,7 +293,7 @@ appprotect:
       ## The image repository of the WAF Enforcer
       repository: private-registry.nginx.com/nap/waf-enforcer
       ## The tag of the WAF Enforcer image
-      tag: 5.9.0
+      tag: {{< version-waf-enforcer >}}
     ## The pull policy for the WAF Enforcer image
     imagePullPolicy: IfNotPresent
     ## The environment variable for enforcer port to be set on the WAF Enforcer container
@@ -316,7 +314,7 @@ appprotect:
       ## The image repository of the WAF IP Intelligence
       repository: private-registry.nginx.com/nap/waf-ip-intelligence
       ## The tag of the WAF IP Intelligence
-      tag: 5.9.0
+      tag: {{< version-waf-ip-intelligence >}}
     ## The pull policy for the WAF IP Intelligence
     imagePullPolicy: IfNotPresent
     ## The resources of the WAF IP Intelligence container
@@ -336,16 +334,16 @@ appprotect:
     ## The image repository of the WAF Policy Controller
     image:
       repository: private-registry.nginx.com/nap/waf-policy-controller
-      ## The tag of the WAF Policy COntroller
-      tag: 5.9.0
+      ## The tag of the WAF Policy Controller
+      tag: {{< version-waf-policy-controller >}}
       ## The pull policy for the WAF Policy Controller
       imagePullPolicy: IfNotPresent
     wafCompiler:
       ## The image repository of the WAF Compiler
       image:
         repository: private-registry.nginx.com/nap/waf-compiler
          ## The tag of the WAF Compiler image
-        tag: 5.9.0
+        tag: {{< version-waf-compiler >}}
     ## Save logs before deleting a job or not
     enableJobLogSaving: false
     ## The resources of the WAF Policy Controller
@@ -710,13 +708,15 @@ kubectl apply -f apple-usersig.yaml -n <namespace>
 You can check the status of your resources using `kubectl get` or `kubectl describe`.
 
 The Policy Controller will show status information including:
+
 - Bundle location
 - Compilation status
 - Signature update timestamps
 
 ```shell
 kubectl get appolicy dataguard-blocking -n <namespace> -o yaml
 ```
+
 ```yaml
 apiVersion: appprotect.f5.com/v1
 kind: APPolicy
@@ -744,6 +744,7 @@ status:
 ```shell
 kubectl describe appolicy dataguard-blocking -n <namespace>
 ```
+
 ```text
 Name:         dataguard-blocking
 Namespace:    localenv-plm
@@ -1323,7 +1324,6 @@ The Policy Controller will detect the file changes and recompile automatically.
 
