diff --git a/content/includes/dos/dockerfiles/alpine-ebpf-manager.md b/content/includes/dos/dockerfiles/alpine-ebpf-manager.md index 0174515b51..a17bd522a0 100644 --- a/content/includes/dos/dockerfiles/alpine-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/alpine-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/amazon-ebpf-manager.md b/content/includes/dos/dockerfiles/amazon-ebpf-manager.md index 25e1ac7fbd..f374bbdf12 100644 --- a/content/includes/dos/dockerfiles/amazon-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/amazon-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/amazon-plus-dos-waf.md b/content/includes/dos/dockerfiles/amazon-plus-dos-waf.md index 490707482e..b4ab92fbe3 100644 --- a/content/includes/dos/dockerfiles/amazon-plus-dos-waf.md +++ b/content/includes/dos/dockerfiles/amazon-plus-dos-waf.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/debian-ebpf-manager.md b/content/includes/dos/dockerfiles/debian-ebpf-manager.md index e07085279a..b6740a0ccf 100644 --- a/content/includes/dos/dockerfiles/debian-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/debian-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/debian-plus-dos-waf.md b/content/includes/dos/dockerfiles/debian-plus-dos-waf.md index 36bcd75b40..34a0db700d 100644 --- a/content/includes/dos/dockerfiles/debian-plus-dos-waf.md +++ b/content/includes/dos/dockerfiles/debian-plus-dos-waf.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/debian-plus-dos.md b/content/includes/dos/dockerfiles/debian-plus-dos.md index f6e18824c0..fb4dd84009 100644 --- a/content/includes/dos/dockerfiles/debian-plus-dos.md +++ b/content/includes/dos/dockerfiles/debian-plus-dos.md @@ -1,5 +1,9 @@ --- nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nap-dos/deployment-guide/kubernetes.md +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/rhel10-ebpf-manager.md b/content/includes/dos/dockerfiles/rhel10-ebpf-manager.md index 6ccff4cdbe..82d54eea3e 100644 --- a/content/includes/dos/dockerfiles/rhel10-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/rhel10-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/rhel10-plus-dos.md b/content/includes/dos/dockerfiles/rhel10-plus-dos.md index f0b4a3d515..6152ed712d 100644 --- a/content/includes/dos/dockerfiles/rhel10-plus-dos.md +++ b/content/includes/dos/dockerfiles/rhel10-plus-dos.md @@ -1,5 +1,9 @@ --- nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nap-dos/deployment-guide/kubernetes.md +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/rhel8-ebpf-manager.md b/content/includes/dos/dockerfiles/rhel8-ebpf-manager.md index bf316a7592..cb6f918485 100644 --- a/content/includes/dos/dockerfiles/rhel8-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/rhel8-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/rhel9-ebpf-manager.md b/content/includes/dos/dockerfiles/rhel9-ebpf-manager.md index 640b585272..7d7e2ebd52 100644 --- a/content/includes/dos/dockerfiles/rhel9-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/rhel9-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/rocky9-ebpf-manager.md b/content/includes/dos/dockerfiles/rocky9-ebpf-manager.md index 4aaad1d121..72a55d910a 100644 --- a/content/includes/dos/dockerfiles/rocky9-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/rocky9-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dockerfiles/ubuntu-ebpf-manager.md b/content/includes/dos/dockerfiles/ubuntu-ebpf-manager.md index 9db04c03f4..04bcdd9835 100644 --- a/content/includes/dos/dockerfiles/ubuntu-ebpf-manager.md +++ b/content/includes/dos/dockerfiles/ubuntu-ebpf-manager.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dockerfile diff --git a/content/includes/dos/dos-arbitrator.md b/content/includes/dos/dos-arbitrator.md index 8981917a17..635af2487d 100644 --- a/content/includes/dos/dos-arbitrator.md +++ b/content/includes/dos/dos-arbitrator.md @@ -1,31 +1,32 @@ --- -nd-docs: null +nd-product: F5DOSN nd-files: - content/nap-dos/deployment-guide/kubernetes.md - content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md +- content/nap-dos/deployment-guide/learn-about-deployment.md --- ## F5 DoS for NGINX Arbitrator ### Overview -F5 DoS for NGINX arbitrator orchestrates all the running F5 DoS for NGINX instances to synchronize local/global attack start/stop. +F5 DoS for NGINX Arbitrator orchestrates all running F5 DoS for NGINX instances to synchronize local and global attack start and stop. -F5 DoS for NGINX arbitrator serves as a central coordinating component for managing multiple instances of App Protect DoS in a network. It is needed when there are more than one F5 DoS for NGINX instances. Its primary function is to ensure that all instances are aware of and share the same state for each protected object. Here's a clearer breakdown of how it works and why it's necessary: +F5 DoS for NGINX Arbitrator is a central coordinating component for managing multiple F5 DoS for NGINX instances in a network. It is needed when there is more than one F5 DoS for NGINX instance. Its primary function is to ensure that all instances are aware of and share the same state for each protected object. -How F5 DoS for NGINX Arbitrator Works: +### How the Arbitrator works -- **Collecting State Periodically**: The arbitrator regularly collects the state information from all running instances of App Protect DoS. This collection occurs at set intervals, typically every 10 seconds. -- **State Initialization for New Instances**: When a new App Protect DoS instance is created, it doesn't start with a blank or uninitialized state for a protected object. Instead, it retrieves the initial state for the protected object from the arbitrator. -- **Updating State in Case of an Attack**: If an attack is detected by one of the App Protect DoS instances, that instance sends an attack notification to the arbitrator. The arbitrator then updates the state of the affected protected object to indicate that it is under attack. Importantly, this updated state is propagated to all other instances. +- **Collecting state periodically**: The Arbitrator regularly collects state information from all running F5 DoS for NGINX instances. This collection occurs at set intervals, typically every 10 seconds. +- **State initialization for new instances**: When a new F5 DoS for NGINX instance starts, it retrieves the initial state for each protected object from the Arbitrator rather than starting with an empty state. +- **Updating state during an attack**: When an F5 DoS for NGINX instance detects an attack, it sends a notification to the Arbitrator. The Arbitrator updates the state of the affected protected object and propagates that state to all other instances. -### Why F5 DoS for NGINX Arbitrator is Necessary +### Why F5 DoS for NGINX Arbitrator is necessary F5 DoS for NGINX Arbitrator is essential for several reasons: -- **Global State Management**: Without the arbitrator, each individual instance of App Protect DoS would manage its own isolated state for each protected object. This isolation could lead to inconsistencies. For example, if instance A declared an attack on a protected object named "PO-Example," instance B would remain unaware of this attack, potentially leaving the object vulnerable. -- **Uniform Attack Detection**: With the arbitrator in place, when instance A detects an attack on "PO-Example" and reports it to the arbitrator, the state of "PO-Example" is immediately updated to indicate an attack. This means that all instances, including instance B, are aware of the attack and can take appropriate measures to mitigate it. +- **Global state management**: Without the Arbitrator, each F5 DoS for NGINX instance manages its own isolated state for each protected object. This can lead to inconsistencies. For example, if instance A declares an attack on a protected object named "PO-Example," instance B remains unaware of it, potentially leaving the object vulnerable. +- **Uniform attack detection**: With the Arbitrator, when instance A detects an attack on "PO-Example" and reports it, the Arbitrator updates the state of "PO-Example" and propagates it to all instances, including instance B. -In summary, F5 DoS for NGINX Arbitrator acts as a central coordinator to maintain a consistent and up-to-date global state for protected objects across multiple instances of App Protect DoS. This coordination helps ensure that attacks are properly detected and mitigated, and that knowledge gained by one instance is efficiently shared with others, enhancing the overall security of the network. +F5 DoS for NGINX Arbitrator maintains a consistent global state for protected objects across all F5 DoS for NGINX instances. This ensures attacks are detected and mitigated uniformly across your deployment. ### F5 DoS for NGINX Arbitrator Deployment @@ -49,9 +50,9 @@ In summary, F5 DoS for NGINX Arbitrator acts as a central coordinator to maintai ### Multi-VM Deployment -The Arbitrator service is standalone. Once it is down, it can be seamlessly re-started. It will immediately recover all the needed information from F5 DoS for NGINX instances that communicate to it every 10 sec. It’s downtime is around 10-20 seconds which will not affect the F5 DoS for NGINX working. +The Arbitrator service is standalone. If it goes down, it can be restarted and immediately