diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 3d6f1daf8..f08087005 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -22,10 +22,10 @@
# NGINX Agent
content/nginx/nms/agent/* @nginx/nginx-agent
-# NGINX App Protect DoS
+# F5 DoS for NGINX
content/nap-dos/* @nginx/dos-docs-approvers
-# NGINX App Protect WAF
+# F5 WAF for NGINX
content/nap-waf/* @nginx/nap-docs-approvers
data/nap-waf/* @nginx/nap-docs-approvers
diff --git a/cloudcannon.config.yml b/cloudcannon.config.yml
index 8aa064275..20e3bc41a 100644
--- a/cloudcannon.config.yml
+++ b/cloudcannon.config.yml
@@ -88,8 +88,8 @@ collections_config:
nap_dos:
path: content/nap-dos
output: true
- name: NGINX App Protect DoS
- description: Documentation for NGINX App Protect DoS
+ name: F5 DoS for NGINX
+ description: Documentation for F5 DoS for NGINX
parse_branch_index: false
icon: notes
preview:
@@ -132,8 +132,8 @@ collections_config:
nap_waf:
path: content/nap-waf
output: true
- name: NGINX App Protect WAF
- description: Documentation for NGINX App Protect WAF.
+ name: F5 WAF for NGINX
+ description: Documentation for F5 WAF for NGINX.
parse_branch_index: false
icon: notes
preview:
diff --git a/content/controller/admin-guides/install/install-for-controller.md b/content/controller/admin-guides/install/install-for-controller.md
index bd104db9f..8d3b6e493 100644
--- a/content/controller/admin-guides/install/install-for-controller.md
+++ b/content/controller/admin-guides/install/install-for-controller.md
@@ -1,8 +1,8 @@
---
-description: Take the steps in this guide to deploy F5 NGINX App Protect WAF as a
+description: Take the steps in this guide to deploy F5 F5 WAF for NGINX as a
datapath instance for use with NGINX Controller.
nd-docs: DOCS-645
-title: Using NGINX App Protect WAF with NGINX Controller
+title: Using F5 WAF for NGINX with NGINX Controller
toc: true
weight: 500
type:
@@ -13,12 +13,12 @@ type:
## Setup
-Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/admin-guide/install#prerequisites" >}}), [Platform Security Considerations]({{< ref "/nap-waf/v4/admin-guide/install#platform-security-considerations" >}}) and [User Permissions]({{< ref "/nap-waf/v4/admin-guide/install#user-permissions" >}}) sections of the NGINX App Protect WAF Admin Guide.
+Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/admin-guide/install#prerequisites" >}}), [Platform Security Considerations]({{< ref "/nap-waf/v4/admin-guide/install#platform-security-considerations" >}}) and [User Permissions]({{< ref "/nap-waf/v4/admin-guide/install#user-permissions" >}}) sections of the F5 WAF for NGINX Admin Guide.
-## Install NGINX App Protect WAF
+## Install F5 WAF for NGINX
-**Note:** If a version of NGINX App Protect WAF prior to 3.6 is required, please contact the NGINX Sales team to assist with this configuration.
+**Note:** If a version of F5 WAF for NGINX prior to 3.6 is required, please contact the NGINX Sales team to assist with this configuration.
{{}}
@@ -66,19 +66,19 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo
```
-8. Add NGINX App Protect WAF repository by downloading the file app-protect-7.repo to /etc/yum.repos.d:
+8. Add F5 WAF for NGINX repository by downloading the file app-protect-7.repo to /etc/yum.repos.d:
```shell
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-7.repo
```
-9. If NGINX Plus or NGINX App Protect WAF was previously installed on the system, clean up package manager cache information:
+9. If NGINX Plus or F5 WAF for NGINX was previously installed on the system, clean up package manager cache information:
```shell
sudo yum clean all
```
-10. Install the latest NGINX App Protect WAF package.
+10. Install the latest F5 WAF for NGINX package.
**See Also:** Please refer to [NGINX App Protect Compatibility Matrix]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#nginx-app-protect-compatibility-matrix" >}}) for specific version compatibility.
@@ -94,7 +94,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
sudo nginx -v
```
-12. Configure SELinux as appropriate per your organization’s security policies. NGINX App Protect WAF applies the prebuilt SELinux policy module during the installation. If you encounter any issues, check the [Troubleshooting Guide]({{< ref "/nap-waf/v4/troubleshooting-guide/troubleshooting#selinux" >}}).
+12. Configure SELinux as appropriate per your organization’s security policies. F5 WAF for NGINX applies the prebuilt SELinux policy module during the installation. If you encounter any issues, check the [Troubleshooting Guide]({{< ref "/nap-waf/v4/troubleshooting-guide/troubleshooting#selinux" >}}).