 Regardless of the policy type used, you can monitor the status of your policies using standard Kubernetes commands:
 
-
 ```shell
 kubectl get appolicy -n <namespace>
 kubectl describe appolicy <policy-name> -n <namespace>
@@ -1358,19 +1358,19 @@ status:
 
 ## Possible issues
 
-**Policy Controller does not start**
+_Policy Controller does not start:_
 
 - Verify the CRDs are installed: `kubectl get crds | grep appprotect.f5.com`
 - Check the pod logs: `kubectl logs <policy-controller-pod> -n <namespace>`
 - Ensure proper RBAC permissions are configured
 
-**Policies fail to compile**
+_Policies fail to compile:_
 
 - Check Policy Controller logs for compilation errors
 - Verify the WAF compiler image is accessible
 - Ensure the policy syntax is valid
 
-**Issues with bundle storage**
+_Issues with bundle storage:_
 
 - Verify the persistent volume is properly mounted
 - Check storage permissions (Should be 101:101)

@@ -7,9 +7,7 @@ weight: 200
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: WAF
 ---
 
 This page describes how to install F5 WAF for NGINX using Kubernetes.
@@ -237,6 +235,7 @@ To get the Helm chart, first configure Docker for the F5 Container Registry.
 {{< include "waf/install-services-registry.md" >}}
 
 Then use `helm pull` to get the chart, replacing `<release-version>`:
+
 ```shell
 helm pull oci://private-registry.nginx.com/nap/nginx-app-protect --version <release-version> --untar
 ```
@@ -305,6 +304,7 @@ This table lists the configurable parameters of the F5 WAF for NGINX Helm chart
 To understand the _mTLS Configuration_ options, view the [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topic.
 
 {{< table >}}
+
 | **Topic** | **Parameter** | **Description** | **Default value** |
 |-------------|---------|-----------------|-------------------|
 | **Namespace** | _namespace_ | The target Kubernetes namespace where the Helm chart will be deployed. | N/A |
@@ -316,17 +316,17 @@ To understand the _mTLS Configuration_ options, view the [Secure traffic using m
 | | _appprotect.nginx.imagePullPolicy_ | Image pull policy. | IfNotPresent |
 | | _appprotect.nginx.resources_ | The resources of the NGINX container. | requests: cpu=10m,memory=16Mi |
 | **WAF Config Manager** | _appprotect.wafConfigMgr.image.repository_ | Docker image repository for the WAF Configuration Manager. | private-registry.nginx.com/nap/waf-config-mgr |
-| | _appprotect.wafConfigMgr.image.tag_ | Docker image tag for the WAF Configuration Manager. | 5.6.0 |
+| | _appprotect.wafConfigMgr.image.tag_ | Docker image tag for the WAF Configuration Manager. | {{< version-waf-config-mgr >}} |
 | | _appprotect.wafConfigMgr.imagePullPolicy_ | Image pull policy. | IfNotPresent |
 | | _appprotect.wafConfigMgr.resources_ | The resources of the WAF Config Manager container. | requests: cpu=10m,memory=16Mi |
 | **WAF Enforcer** | _appprotect.wafEnforcer.image.repository_ | Docker image repository for the WAF Enforcer. | private-registry.nginx.com/nap/waf-enforcer |
-| | _appprotect.wafEnforcer.image.tag_ | Docker image tag for the WAF Enforcer. | 5.6.0 |
+| | _appprotect.wafEnforcer.image.tag_ | Docker image tag for the WAF Enforcer. | {{< version-waf-enforcer >}} |
 | | _appprotect.wafEnforcer.imagePullPolicy_ | Image pull policy. | IfNotPresent |
 | | _appprotect.wafEnforcer.env.enforcerPort_ | Port for the WAF Enforcer. | 50000 |
 | | _appprotect.wafEnforcer.resources_ | The resources of the WAF Enforcer container. | requests: cpu=20m,memory=256Mi |
 | **WAF IP Intelligence** | _appprotect.wafIpIntelligence.enable | Enable or disable the use of the IP intelligence container | false |
 | | _appprotect.wafIpIntelligence.image.repository_ | Docker image repository for the WAF IP Intelligence. | private-registry.nginx.com/nap/waf-ip-intelligence |
-| | _appprotect.wafIpIntelligence.image.tag_ | Docker image tag for the WAF Enforcer. | 5.6.0 |
+| | _appprotect.wafIpIntelligence.image.tag_ | Docker image tag for the WAF Enforcer. | {{< version-waf-ip-intelligence >}} |
 | | _appprotect.wafIpIntelligence.imagePullPolicy_ | Image pull policy. | IfNotPresent |
 | | _appprotect.wafIpIntelligence.resources_ | The resources of the WAF Enforcer container. | requests: cpu=10m,memory=256Mi |
 | **Config** | _appprotect.config.name_ | The name of the ConfigMap used by the NGINX container. | nginx-config |
@@ -353,6 +353,7 @@ To understand the _mTLS Configuration_ options, view the [Secure traffic using m
 | | _appprotect.storage.pvc.bundlesPvc.storageClass_ | Storage class for PVC. | manual |
 | | _appprotect.storage.pvc.bundlesPvc.storageRequest_ | Storage request size. | 2Gi |
 | **Docker Configuration** | _dockerConfigJson_ | A base64-encoded string representing the Docker registry credentials in JSON format. | N/A |
+
 {{< /table >}}
 
 ## Use Manifests to install F5 WAF for NGINX
@@ -538,7 +539,6 @@ spec:
 
 {{< /tabs >}}
 
-
 ### Start the Manifest deployment
 
 From the folder containing the YAML files from the previous step (Suggested as `/manifests`), deploy F5 WAF for NGINX using `kubectl`:

@@ -7,9 +7,7 @@ weight: 1600
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: WAF
 ---
 
 F5 WAF for NGINX has an IP intelligence feature which allows you to customize enforcement based on the source IP address of a request. This allows you to limit access from specific IP addresses. 
@@ -106,7 +104,7 @@ Modify the _original docker-compose.yml_ file to include the IP intelligence con
 services:
   waf-enforcer:
     container_name: waf-enforcer
-    image: waf-enforcer:5.7.0
+    image: waf-enforcer:{{< version-waf-enforcer >}}
     environment:
       - ENFORCER_PORT=50000
     ports:
@@ -122,7 +120,7 @@ services:
 
   waf-config-mgr:
     container_name: waf-config-mgr
-    image: waf-config-mgr:5.7.0
+    image: waf-config-mgr:{{< version-waf-config-mgr >}}
     volumes:
       - /opt/app_protect/bd_config:/opt/app_protect/bd_config
       - /opt/app_protect/config:/opt/app_protect/config
@@ -135,7 +133,7 @@ services:
 
    waf-ip-intelligence:
     container_name: waf-ip-intelligence
-    image: waf-ip-intelligence:5.7.0
+    image: waf-ip-intelligence:{{< version-waf-ip-intelligence >}}
     volumes:
       - /var/IpRep:/var/IpRep
     networks:
@@ -238,7 +236,6 @@ spec:
             claimName: nap5-bundles-pvc
 ```
 
-
 Once complete, you can now [Configure policies for IP intelligence](#configure-policies-for-ip-intelligence).
 
 ## Configure policies for IP intelligence

@@ -0,0 +1 @@
+5.9.0
@@ -0,0 +1 @@
+5.9.0
@@ -0,0 +1 @@
+5.7.0
@@ -0,0 +1 @@
+5.9.0
@@ -0,0 +1 @@
+5.9.0
@@ -0,0 +1 @@
+5.9