recovers all required information from F5 DoS for NGINX instances, which report to it every 10 seconds. Its downtime is around 10 to 20 seconds, which does not affect F5 DoS for NGINX operation. -F5 DoS for NGINX Arbitrator service connects to port 3000 and can be seen under App Protect DoS instances. All modules try to connect to this service automatically. If it’s not accessible, each instance works in standalone mode. +F5 DoS for NGINX Arbitrator connects to port 3000. All modules try to connect to it automatically. If it's not accessible, each instance operates in standalone mode. -There is no such option for authentications between F5 DoS for NGINX servers and Arbitrator service like MTLS or password . Currently Arbitrator service is not exposed outside of the namespace. It is customers responsibility to isolate it from outside. It is applicable to any deployment of Arbitrator, not only to multi-VM. +F5 DoS for NGINX does not support mutual TLS (mTLS) or password authentication between DoS servers and the Arbitrator. Arbitrator is not exposed outside the namespace. It is the customer's responsibility to isolate it from external access. This applies to all Arbitrator deployments, not only multi-VM. diff --git a/content/includes/dos/dos-entrypoint.md b/content/includes/dos/dos-entrypoint.md index 8650cdffeb..0d23941e66 100644 --- a/content/includes/dos/dos-entrypoint.md +++ b/content/includes/dos/dos-entrypoint.md @@ -1,5 +1,5 @@ --- -nd-docs: null +nd-product: F5DOSN nd-files: - content/nap-dos/deployment-guide/learn-about-deployment.md - content/nap-dos/deployment-guide/kubernetes.md diff --git a/content/includes/dos/dos-waf-entrypoint.md b/content/includes/dos/dos-waf-entrypoint.md index 593bca48c7..2657eba189 100644 --- a/content/includes/dos/dos-waf-entrypoint.md +++ b/content/includes/dos/dos-waf-entrypoint.md @@ -1,9 +1,7 @@ --- -nd-docs: null +nd-product: F5DOSN nd-files: - content/nap-dos/deployment-guide/learn-about-deployment.md -- content/nap-dos/deployment-guide/kubernetes.md -- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- diff --git a/content/includes/dos/install-post-checks.md b/content/includes/dos/install-post-checks.md index 690da4e047..d96150d22e 100644 --- a/content/includes/dos/install-post-checks.md +++ b/content/includes/dos/install-post-checks.md @@ -1,5 +1,5 @@ --- -nd-docs: null +nd-product: F5DOSN nd-files: - content/nap-dos/deployment-guide/learn-about-deployment.md - content/nap-dos/deployment-guide/kubernetes.md @@ -36,7 +36,7 @@ You can run the following commands to ensure that F5 DoS for NGINX enforcement i 2025/12/07 09:14:34 [notice] 679#679: APP_PROTECT_DOS { "event": "shared_memory_connected", "worker_pid": 679, "mode": "operational", "mode_changed": true } ``` -3. Check that by applying an attack, the attacker IP addresses are blocked while the good traffic pass through: +3. Verify that when you simulate an attack, attacker IP addresses are blocked while legitimate traffic passes through: a. Simulate good traffic: @@ -64,7 +64,7 @@ You can run the following commands to ensure that F5 DoS for NGINX enforcement i done ``` - c. See that the good traffic continue as usual while the attackers receive denial of service. + c. Verify that legitimate traffic continues as usual while the attack traffic is blocked. 4. For DOS with L4 accelerated mitigation enabled diff --git a/content/includes/dos/k8s_arbitrator/appprotect-dos-arb.md b/content/includes/dos/k8s_arbitrator/appprotect-dos-arb.md index 13d30c533c..e23b7befe0 100644 --- a/content/includes/dos/k8s_arbitrator/appprotect-dos-arb.md +++ b/content/includes/dos/k8s_arbitrator/appprotect-dos-arb.md @@ -1,4 +1,5 @@ --- +nd-product: F5DOSN --- ```appprotect-dos-arb.yaml diff --git a/content/includes/dos/k8s_arbitrator/svc-appprotect-dos-arb.md b/content/includes/dos/k8s_arbitrator/svc-appprotect-dos-arb.md index 5938fb99bc..b8516b0323 100644 --- a/content/includes/dos/k8s_arbitrator/svc-appprotect-dos-arb.md +++ b/content/includes/dos/k8s_arbitrator/svc-appprotect-dos-arb.md @@ -1,4 +1,5 @@ --- +nd-product: F5DOSN --- ```svc-appprotect-dos-arb.yaml diff --git a/content/includes/dos/k8s_manifest/dos-deployment.md b/content/includes/dos/k8s_manifest/dos-deployment.md index fb2956c090..8680ee8d33 100644 --- a/content/includes/dos/k8s_manifest/dos-deployment.md +++ b/content/includes/dos/k8s_manifest/dos-deployment.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes.md --- ```dos-deployment.yaml diff --git a/content/includes/dos/k8s_manifest/dos-log-default-configmap.md b/content/includes/dos/k8s_manifest/dos-log-default-configmap.md index 7d1d4848d6..85896beaee 100644 --- a/content/includes/dos/k8s_manifest/dos-log-default-configmap.md +++ b/content/includes/dos/k8s_manifest/dos-log-default-configmap.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes.md --- ```dos-log-default-configmap.yaml diff --git a/content/includes/dos/k8s_manifest/dos-namespace.md b/content/includes/dos/k8s_manifest/dos-namespace.md index 1e91798fc0..4a5cd25dbd 100644 --- a/content/includes/dos/k8s_manifest/dos-namespace.md +++ b/content/includes/dos/k8s_manifest/dos-namespace.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes.md --- ```dos-namespace.yaml diff --git a/content/includes/dos/k8s_manifest/dos-nginx-conf-configmap.md b/content/includes/dos/k8s_manifest/dos-nginx-conf-configmap.md index 5dbc9407fa..6d30f15a0e 100644 --- a/content/includes/dos/k8s_manifest/dos-nginx-conf-configmap.md +++ b/content/includes/dos/k8s_manifest/dos-nginx-conf-configmap.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes.md --- ```dos-nginx-conf-configmap.yaml @@ -61,7 +64,7 @@ data: access_log /var/log/nginx/access.log log_dos if=$loggable; app_protect_dos_security_log_enable on; - app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=10.197.30.219:5261; + app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=:5261; app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json"; location / { diff --git a/content/includes/dos/k8s_manifest/dos-service.md b/content/includes/dos/k8s_manifest/dos-service.md index 65bfdedb00..4c6a3edee4 100644 --- a/content/includes/dos/k8s_manifest/dos-service.md +++ b/content/includes/dos/k8s_manifest/dos-service.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes.md --- ```dos-service.yaml diff --git a/content/includes/dos/k8s_with_ebpf_manifest/dos-deployment.md b/content/includes/dos/k8s_with_ebpf_manifest/dos-deployment.md index ac0101b493..a82a59d111 100644 --- a/content/includes/dos/k8s_with_ebpf_manifest/dos-deployment.md +++ b/content/includes/dos/k8s_with_ebpf_manifest/dos-deployment.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dos-deployment.yaml diff --git a/content/includes/dos/k8s_with_ebpf_manifest/dos-log-default-configmap.md b/content/includes/dos/k8s_with_ebpf_manifest/dos-log-default-configmap.md index 7d1d4848d6..995c8019c4 100644 --- a/content/includes/dos/k8s_with_ebpf_manifest/dos-log-default-configmap.md +++ b/content/includes/dos/k8s_with_ebpf_manifest/dos-log-default-configmap.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dos-log-default-configmap.yaml diff --git a/content/includes/dos/k8s_with_ebpf_manifest/dos-namespace.md b/content/includes/dos/k8s_with_ebpf_manifest/dos-namespace.md index 1e91798fc0..9e700960ab 100644 --- a/content/includes/dos/k8s_with_ebpf_manifest/dos-namespace.md +++ b/content/includes/dos/k8s_with_ebpf_manifest/dos-namespace.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dos-namespace.yaml diff --git a/content/includes/dos/k8s_with_ebpf_manifest/dos-nginx-conf-configmap.md b/content/includes/dos/k8s_with_ebpf_manifest/dos-nginx-conf-configmap.md index 83900f2871..d8414b3787 100644 --- a/content/includes/dos/k8s_with_ebpf_manifest/dos-nginx-conf-configmap.md +++ b/content/includes/dos/k8s_with_ebpf_manifest/dos-nginx-conf-configmap.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dos-nginx-conf-configmap.yaml @@ -62,7 +65,7 @@ data: access_log /var/log/nginx/access.log log_dos if=$loggable; app_protect_dos_security_log_enable on; - app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=10.197.30.219:5261; + app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=:5261; app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json"; location / { diff --git a/content/includes/dos/k8s_with_ebpf_manifest/dos-service.md b/content/includes/dos/k8s_with_ebpf_manifest/dos-service.md index c7c7916fde..3d8d2de8d3 100644 --- a/content/includes/dos/k8s_with_ebpf_manifest/dos-service.md +++ b/content/includes/dos/k8s_with_ebpf_manifest/dos-service.md @@ -1,4 +1,7 @@ --- +nd-product: F5DOSN +nd-files: +- content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md --- ```dos-service.yaml diff --git a/content/nap-dos/deployment-guide/best-practices.md b/content/nap-dos/deployment-guide/best-practices.md index ba1ef81888..0757966a41 100644 --- a/content/nap-dos/deployment-guide/best-practices.md +++ b/content/nap-dos/deployment-guide/best-practices.md @@ -1,14 +1,19 @@ --- -description: F5 DoS for NGINX Best Practices Deployment. -nd-docs: DOCS-666 title: Best Practices +description: "Configure F5 DoS for NGINX using recommended settings for protected objects, monitor directives, and security logging." +keywords: "F5 DoS for NGINX, best practices, configuration, protected object, monitor