**Note:** NGINX Controller has specific [requirements regarding SELinux configuration]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#supported-distributions" >}}).
@@ -171,7 +171,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo
```
-8. Add NGINX App Protect WAF repository by downloading the file app-protect-7.repo to /etc/yum.repos.d:
+8. Add F5 WAF for NGINX repository by downloading the file app-protect-7.repo to /etc/yum.repos.d:
```shell
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/app-protect-7.repo
@@ -204,13 +204,13 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
gpgkey=http://ftp.heanet.ie/pub/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
```
-10. If NGINX Plus or NGINX App Protect WAF was previously installed on the system, clean up package manager cache information:
+10. If NGINX Plus or F5 WAF for NGINX was previously installed on the system, clean up package manager cache information:
```shell
sudo yum clean all
```
-11. Install the latest NGINX App Protect WAF package.
+11. Install the latest F5 WAF for NGINX package.
**See Also:** Please refer to [NGINX App Protect Compatibility Matrix]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#nginx-app-protect-compatibility-matrix" >}}) for specific version compatibility.
@@ -226,7 +226,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
sudo nginx -v
```
-13. Configure SELinux as appropriate per your organization’s security policies. NGINX App Protect WAF applies the prebuilt SELinux policy module during the installation. If you encounter any issues, check the [Troubleshooting Guide]({{< ref "/nap-waf/v4/troubleshooting-guide/troubleshooting#selinux" >}}).
+13. Configure SELinux as appropriate per your organization’s security policies. F5 WAF for NGINX applies the prebuilt SELinux policy module during the installation. If you encounter any issues, check the [Troubleshooting Guide]({{< ref "/nap-waf/v4/troubleshooting-guide/troubleshooting#selinux" >}}).
**Note:** NGINX Controller has specific [requirements regarding SELinux configuration]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#supported-distributions" >}}).
@@ -263,7 +263,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
{{%tab name="Debian"%}}
-**Note:** As of NGINX Plus R24, support for Debian 9 is no longer available. As a consequence, NGINX App Protect WAF 3.1 is the final version available for this operating system version.
+**Note:** As of NGINX Plus R24, support for Debian 9 is no longer available. As a consequence, F5 WAF for NGINX 3.1 is the final version available for this operating system version.
1. If you already have NGINX packages in your system, back up your configs and logs:
@@ -312,7 +312,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
printf "deb https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
```
-9. Add NGINX App Protect WAF repository:
+9. Add F5 WAF for NGINX repository:
```shell
printf "deb https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
@@ -324,7 +324,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
```
-11. Update the repository and install the lastest supported NGINX App Protect WAF packages.
+11. Update the repository and install the lastest supported F5 WAF for NGINX packages.
**See Also:** Please refer to [NGINX App Protect Compatibility Matrix]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md#nginx-app-protect-compatibility-matrix" >}}) for specific version compatibility.
@@ -430,7 +430,7 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
printf "deb https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
```
-9. Add NGINX App Protect WAF repository:
+9. Add F5 WAF for NGINX repository:
```shell
printf "deb https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
@@ -497,34 +497,34 @@ Before proceeding, you should review the [Prerequisites]({{< ref "/nap-waf/v4/ad
16. To upgrade your signature package to the latest version and obtain the best protection, refer to [Updating App Protect Attack Signatures]({{< ref "/nap-waf/v4/admin-guide/install#ubuntu-1804" >}}).
- **Note:** Ubuntu 20.04 activates **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
+ **Note:** Ubuntu 20.04 activates **AppArmor** by default, but F5 WAF for NGINX will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for F5 WAF for NGINX, you will have to write your own AppArmor profile for F5 WAF for NGINX executables found in `/opt/app_protect/bin` such that it best suits your environment.
{{%/tab%}}
{{%tab name="Amazon Linux 2 LTS"%}}
-Using NGINX App Protect WAF with NGINX Controller isn't supported on Amazon Linux 2 LTS.
+Using F5 WAF for NGINX with NGINX Controller isn't supported on Amazon Linux 2 LTS.
{{%/tab%}}
{{%tab name="Alpine"%}}
-Using NGINX App Protect WAF with NGINX Controller isn't supported on Alpine.
+Using F5 WAF for NGINX with NGINX Controller isn't supported on Alpine.
{{%/tab%}}
{{}}
-## Add NGINX App Protect WAF to NGINX Controller
+## Add F5 WAF for NGINX to NGINX Controller
-If this NGINX Plus instance is already managed by Controller, [restart the Agent]({{< ref "/controller/admin-guides/install/agent-restart" >}}) after NGINX App Protect WAF is installed.