directive, security log, NGINX configuration" +nd-docs: DOCS-666 toc: true weight: 130 nd-content-type: how-to nd-product: F5DOSN +nd-summary: > + Configure protected objects with unique names, add the monitor directive, and enable security logging to improve detection accuracy and observability. + F5 DoS for NGINX uses protected objects and monitor directives to build a behavioral baseline and identify denial-of-service threats. + These settings apply to any deployment where F5 DoS for NGINX is already installed. --- -This guide shows how to modify your NGINX configuration to enable F5 DoS for NGINX (NGINX App Protect DoS). We will configure F5 DoS For NGINX to protect a proxy server. +This guide shows how to configure F5 DoS for NGINX to protect a proxy server. ## F5 DoS Configuration @@ -19,7 +24,8 @@ load_module modules/ngx_http_app_protect_dos_module.so; ``` ### Enable -Add the directive in the appropriate context, You can set it in location, server, or http blocks: + +Add the directive in the appropriate context. You can set it in `location`, `server`, or `http` blocks: ```nginx app_protect_dos_enable on; @@ -32,7 +38,9 @@ Choose a unique name. You can set it in location, server, or http blocks. app_protect_dos_name po-example; ``` -**Note**: Although optional, we strongly recommend specifying a name for each Protected Object (PO) to improve organization and maintainability. If no name is provided, the virtual server is assigned an auto-generated name using the following syntax: +{{< call-out "note" "Protected Object name" >}} +Although optional, specifying a name for each Protected Object (PO) is strongly recommended. It improves organization and makes troubleshooting easier. If no name is provided, the virtual server gets an auto-generated name using the following syntax: +{{< /call-out >}} ```nginx line_number-server_name:seq-location_name @@ -41,15 +49,15 @@ Example: 30-backend:1-/abc Where: -- `line number:` the line number of the server block (`server {`) in the `nginx.conf` file (i.e. `30`)
-- `server name:` taken from directive `server_name` (i.e. `backend`)
-seq: 0 for server block, increments for each location block. i.e. VS created from server block will have 0 and VS's from location blocks will be 1,2,3,... (i.e. `1`) -- `location name:` the name of the location (i.e. `/abc`) +- `line number` — the line number of the `server {` block in `nginx.conf` (for example, `30`) +- `server name` — taken from the `server_name` directive (for example, `backend`) +- `seq` — `0` for the server block; increments for each location block (`1`, `2`, `3`, …) +- `location name` — the name of the location (for example, `/abc`) -Capacity limits +**Capacity limits** -- Up to 300 Protected Objects in versions up to 4.3
-- Up to 1,000 Protected Objects in versions 4.4 and later
+- Up to 300 Protected Objects in versions up to 4.3 +- Up to 1,000 Protected Objects in versions 4.4 and later ### Set a Monitor directive @@ -62,25 +70,26 @@ app_protect_dos_monitor uri= [protocol=http1|http2|grpc - `uri` is the value of `server_name`, optionally followed by `:port`, and then the location path. Examples: `my_server/`, `example_server:81/abc` -A complete guide on configuring the Monitor Directive can be found here: [Monitor Directive](https://docs.nginx.com/nginx-app-protect-dos/directives-and-policy/learn-about-directives-and-policy/#monitor-directive-app_protect_dos_monitor). +For full configuration details, see [Directives and Policy]({{< ref "/nap-dos/directives-and-policy/learn-about-directives-and-policy.md#monitor-directive-app_protect_dos_monitor" >}}). **Monitor directive best practice** -- Monitor the same virtual host and path that your users hit. Set `uri=` to the `server_name[:port]/path` that matches the `server_name` and `listen` directives, **not** to the upstream IP:port.
- -Examples:
- -For `server_name "my_server"` on port `80` and path `/` (port 80 is default, so it can be omitted): + +- Monitor the same virtual host and path that your users hit. Set `uri=` to the `server_name[:port]/path` that matches the `server_name` and `listen` directives, **not** to the upstream IP:port. + +Examples: + +For `server_name "my_server"` on port `80` and path `/` (port 80 is the default, so it can be omitted): ```nginx app_protect_dos_monitor uri=my_server/; ``` -For `server_name "serv"` on port `81` with location path `/abc`: +For `server_name "serv"` on port `81` with location path `/abc`: ```nginx app_protect_dos_monitor uri=serv:81/abc protocol=http1 timeout=7; ``` - -A full example with upstream:
- + +A full example with upstream: + ```nginx upstream backend { server 10.197.24.136:3000; @@ -105,14 +114,17 @@ A full example with upstream:
} ``` -- Avoid monitors that short-circuit upstreams (for example, `return 200` locally); this will under-estimate stress.
-- Choose `timeout` slightly above your upstream’s p95/p99 latency under normal load, but low enough to react quickly under stress.
-- Monitor traffic originates from `127.0.0.1`. Exclude it from rate and connection limits as needed.
-- Define the monitor inside each protected `location` block.
+- Avoid monitors that short-circuit upstreams (for example, `return 200` locally); this under-estimates stress. +- Set `timeout` slightly above your upstream p95/p99 latency under normal load, but low enough to react quickly under stress. +- Monitor traffic originates from `127.0.0.1`. Exclude it from rate and connection limits as needed. +- Define the monitor inside each protected `location` block. ## Arbitrator -It is required when more than one F5 DoS for NGINX instance is deployed. Its primary function is to ensure that all instances are aware of—and share—the same state for each Protected Object.
-A complete guide on configuring F5 DoS for NGINX Arbitrator be found here: [F5 DoS for NGINX Arbitrator](https://docs.nginx.com/nginx-app-protect-dos/deployment-guide/learn-about-deployment/#f5-dos-for-nginx-arbitrator)
+ +The Arbitrator is required when more than one F5 DoS for NGINX instance is deployed. Its primary function is to ensure all instances share the same state for each Protected Object. + +For configuration details, see [F5 DoS for NGINX Arbitrator]({{< ref "/nap-dos/deployment-guide/learn-about-deployment.md#f5-dos-for-nginx-arbitrator" >}}). + Enable the F5 DoS for NGINX Arbitrator in the `http` context of the `nginx.conf` file: ```nginx @@ -120,17 +132,22 @@ app_protect_dos_arb_fqdn 10.1.10.22; ``` ## EBPF manager + The eBPF Manager is a high-performance component that simplifies and secures the deployment of eBPF (Extended Berkeley Packet Filter) programs for advanced networking use cases. -Enable the L4-accelerated mitigation feature in the http context of the nginx.conf file: + +Enable the L4-accelerated mitigation feature in the `http` context of the `nginx.conf` file: ```nginx app_protect_dos_accelerated_mitigation on; ``` ## ELK Dashboards -ELK stands for Elasticsearch, Logstash, and Kibana. Logstash receives logs from F5 DoS, normalizes them, and stores them in the Elasticsearch index. Kibana allows you to visualize and navigate the logs using purpose-built dashboards.
-A complete guide on configuring ELK can be found here: [F5 DoS for NGINX ELK Dashboards](https://github.com/f5devcentral/nap-dos-elk-dashboards)
-F5 DoS directives should appear in your `nginx.conf` as shown. Replace `ip_kibana` with the hostname of the server running your ELK Docker container:
+ +ELK stands for Elasticsearch, Logstash, and Kibana. Logstash receives logs from F5 DoS for NGINX, normalizes them, and stores them in the Elasticsearch index. Kibana lets you visualize and navigate the logs using purpose-built dashboards. + +For configuration details, see [F5 DoS for NGINX ELK Dashboards](https://github.com/f5devcentral/nap-dos-elk-dashboards). + +F5 DoS directives should appear in your `nginx.conf` as shown. Replace `ip_kibana` with the hostname of the server running your ELK Docker container: ```nginx http { @@ -160,12 +177,13 @@ http { F5 DoS for NGINX provides a range of application monitoring tools: -- F5 DoS for NGINX Dashboard: A dynamic interface for real-time monitoring and detailed views of Protected Objects.
-- F5 DoS for NGINX REST API: An interface that exposes comprehensive metrics for Protected Objects.
+- F5 DoS for NGINX Dashboard: A dynamic interface for real-time monitoring and detailed views of Protected Objects. +- F5 DoS for NGINX REST API: An interface that exposes comprehensive metrics for Protected Objects. + +For configuration details, see [F5 DoS for NGINX Live Activity Monitoring]({{< ref "/nap-dos/monitoring/live-activity-monitoring.md" >}}). -A complete guide on configuring F5 DoS for NGINX Live Activity Monitoring be found here: [F5 DoS for NGINX Live Activity Monitoring](https://docs.nginx.com/nginx-app-protect-dos/monitoring/live-activity-monitoring/)
-Below is an example configuration that limits API location access to the local network using the allow and deny directives, and uses HTTP Basic Authentication to restrict the PATCH, POST, and DELETE methods to specific users.
-To view the dashboard, enter its address in your browser’s address bar.For example, http://192.168.1.23/dashboard-dos.html displays the dashboard page located in `/usr/share/nginx/html`, as specified by the root directive.
+The following example limits API location access to the local network using the `allow` and `deny` directives, and uses HTTP Basic Authentication to restrict `PATCH`, `POST`, and `DELETE` methods to specific users. +To view the dashboard, enter its address in your browser's address bar. For example, `http://192.168.1.23/dashboard-dos.html` displays the dashboard page located in `/usr/share/nginx/html`, as specified by the `root` directive. ```nginx http { @@ -220,14 +238,14 @@ http { access_log /var/log/nginx/access.log log_dos if=$loggable; app_protect_dos_security_log_enable on; - app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=10.197.30.219:5261; + app_protect_dos_security_log "/etc/app_protect_dos/log-default.json" syslog:server=:5261; app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json"; location / { app_protect_dos_enable on; app_protect_dos_name "main_app"; set $loggable '0'; - access_log syslog:server=10.97.30.219:5561 log_dos if=$loggable; + access_log syslog:server=:5561 log_dos if=$loggable; app_protect_dos_monitor uri=example_srv:80/ protocol=http1 timeout=7; proxy_pass http://10.197.24.136:3000; } diff --git a/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md b/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md index 8a4a89217a..3053e1718b 100644 --- a/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md +++ b/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md @@ -1,14 +1,16 @@ --- -description: Install F5 NGINX Plus, F5 WAF & DoS for NGINX Plus on Amazon Web Services - (AWS), to provide sophisticated Layer 7 load balancing, Modern app security solution, - behavioral DoS detection and mitigation that works seamlessly in DevOps environments - for your apps running on AmazonLinux 2023, RHEL, Debian and Ubuntu Linux OS. +title: Install F5 WAF and DoS for NGINX AMIs on Amazon EC2 +description: "Deploy F5 NGINX Plus with F5 WAF for NGINX and F5 DoS for NGINX on Amazon EC2 using pre-built AMIs for Amazon Linux, RHEL, Debian, and Ubuntu." +keywords: "F5 DoS for NGINX, Amazon Web Services, AWS, EC2, AMI, NGINX Plus, F5 WAF for NGINX, Amazon Linux, RHEL, Debian, Ubuntu" nd-docs: DOCS-1204 -title: Installing F5 WAF & DoS for NGINX AMIs on Amazon EC2 toc: true weight: 120 nd-content-type: how-to nd-product: F5DOSN +nd-summary: > + Launch a pre-built AMI from the AWS Marketplace to get F5 NGINX Plus with F5 DoS for NGINX and F5 WAF for NGINX running on Amazon EC2. + AMIs are available for Amazon Linux, RHEL, Debian, and Ubuntu, with NGINX Plus and the protection modules pre-configured for EC2. + You need an AWS account and an active F5 subscription to subscribe to the AMI. --- @@ -51,11 +53,11 @@ To quickly set up an environment with NGINX Plus, F5 WAF for NGINX and F5 DoS fo - [NGINX Plus with F5 WAF & DoS for NGINX Plus – Ubuntu 24.04 Linux AMI HVM](https://aws.amazon.com/marketplace/pp/prodview-pz64pqetwyrhw) - Click the **Continue to Subscribe** button to proceed to the **Launch on EC2** page. + Select **Continue to Subscribe** to go to the **Launch on EC2** page. -3. Select the type of launch by clicking the appropriate tab (1‑Click Launch, **Manual Launch**, or **Service Catalog**). Choose the desired options for billing, instance size, and so on, and click the Accept Software Terms… button. -4. When configuring the firewall rules, add a rule to accept web traffic on TCP ports 80 and 443 (this happens automatically if you launch from the 1-Click Launch tab). -5. As soon as the new EC2 instance launches, NGINX Plus starts automatically and serves a default **index.html** page. To view the page, use a web browser to access the public DNS name of the new instance. You can also check the status of the NGINX Plus server by logging into the EC2 instance and running this command: +3. Select the type of launch by selecting the appropriate tab (**1-Click Launch**, **Manual Launch**, or **Service Catalog**). Choose the desired options for billing, instance size, and so on, then select **Accept Software Terms**. +4. When configuring the firewall rules, add a rule to accept web traffic on TCP ports 80 and 443 (this happens automatically if you launch from the **1-Click Launch** tab). +5. When the new EC2 instance launches, NGINX Plus starts automatically and serves a default **index.html** page. To view the page, go to the public DNS name of the new instance in a browser. To check the status of NGINX Plus, log in to the EC2 instance and run: ```nginx /etc/init.d/nginx status diff --git a/content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md b/content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md index cb38120920..762aae199e 100644 --- a/content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md +++ b/content/nap-dos/deployment-guide/kubernetes-with-L4-accelerated-mitigation..md @@ -1,35 +1,36 @@ --- -# We use sentence case and present imperative tone -title: "Kubernetes with L4 accelerated mitigation" -# Weights are assigned in increments of 100: determines sorting order +title: Kubernetes with L4 accelerated mitigation +description: "Install F5 DoS for NGINX on Kubernetes with L4 accelerated mitigation using eBPF to offload DoS blocking to the Linux kernel." +keywords: "F5 DoS for NGINX, Kubernetes, L4, eBPF, accelerated mitigation, Helm, install, Linux kernel" weight: 110 -# Creates a table of contents and sidebar, useful for large documents toc: true -# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to nd-product: F5DOSN +nd-summary: > + Install F5 DoS for NGINX on Kubernetes with L4 accelerated mitigation using Helm or manifests, ending with a deployment that offloads DoS blocking to the Linux kernel. + The eBPF Manager sidecar intercepts Layer 4 DoS traffic in the kernel, reducing CPU load on the NGINX container compared to a standard deployment. + This deployment requires elevated container privileges; familiarity with Kubernetes security practices is assumed. --- -This page describes how to install F5 DOS for NGINX using Kubernetes with L4 accelerated mitigation service. -By enabling [accelerated-mitigation-directive-app_protect_dos_accelerated_mitigation](https://docs.nginx.com/nginx-app-protect-dos/directives-and-policy/learn-about-directives-and-policy/#accelerated-mitigation-directive-app_protect_dos_accelerated_mitigation) -and running the [DOS EBPF Manager]() as a sidecar container alongside the NGINX container, you can offload Layer 4 DoS mitigation to eBPF programs running in the Linux kernel. This improves mitigation performance and reduces CPU usage on the NGINX container. +This guide explains how to install F5 DoS for NGINX on Kubernetes with L4 accelerated mitigation. By enabling the [`app_protect_dos_accelerated_mitigation`]({{< ref "/nap-dos/directives-and-policy/learn-about-directives-and-policy.md#accelerated-mitigation-directive-app_protect_dos_accelerated_mitigation" >}}) directive and running the DoS eBPF (Extended Berkeley Packet Filter) Manager as a sidecar container alongside the NGINX container, you can offload Layer 4 DoS mitigation to eBPF programs in the Linux kernel. This improves mitigation performance and reduces CPU usage on the NGINX container. -Such with L4 accelerated mitigation require the NGINX and DOS containers to run with elevated privileges, as well as additional Linux capabilities. Therefore, this guide assumes you have a good understanding of Kubernetes security best practices and have taken the necessary steps to secure your cluster accordingly. -The F5 Dos For NGINX require the service to run with [externalTrafficPolicy](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) set to Local in order to preserve the client source IP address for accurate DoS mitigation. -```text +Deployments with L4 accelerated mitigation require the NGINX and DoS containers to run with elevated privileges and additional Linux capabilities. This guide assumes you have a good understanding of Kubernetes security best practices and have secured your cluster accordingly. + +F5 DoS for NGINX requires the service to run with [`externalTrafficPolicy`](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) set to `Local` to preserve the client source IP address for accurate DoS mitigation: + +```yaml spec: externalTrafficPolicy: Local ``` - -It explains the common steps necessary for any Kubernetes-based deployment, then provides details specific to Helm or Manifests. +It covers the common steps for any Kubernetes-based deployment, then provides details specific to Helm or manifests. ## Before you begin -To complete this guide, you will need the following pre-requisites: +Before you start, make sure you have: - A functional Kubernetes cluster -- An active F5 DOS for NGINX subscription (Purchased or trial) +- An active F5 DoS for NGINX subscription (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) To review supported operating systems, read the [Releases]({{< ref "/nap-dos/releases" >}}) topic. diff --git a/content/nap-dos/deployment-guide/kubernetes.md b/content/nap-dos/deployment-guide/kubernetes.md index c6fb634c71..27d3be0422 100644 --- a/content/nap-dos/deployment-guide/kubernetes.md +++ b/content/nap-dos/deployment-guide/kubernetes.md @@ -1,25 +1,25 @@ --- -# We use sentence case and present imperative tone -title: "Kubernetes" -# Weights are assigned in increments of 100: determines sorting order +title: Kubernetes +description: "Install F5 DoS for NGINX on Kubernetes using Helm or manifests to deploy DoS protection as a sidecar container alongside NGINX Plus." +keywords: "F5 DoS for NGINX, Kubernetes, Helm, install, container, Docker, manifest" weight: 100 -# Creates a table of contents and sidebar, useful for large documents toc: true -# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to nd-product: F5DOSN +nd-summary: > + Install F5 DoS for NGINX on Kubernetes using Helm or manifests and have a working deployment that protects your applications against behavioral DoS attacks. + F5 DoS for NGINX runs as a sidecar container alongside NGINX Plus, using real-time traffic analysis to detect and block denial-of-service attacks. + This guide covers the standard Kubernetes deployment; for L4 accelerated mitigation with eBPF, see the separate guide. --- -This page describes how to install F5 DOS for NGINX using Kubernetes. - -It explains the common steps necessary for any Kubernetes-based deployment, then provides details specific to Helm or Manifests. +This guide explains how to install F5 DoS for NGINX on Kubernetes. It covers the common steps for any Kubernetes-based deployment, then provides details specific to Helm or manifests. ## Before you begin -To complete this guide, you will need the following pre-requisites: +Before you start, make sure you have: - A functional Kubernetes cluster -- An active F5 DOS for NGINX subscription (Purchased or trial) +- An active F5 DoS for NGINX subscription (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) To review supported operating systems, read the [Releases]({{< ref "/nap-dos/releases" >}}) topic. diff --git a/content/nap-dos/deployment-guide/learn-about-deployment.md b/content/nap-dos/deployment-guide/learn-about-deployment.md index dc5f3a02fd..4f19511e72 100644 --- a/content/nap-dos/deployment-guide/learn-about-deployment.md +++ b/content/nap-dos/deployment-guide/learn-about-deployment.md @@ -1,21 +1,27 @@ --- -description: Learn about F5 DoS for NGINX Deployment. -nd-docs: DOCS-666 title: Virtual Machine and Docker +description: "Install and upgrade F5 DoS for NGINX on virtual machines, bare metal, and Docker across RHEL, Debian, Ubuntu, Alpine, and Amazon Linux." +keywords: "F5 DoS for NGINX, install, deployment, virtual machine, bare metal, Docker, RHEL, Debian, Ubuntu, Alpine, Amazon Linux" +nd-docs: DOCS-666 toc: true weight: 90 nd-content-type: how-to nd-product: F5DOSN +nd-summary: > + Install or upgrade F5 DoS for NGINX on a virtual machine, bare metal host, or Docker container and have a working deployment protecting your web applications. + F5 DoS for NGINX is a dynamic NGINX Plus module that uses behavioral analysis to detect and mitigate DoS attacks in real time. + Instructions cover RHEL 8, 9, and 10, Rocky Linux, Debian, Ubuntu, Alpine, and Amazon Linux. --- ## Overview -F5 DoS for NGINX provides behavioral protection against DoS for your web applications.

-This guide explains how to deploy F5 DoS for NGINX as well as upgrade App Protect DoS. +F5 DoS for NGINX provides behavioral protection against DoS for your web applications. + +This guide explains how to deploy and upgrade F5 DoS for NGINX. ## Prerequisites -F5 DoS for NGINX is available to the customers as a downloadable dynamic module at an additional cost. To purchase or add F5 DoS for NGINX to an existing NGINX Plus subscription, contact the NGINX sales team. +F5 DoS for NGINX is available to customers as a downloadable dynamic module at an additional cost. To purchase or add F5 DoS for NGINX to an existing NGINX Plus subscription, contact the NGINX sales team. NGINX Plus Release 24 and later supports F5 DoS for NGINX. @@ -36,29 +42,29 @@ F5 DoS for NGINX supports the following operating systems: The F5 DoS for NGINX package has the following dependencies: -1. **nginx-plus-module-appprotectdos** - NGINX Plus dynamic module for App Protect DoS +1. **nginx-plus-module-appprotectdos** - NGINX Plus dynamic module for F5 DoS for NGINX 2. **libcurl** - Software library for HTTP access 3. **zeromq4** - Software library for fast, message-based applications 4. **boost** - The free peer-reviewed portable C++ source libraries 5. **openssl** - Toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocol 6. **libelf** - Software library for ELF access -See the NGINX Plus full list of prerequisites for more details. F5 DoS for NGINX can be installed as a module to an existing NGINX Plus installation or as a complete NGINX Plus with App Protect DoS installation in a clean environment or to a system with F5 WAF for NGINX. +See the NGINX Plus full list of prerequisites for more details. F5 DoS for NGINX can be installed as a module to an existing NGINX Plus installation or as a complete NGINX Plus with F5 DoS for NGINX installation in a clean environment or to a system with F5 WAF for NGINX. {{< call-out "note" >}} - gRPC, HTTP/2 and WebSocket protection require active monitoring of the protected service. The directive `app_protect_dos_monitor` is mandatory for the attack to be detected. -- Monitor directive `app_protect_dos_monitor` with proxy_protocol parameter can not be configured on Ubuntu 18.04. As a result, gRPC and HTTP/2 DoS protection for proxy_protocol configuration is not supported. +- Monitor directive `app_protect_dos_monitor` with the `proxy_protocol` parameter cannot be configured on Ubuntu 18.04. As a result, gRPC and HTTP/2 DoS protection for proxy_protocol configuration is not supported. - Regularly update the Operating System (OS) to avoid known OS vulnerabilities which may impact the service. {{< /call-out >}} ## Platform Security Considerations -When deploying App Protect DoS on NGINX Plus take the following precautions to secure the platform. This avoids the risk of causing a Denial of Service condition or compromising the platform security. +When deploying F5 DoS for NGINX on NGINX Plus take the following precautions to secure the platform. This avoids the risk of causing a Denial of Service condition or compromising the platform security. - Restrict permissions to the files on the F5 DoS for NGINX platform to user **nginx** and group **nginx**, especially for the sensitive areas containing the configuration. - Remove unnecessary remote access services on the platform. -- Configure a Syslog destination on the same machine as App Protect DoS and proxy to an external destination. This avoids eavesdropping and [man-in-the-middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks on the Syslog channel. +- Configure a Syslog destination on the same machine as F5 DoS for NGINX and proxy to an external destination. This avoids eavesdropping and [man-in-the-middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks on the Syslog channel. ## Virtual machine or bare metal Deployment diff --git a/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md b/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md index 397e6ebabe..d9c3b93279 100644 --- a/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md +++ b/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md @@ -1,20 +1,26 @@ --- title: Directives and Policy +description: "Reference for all F5 DoS for NGINX directives and policy configuration options, including syntax, context, defaults, and examples." +keywords: "F5 DoS for NGINX, directives, policy, nginx.conf, app_protect_dos, configuration reference" toc: true weight: 120 nd-docs: DOCS-667 nd-content-type: reference nd-product: F5DOSN +nd-summary: > + Look up the syntax, context, defaults, and examples for every F5 DoS for NGINX directive and configure your deployment accordingly. + F5 DoS for NGINX directives extend nginx.conf with controls for behavioral detection, protected object management, monitor settings, and security logging. --- ## Introduction -NGINX directives are specified in the `nginx.conf` file and are used to configure various modules of NGINX.
-F5 DoS for NGINX has its own set of directives, which follow the same rules as other NGINX directives, and are used to enable and configure its features.
+NGINX directives are specified in the `nginx.conf` file and configure various NGINX modules. -The table below provides a summary of all the F5 DoS for NGINX directives.
+F5 DoS for NGINX has its own set of directives. They follow the same rules as other NGINX directives and enable and configure its features. -While only the first directive is mandatory for enabling F5 DoS for NGINX, it is recommended to use as many directives as possible to leverage the product’s full range of monitoring and application health detection capabilities. After adding these directives, ensure you reload NGINX and check the error log for any errors or warnings.
+The table below summarizes all F5 DoS for NGINX directives. + +Only the first directive is mandatory for enabling F5 DoS for NGINX. Use as many directives as possible to leverage the full range of monitoring and application health detection capabilities. After adding directives, reload NGINX and check the error log for any errors or warnings. ## Directives table Below is a summary of all F5 DoS for NGINX directives. Detailed descriptions of each directive can be found in the following sections. @@ -25,12 +31,12 @@ Below is a summary of all F5 DoS for NGINX directives. Detailed descriptions of |-----------------------------------------------------------------------------------------------------------|----------|----------|--------------|------------|-------------------------------------------------------------------------------------------------------------------------------------| | [app_protect_dos_enable](#enable-directive-app_protect_dos_enable) | [on\|off] | http,
server,
location | Enable/Disable DoS protection | Yes | off | | [app_protect_dos_policy_file](#policy-directive-app_protect_dos_policy_file) | [FILE-PATH] | http,
server,
location | Load DoS configuration from a policy file | No | `/etc/app_protect_dos/BADOSDefaultPolicy.json` | -| [app_protect_dos_name](#service-name-directive-app_protect_dos_name) | [SERVICE-NAME] | http,
server,
location | Name of protected object | No | **line_num-server_name**:*seq*-location_name

(i.e. `30-backend:1-/abc`) | -| [app_protect_dos_monitor](#monitor-directive-app_protect_dos_monitor) | [uri=X] [protocol=Y] [timeout=Z] [proxy_protocol \| proxy_protocol=on\|off] | http,
server,
location | URI to monitor server's stress. Protocol and timeout are optional | Yes, unless its regular http1 traffic | uri - None
protocol - http1
timeout - 10 seconds for http1/websocket ; 5 seconds for http2/grpc
proxy_protocol - off | +| [app_protect_dos_name](#service-name-directive-app_protect_dos_name) | [SERVICE-NAME] | http,
server,
location | Name of protected object | No | **line_num-server_name**:*seq*-location_name

(for example, `30-backend:1-/abc`) | +| [app_protect_dos_monitor](#monitor-directive-app_protect_dos_monitor) | [uri=X] [protocol=Y] [timeout=Z] [proxy_protocol \| proxy_protocol=on\|off] | http,
server,
location | URI to monitor server stress. Protocol and timeout are optional | Yes, unless it is regular HTTP/1.1 traffic | uri - None
protocol - http1
timeout - 10 seconds for http1/websocket ; 5 seconds for http2/grpc
proxy_protocol - off | | [app_protect_dos_security_log_enable](#security-log-enable-directive-app_protect_dos_security_log_enable) | [on\|off] | http,
server,
location | Enable/Disable security logger | No | off | | [app_protect_dos_security_log](#security-log-directive-app_protect_dos_security_log) | [LOG-CONFIG-FILE] [DESTINATION] | http,
server,
location | Security logger configuration. Second argument:
"syslog:server={ip}:{port}" or
"stderr" or
"{absolute_file_path}" | No | `/etc/app_protect_dos/log-default.json stderr` | -| [app_protect_dos_liveness](#liveness-probe-directive-app_protect_dos_liveness) | [on\|off] [uri:URI] [port:PORT] | http | Liveness prob. Second and third arguments are optional | No | `off uri:/app_protect_dos_liveness port:8090` | -| [app_protect_dos_readiness](#readiness-probe-directive-app_protect_dos_readiness) | [on\|off] [uri:URI] [port:PORT] | http | Readiness prob. Second and third arguments are optional | No | `off uri:/app_protect_dos_readiness port:8090` | +| [app_protect_dos_liveness](#liveness-probe-directive-app_protect_dos_liveness) | [on\|off] [uri:URI] [port:PORT] | http | Liveness probe. Second and third arguments are optional | No | `off uri:/app_protect_dos_liveness port:8090` | +| [app_protect_dos_readiness](#readiness-probe-directive-app_protect_dos_readiness) | [on\|off] [uri:URI] [port:PORT] | http | Readiness probe. Second and third arguments are optional | No | `off uri:/app_protect_dos_readiness port:8090` | | [app_protect_dos_arb_fqdn](#arbitrator-fqdn-directive-app_protect_dos_arb_fqdn) | [FQDN\|IP address] | http | Arbitrator FQDN/IP address | No | `svc-appprotect-dos-arb` | | [app_protect_dos_api](#api-directive-app_protect_dos_api) | No arguments | location | Monitoring via Rest API (also includes the dashboard) | No | off | | [app_protect_dos_accelerated_mitigation](#api-directive-app_protect_dos_api) | [on\|off] [syn_drop=on\|off]| http | Enable/Disable L4 accelerated mitigation. Second argument is optional | No | off syn_drop=off | @@ -43,7 +49,7 @@ Below is a summary of all F5 DoS for NGINX directives. Detailed descriptions of ### Enable directive (`app_protect_dos_enable`) -Enables/disables App Protect DoS module in the relevant block/s.
+Enables or disables the F5 DoS for NGINX module in the relevant contexts. It can be written in the following contexts: `location/server/http`. The derived blocks/contexts also inherit the directive. @@ -117,20 +123,20 @@ app_protect_dos_policy_file /etc/app_protect_dos/BADOSPolicy.json; ### Service Name directive (`app_protect_dos_name`) -This is the Protected Object (VS) name, which should be unique and is used to identify the Protected Object in the logs.
-It can be utilized within `location`, `server`, and `http` blocks.
-
-Directive is optional. If not written, then each protected object (VS) will have an auto-generated name according to the following syntax: +This is the Protected Object (VS) name, which should be unique and identifies the Protected Object in the logs. +It can be utilized within `location`, `server`, and `http` blocks. + +Directive is optional. If not written, each protected object (VS) gets an auto-generated name with the following syntax: `line_number-server_name:seq-location_name` **For example:** `30-backend:1-/abc` -- `line number:` the line number of the server block (`server {`) in the `nginx.conf` file (i.e. `30`)
-- `server name:` taken from directive `server_name` (i.e. `backend`)
-seq: 0 for server block, increments for each location block. i.e. VS created from server block will have 0 and VS's from location blocks will be 1,2,3,... (i.e. `1`) -- `location name:` the name of the location (i.e. `/abc`) +- `line number` — the line number of the server block (`server {`) in the `nginx.conf` file (for example, `30`) +- `server name` — taken from directive `server_name` (for example, `backend`) +- `seq` — `0` for the server block; increments for each location block (for example, `1`) +- `location name` — the name of the location (for example, `/abc`) F5 DoS for NGINX supports up to 300 Protected Objects for versions up to 4.3, and 1,000 Protected Objects in version 4.4 and above.

@@ -258,7 +264,7 @@ location /app/ { ### Security log enable directive (`app_protect_dos_security_log_enable`) -Enable/Disable App Protect DoS security logger. It can be used in `location/server/http` blocks. +Enable or disable the F5 DoS for NGINX security logger. It can be used in `location/server/http` blocks. Directive is optional. If not written, then logger is disabled. @@ -271,13 +277,13 @@ app_protect_dos_security_log_enable on; This directive has two string arguments. -First argument is the configuration file path, i.e. `/etc/app_protect_dos/log-default.json`. +First argument is the configuration file path (for example, `/etc/app_protect_dos/log-default.json`). -Second argument is the destination (the location which the events will be sent to). The destination can be one of three options: +Second argument is the destination where events are sent. The destination can be one of three options: -- `syslog:server={ip}:{port}`, i.e. `syslog:server=1.2.3.4:3000` +- `syslog:server={ip}:{port}` (for example, `syslog:server=1.2.3.4:3000`) - `stderr` (**default**) -- `{absolute_file_path}`, i.e. `/shared/dos_sec_logger.log` +- `{absolute_file_path}` (for example, `/shared/dos_sec_logger.log`) Implemented according to: [F5 DoS for NGINX Security Log]({{< ref "/nap-dos/monitoring/security-log.md" >}}) @@ -438,7 +444,7 @@ This directive is used to enable the App Protect DoS monitoring capability via R The REST API interface provides extended metrics information of the Protected Objects. It can be used by sending REST API requests manually or by using the App Protect DoS dashboard page. -For more information refer to [F5 DoS for NGINX Live Activity Monitoring]({{< ref "/nap-dos/monitoring/live-activity-monitoring.md" >}}) +For more information, see [F5 DoS for NGINX Live Activity Monitoring]({{< ref "/nap-dos/monitoring/live-activity-monitoring.md" >}}) **Example:** @@ -462,7 +468,7 @@ For more information refer to [F5 DoS for NGINX Live Activity Monitoring]({{< re ### Accelerated mitigation directive (`app_protect_dos_accelerated_mitigation`) -This directive is used to enable or disable App Protect DoS L4 accelerated mitigation.
+This directive enables or disables L4 accelerated mitigation for F5 DoS for NGINX. syn_drop is an optional parameter; the default value is "off".
syn_drop=on mode is applicable for plane HTTP services or HTTPS when the `tls_fingerprint` feature is disabled. Refer to policy parameter "tls_fingerprint" in [Policy directive](#policy-directive-app_protect_dos_policy_file). diff --git a/content/nap-dos/monitoring/types-of-logs.md b/content/nap-dos/monitoring/types-of-logs.md index 3a1d9de4d6..6f570a1023 100644 --- a/content/nap-dos/monitoring/types-of-logs.md +++ b/content/nap-dos/monitoring/types-of-logs.md @@ -1,19 +1,23 @@ --- -description: Learn about the F5 DoS for NGINX Logs Overview. +title: Logs overview +description: "Overview of the four log types in F5 DoS for NGINX: security, operation, request, and debug logs, with configuration and destination options." +keywords: "F5 DoS for NGINX, logs, security log, operation log, request log, debug log, monitoring, logging" nd-docs: DOCS-671 -title: Logs Overview toc: true weight: 130 -nd-content-type: how-to +nd-content-type: reference nd-product: F5DOSN +nd-summary: > + Identify which log type covers your monitoring or troubleshooting need and configure where each log is written. + F5 DoS for NGINX generates four log types—security, operation, request, and debug—each capturing a different aspect of traffic handling and system behavior. --- -There are 4 types of logs corresponding to App Protect DoS: +F5 DoS for NGINX has four log types: -- [Security Log](#security-log): The general picture of the site and how App Protect DoS processed it, including anomalies and signatures found. -- [Operation Log](#operation-log): Events such as configuration errors or warnings. -- [Request Logging](#request-log): F5 DoS for NGINX adds information to each request logged to NGINX's access logging mechanism. -- [Debug Logs](#debug-log): Technical messages at different levels of severity used to debug and resolve incidents and error behaviors. +- [Security log](#security-log): The overall picture of the site and how F5 DoS for NGINX processed it, including anomalies and signatures found. +- [Operation log](#operation-log): Events such as configuration errors or warnings. +- [Request log](#request-log): Per-request information added to the NGINX access log. +- [Debug log](#debug-log): Technical messages at different severity levels used to debug and resolve issues. {{< call-out "note" >}} NGINX does not have audit logs in the sense of *"**who** did **what**"*. This can be done either from the orchestration system controlling NGINX (such as NGINX Controller) or by tracking the configuration files and the systemd invocations using Linux tools. @@ -26,36 +30,41 @@ NGINX does not have audit logs in the sense of *"**who** did **what**"*. This ca | Debug | Log file name is the redirection in the invocation of the `admd` command line in the start script | Global (not part of `nginx.conf`)|Yes. Log file is in /var/log/adm/admd.log directory. There is currently no file rotation capability available for this log.| No | | Operation | `error_log` directive, part of core NGINX | `nginx.conf` - global | Yes, NGINX error log | Yes, NGINX error log | |Request |NGINX has two directives for the access log:
- **access_log** - to turn [on\|off]
- **log_format** - to specify the required information regarding each request

F5 DoS for NGINX has several variables that can be added to the log_format directive, such as $app_protect_dos_outcome.

For more information refer to [F5 DoS for NGINX Access Log]({{< ref "/nap-dos/monitoring/access-log.md" >}}) | `nginx.conf` - global| Yes, NGINX access log | Yes, NGINX access log | -| Security | F5 DoS for NGINX has two directives in `nginx.conf`:
- app_protect_dos_security_log_enable to turn logging [on\|off]
- app_protect_dos_security_log to set it's logging configuration and destination

For more information refer:
- **Configuration**: [App Protect DoS - Directives and Policy]({{< ref "/nap-dos/directives-and-policy/learn-about-directives-and-policy.md">}})
- **Usage**: [F5 DoS for NGINX - Security Log]({{< ref "/nap-dos/monitoring/security-log.md" >}}) | `nginx.conf`: http, server, location | Yes, either stderr, or an absolute path to a local file are supported | Yes | +| Security | F5 DoS for NGINX has two directives in `nginx.conf`:
- `app_protect_dos_security_log_enable` to turn logging on or off
- `app_protect_dos_security_log` to set its logging configuration and destination

For more information see:
- **Configuration**: [Directives and Policy]({{< ref "/nap-dos/directives-and-policy/learn-about-directives-and-policy.md">}})
- **Usage**: [F5 DoS for NGINX Security Log]({{< ref "/nap-dos/monitoring/security-log.md" >}}) | `nginx.conf`: http, server, location | Yes — either stderr or an absolute file path | Yes | {{}} -## Security Log - The security logs contain information about the status of the protected objects. It gives a general picture about each protected object in terms of traffic intensity, health of the backend server, learning and mitigations. For more information refer to [F5 DoS for NGINX Security Log]({{< ref "/nap-dos/monitoring/security-log.md" >}}) documentation. +## Security log -## Operation Log - The operation logs consists of system operational and health events. The events are sent to the NGINX error log and are distinguished by the `APP_PROTECT_DOS` prefix followed by JSON body. The log level depends on the event: success is usually indicated by `notice`, while failure is indicated by `error`. The timestamp is inherent in the error log. For more information refer to [App Protect DoS Operation Log]({{< ref "/nap-dos/monitoring/operation-log.md" >}}) documentation. +The security log contains information about protected objects: traffic intensity, backend health, learning progress, and active mitigations. For more information, see [F5 DoS for NGINX Security Log]({{< ref "/nap-dos/monitoring/security-log.md" >}}). -## Request Log - Access log is NGINX’s request log mechanism. It is controlled by two directives. +## Operation log + +The operation log contains system operational and health events. Events are sent to the NGINX error log with the `APP_PROTECT_DOS` prefix followed by a JSON body. The log level depends on the event: success is usually `notice`; failure is `error`. The timestamp comes from the error log. For more information, see [Operation Log]({{< ref "/nap-dos/monitoring/operation-log.md" >}}). + +## Request log + +The request log uses NGINX's access log mechanism. Two directives control it. ### log_format - This directive determines the format of the log messages using predefined variables. App Protect DoS will enrich this set of variables with several security log attributes that are available to be included in the `log_format`. If `log_format` is not specified then the built-in format `combined` is used but, because that format does not include the extended App Protect DoS variables, this directive must be used when the user wants to add App Protect DoS information to the log. + +This directive sets the format of log messages using predefined variables. F5 DoS for NGINX adds security log attributes to this set. If `log_format` is not specified, the built-in `combined` format is used. Because `combined` does not include F5 DoS for NGINX variables, use this directive when you want to include them. ### access_log -This directive determines the destination of the `access_log` and the name of the format. The default is the file `/var/log/nginx/access.log` using the combined format. In order to use the custom format that includes the F5 DoS for NGINX variables, use this directive with the name of the desired format. -### App Protect DoS Variables -These are the variables added to Access Log. They are a subset of the Security log attributes. The Security log names are prefixed with `$app_protect_dos`.
For more information refer to [F5 DoS for NGINX Access Log]({{< ref "/nap-dos/monitoring/access-log.md" >}}) +This directive sets the destination of the access log and the format to use. The default is `/var/log/nginx/access.log` using the `combined` format. To use a custom format that includes F5 DoS for NGINX variables, specify the format name in this directive. + +### F5 DoS for NGINX variables + +These variables are added to the access log. They are a subset of the security log attributes and are prefixed with `$app_protect_dos`. For more information, see [F5 DoS for NGINX Access Log]({{< ref "/nap-dos/monitoring/access-log.md" >}}). -## Debug Log -The F5 DoS for NGINX Debug log is used to troubleshoot the functionality of the product.
+## Debug log -The path of the log is at a fixed location: `/var/log/adm/admd.log`. +Use the debug log to troubleshoot F5 DoS for NGINX. The log is always at `/var/log/adm/admd.log`. -There are several log levels - `error`, `warning`, `info` and `debug`. The default is `info`. +Available log levels are `error`, `warning`, `info`, and `debug`. The default is `info`. -In order to change the log level at run time, the following command can be called: +To change the log level at runtime, run: ```shell admd -l DEBUG_LEVEL @@ -65,11 +74,11 @@ admd -l DEBUG_LEVEL `nginx.conf` does not refer to the F5 DoS for NGINX debug log configuration neither directly nor indirectly. {{< /call-out >}} -## NGINX Error log +## NGINX error log -The NGINX Error log is used to troubleshoot the configuration portion of F5 DoS for NGINX. +Use the NGINX error log to troubleshoot the configuration of F5 DoS for NGINX. -The file is called `error.log` and its path and debug level is determined in `nginx.conf` by the directive `error_log`.
+The file is `error.log`. Its path and debug level are set in `nginx.conf` by the `error_log` directive. For example: diff --git a/content/nap-dos/releases/about-4.9.md b/content/nap-dos/releases/about-4.9.md index ab5eddacdc..d780f66cd5 100644 --- a/content/nap-dos/releases/about-4.9.md +++ b/content/nap-dos/releases/about-4.9.md @@ -1,15 +1,18 @@ --- title: F5 DoS for NGINX 4.9 +description: "Release notes for F5 DoS for NGINX 4.9, including new platform support for Debian 13, RHEL 10, Rocky Linux 10, and NGINX Plus R37." +keywords: "F5 DoS for NGINX, release notes, 4.9, Debian 13, RHEL 10, Rocky Linux 10, NGINX Plus R37" toc: true weight: 30 nd-docs: DOCS-1783 nd-content-type: reference nd-product: F5DOSN +nd-summary: > + Review what changed in F5 DoS for NGINX 4.9 and check whether your platform and NGINX Plus version are supported. + Version 4.9 adds support for Debian 13, RHEL 10, Rocky Linux 10, and NGINX Plus R37, and includes bug fixes. --- -Here you can find the release information for F5 DoS for NGINX v4.9 - -F5 DoS for NGINX provides behavioral protection against Denial of Service (DoS) for your web applications. +F5 DoS for NGINX provides behavioral protection against Denial of Service (DoS) attacks for your web applications. ## Release 4.9 @@ -17,10 +20,10 @@ December 1, 2025 ### New features -- R37 support -- Add support for Debian 13 (Trixie) -- Add support for RHEL 10 and Rocky Linux 10 -- Bugs fixing +- NGINX Plus R37 support +- Debian 13 (Trixie) support +- RHEL 10 and Rocky Linux 10 support +- Bug fixes ### Supported packages diff --git a/content/nap-dos/troubleshooting/how-to-troubleshoot.md b/content/nap-dos/troubleshooting/how-to-troubleshoot.md index 123f805227..e0015d29f9 100644 --- a/content/nap-dos/troubleshooting/how-to-troubleshoot.md +++ b/content/nap-dos/troubleshooting/how-to-troubleshoot.md @@ -1,16 +1,20 @@ --- -description: Learn about the F5 DoS for NGINX Troubleshooting Guide. +title: Troubleshoot F5 DoS for NGINX +description: "Resolve common F5 DoS for NGINX configuration problems, SELinux issues, and log collection for support." +keywords: "F5 DoS for NGINX, troubleshooting, SELinux, configuration errors, support, ELK, debug" nd-docs: DOCS-675 -title: Troubleshooting Guide toc: true weight: 200 nd-content-type: how-to nd-product: F5DOSN +nd-summary: > + Diagnose and resolve common F5 DoS for NGINX problems using the configuration reference table, SELinux steps, and log collection guidance. + F5 DoS for NGINX exposes security, operation, request, and debug logs that you can use to isolate and fix most configuration and runtime issues. --- ## Overview -This Troubleshooting Guide is intended to provide guidance to customers in the detection and correction of programming issues in F5 DoS for NGINX. It may also be useful to IT. +Use this guide to diagnose and resolve issues with F5 DoS for NGINX. ## Resolving Known Problems @@ -20,14 +24,14 @@ This Troubleshooting Guide is intended to provide guidance to customers in the d |Problem|Solution| |-------|--------| -| NGINX is not running (ps -aux)

Reloading NGINX fails| Check the error log at `/var/log/nginx/error.log`.
Fix the problem and re-run NGINX.| -| No original source IP in logs|1. XFF is not configured (or not configured correctly)
2. External Load Balancer doesn't forward XFF | +| NGINX is not running (`ps aux`)

Reloading NGINX fails| Check the error log at `/var/log/nginx/error.log`.
Fix the problem and restart NGINX.| +| No original source IP in logs|1. X-Forwarded-For (XFF) is not configured (or not configured correctly)
2. External Load Balancer does not forward XFF | | F5 DoS for NGINX functionality is not as expected| F5 DoS for NGINX has several logs which can be used for troubleshooting.
Usually, it is best to look for any warning or error messages within the logs.
Refer to [Logs Overview]({{< ref "/nap-dos/monitoring/types-of-logs.md">}})| | `Too many open files` error message | Increase number of file descriptors.
For example: `worker_rlimit_nofile 65535;` in the main context of `nginx.conf` file.
Refer to [worker_rlimit_nofile directive](https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile) | | `setrlimit ... failed (Permission denied)` error message | Increase the limit using the following command as the root user:
`setsebool -P httpd_setrlimit 1;`
Refer to [Issue 4: Too many files are open Error](https://www.f5.com/company/blog/nginx/using-nginx-plus-with-selinux/) | | More protected objects than expected | The `app_protect_dos_enable` directive is inherited by all server and location blocks beneath it, each block will be a protected object.
Consider moving this directive from outer to inner block.
Refer to: [F5 DoS for NGINX - Directives and Policy]({{< ref "/nap-dos/directives-and-policy/learn-about-directives-and-policy.md" >}}) | | `No DOS protection for ngx_worker at idx X` warning message | There are more nginx processes than allowed.
Either decrease the number of nginx processes (ngx_processes directive in `nginx.conf` file) or increase the number of supported workers for F5 DoS for NGINX using the flag `--max-workers NUM` for `/usr/bin/adminstall`. | -| `unknown directive 'app_protect_dos_xxx'` error message | App Protect DOS module is not loaded. Add this line to the main (global) context of nginx.conf:
`load_module "/etc/nginx/modules/ngx_http_app_protect_dos_module.so";` | +| `unknown directive 'app_protect_dos_xxx'` error message | The F5 DoS for NGINX module is not loaded. Add this line to the main (global) context of nginx.conf:
`load_module "/etc/nginx/modules/ngx_http_app_protect_dos_module.so";` | | NGINX struggles handling a high rate of incoming connections | Linux machine should be tuned for optimal performance.
Refer to [Tuning NGINX for Performance](https://www.f5.com/company/blog/nginx/tuning-nginx) | | Error in `adminstall` process, such as `Failed to allocate` | Insufficient memory to allocate all the required resources.
Increase the `--memory` size or decrease the number of nginx workers (`--max_workers`) if not all of them are going to be in use.
Use the `--help` flag for more info. | @@ -35,7 +39,7 @@ This Troubleshooting Guide is intended to provide guidance to customers in the d ### ELK issues -ELK issues are addressed directly in GitHub by posting the issue to Kibana dashboards for [F5 DoS for NGINX GitHub repo](https://github.com/f5devcentral/nap-dos-elk-dashboards). +ELK (Elasticsearch, Logstash, and Kibana) issues are addressed directly in GitHub by posting the issue to Kibana dashboards for [F5 DoS for NGINX GitHub repo](https://github.com/f5devcentral/nap-dos-elk-dashboards). ### SELinux @@ -71,7 +75,7 @@ Add all the missing commands to the nginx.te file and repeat the SELinux configu semanage permissive -d httpd_t ``` -For more information about how to use NGINX Plus with SELinux - check our [blog](https://www.f5.com/company/blog/nginx/using-nginx-plus-with-selinux/) +For more information about using NGINX Plus with SELinux, see the [NGINX Plus with SELinux blog post](https://www.f5.com/company/blog/nginx/using-nginx-plus-with-selinux/). ### Send Logs to Support diff --git a/content/nginx-one-console/waf-integration/waf-security-dashboard/_index.md b/content/nginx-one-console/waf-integration/waf-security-dashboard/_index.md index 629a34bdfb..b24f1c4aea 100644 --- a/content/nginx-one-console/waf-integration/waf-security-dashboard/_index.md +++ b/content/nginx-one-console/waf-integration/waf-security-dashboard/_index.md @@ -1,8 +1,12 @@ --- title: F5 WAF for NGINX security monitoring -description: Monitor F5 WAF for NGINX security events in NGINX One Console. +description: Monitor F5 WAF for NGINX security events in NGINX One Console using the security dashboard to review attacks, violations, and triggered signatures. +nd-keywords: "F5 WAF for NGINX, security monitoring, NGINX One Console, security dashboard, security events, violations, signatures" weight: 425 url: /nginx-one-console/waf-integration/waf-security-dashboard +nd-summary: > + Use this section to find guides for setting up, managing, and querying F5 WAF for NGINX security events in NGINX One Console. + Security monitoring in NGINX One Console collects WAF events from NGINX Plus instances and surfaces them through a dashboard and an analytics API. --- Use the security monitoring module in NGINX One Console to collect, visualize, and query security events from F5 WAF for NGINX running on NGINX Plus instances. Review attacks, violations, and triggered signatures to assess threats and fine-tune your policies. diff --git a/content/nic/install/license-secret.md b/content/nic/install/license-secret.md index d1f0ccf59c..468817936b 100644 --- a/content/nic/install/license-secret.md +++ b/content/nic/install/license-secret.md @@ -1,23 +1,24 @@ --- title: Create a license Secret +description: "Create and configure a Kubernetes Secret containing the JWT license for F5 NGINX Ingress Controller." +keywords: "NGINX Ingress Controller, license, JWT, Kubernetes Secret, telemetry, subscription" toc: true weight: 300 nd-content-type: how-to nd-product: INGRESS nd-docs: DOCS-1860 +nd-summary: > + Create a Kubernetes Secret containing your JWT to license F5 NGINX Ingress Controller and enable image downloads from the F5 registry. + The JWT validates your subscription and reports telemetry to the F5 licensing endpoint directly for internet-connected environments, or through NGINX Instance Manager for offline deployments. --- -This document explains how to create and use a license secret for F5 NGINX Ingress Controller. +## Overview -# Overview +F5 NGINX Ingress Controller requires a valid JWT to download the container image from the F5 registry. From version 4.0.0, this JWT is also required to run NGINX Plus. -NGINX Plus Ingress Controller requires a valid JSON Web Token (JWT) to download the container image from the F5 registry. From version 4.0.0, this JWT token is also required to run NGINX Plus. +The JWT validates your subscription and reports telemetry data. For internet-connected environments, telemetry is sent automatically to the F5 licensing endpoint. In offline environments, telemetry is routed through [NGINX Instance Manager]({{< ref "/nim/" >}}). By default, usage is reported every hour and whenever NGINX is reloaded. -This requirement is part of F5’s broader licensing program and aligns with industry best practices. The JWT will streamline subscription renewals and usage reporting, helping you manage your NGINX Plus subscription more efficiently. The [telemetry](#telemetry) data we collect helps us improve our products and services to better meet your needs. - -The JWT is required for validating your subscription and reporting telemetry data. For environments connected to the internet, telemetry is automatically sent to F5’s licensing endpoint. In offline environments, telemetry is routed through [NGINX Instance Manager]({{< ref "/nim/" >}}). By default usage is reported every hour and also whenever NGINX is reloaded. - -{{< call-out "note" >}} Read the [subscription licenses topic]({{< ref "/solutions/about-subscription-licenses.md#for-internet-connected-environments" >}}) for a list of IPs associated with F5's licensing endpoint (`product.connect.nginx.com`). {{< /call-out >}} +{{< call-out "note" >}} Read the [subscription licenses topic]({{< ref "/solutions/about-subscription-licenses/getting-started.md#internet-connected" >}}) for a list of IPs associated with F5's licensing endpoint (`product.connect.nginx.com`). {{< /call-out >}} ## Set up your NGINX Plus license