+If this NGINX Plus instance is already managed by Controller, [restart the Agent]({{< ref "/controller/admin-guides/install/agent-restart" >}}) after F5 WAF for NGINX is installed.
-Otherwise, complete the tasks in the NGINX Controller [Add an NGINX App Protect WAF Instance]({{< ref "/controller/infrastructure/instances/add-nap-instance.md#add-the-nginx-app-protect-instance" >}}) guide.
+Otherwise, complete the tasks in the NGINX Controller [Add an F5 WAF for NGINX Instance]({{< ref "/controller/infrastructure/instances/add-nap-instance.md#add-the-nginx-app-protect-instance" >}}) guide.
-## Use NGINX App Protect WAF with NGINX Controller
+## Use F5 WAF for NGINX with NGINX Controller
-**Note:** When configuring NGINX App Protect WAF as a datapath instance for NGINX Controller, **you should not modify the `nginx.conf` file**. The `nginx.conf` file will be automatically updated when enabling WAF on a Component in NGINX Controller.
+**Note:** When configuring F5 WAF for NGINX as a datapath instance for NGINX Controller, **you should not modify the `nginx.conf` file**. The `nginx.conf` file will be automatically updated when enabling WAF on a Component in NGINX Controller.
Refer to the following NGINX Controller user guides for further information about how to secure your apps and/or APIs with NGINX Controller:
diff --git a/content/controller/app-delivery/about-snippets.md b/content/controller/app-delivery/about-snippets.md
index cbeed3b4f..83c3c063f 100644
--- a/content/controller/app-delivery/about-snippets.md
+++ b/content/controller/app-delivery/about-snippets.md
@@ -557,7 +557,7 @@ The `reuseport` parameter creates an individual listening socket for each worker
## Extend App Security with Snippets
-When adding [NGINX Controller App Security]({{< ref "add-app-security-with-waf" >}}) to your components, you can use Snippets to add NGINX App Protect directives that aren't represented in the NGINX Controller API. You can also use Snippets to [tune your NGINX App Protect WAF performance]({{< ref "/controller/app-delivery/security/tutorials/tune-waf-for-app" >}}).
+When adding [NGINX Controller App Security]({{< ref "add-app-security-with-waf" >}}) to your components, you can use Snippets to add NGINX App Protect directives that aren't represented in the NGINX Controller API. You can also use Snippets to [tune your F5 WAF for NGINX performance]({{< ref "/controller/app-delivery/security/tutorials/tune-waf-for-app" >}}).
Refer to [Extend App Security with Snippets]({{< ref "extend-app-security-snippets" >}}) for more information and examples.
diff --git a/content/controller/app-delivery/security/concepts/bring-your-own-policy.md b/content/controller/app-delivery/security/concepts/bring-your-own-policy.md
index fc1ec87ae..179d3abc7 100644
--- a/content/controller/app-delivery/security/concepts/bring-your-own-policy.md
+++ b/content/controller/app-delivery/security/concepts/bring-your-own-policy.md
@@ -1,5 +1,5 @@
---
-description: Learn how to use your own F5 NGINX App Protect WAF policies with NGINX
+description: Learn how to use your own F5 F5 WAF for NGINX policies with NGINX
Controller.
nd-docs: DOCS-481
title: Bring Your Own WAF Policy
@@ -17,26 +17,26 @@ A BYO NGINX App Protect policy lets you maintain consistent Security Policies ac
To export a policy from F5 Advanced WAF or ASM, take the following steps:
-1. Convert your F5 XML security policy to an NGINX App Protect WAF declarative JSON policy using the [NGINX App Protect Policy Converter tool](https://docs.nginx.com/nginx-app-protect/configuration/#policy-converter).
+1. Convert your F5 XML security policy to an F5 WAF for NGINX declarative JSON policy using the [NGINX App Protect Policy Converter tool](https://docs.nginx.com/nginx-app-protect/configuration/#policy-converter).
{{< call-out "note" >}}We recommend using the Converter tool that corresponds with the most recent NGINX App Protect version.{{< /call-out >}}
2. Use the NGINX App Protect declarative JSON policy as the WAF policy in NGINX Controller for your app component(s).
-With a BYO NGINX App Protect policy, you can also provide customized security by crafting an NGINX App Protect WAF policy that specifies the security controls appropriate for your apps. For more information on how to configure an NGINX App Protect WAF policy, refer to the [NGINX App Protect Configuration Guide](https://docs.nginx.com/nginx-app-protect/configuration/).
+With a BYO NGINX App Protect policy, you can also provide customized security by crafting an F5 WAF for NGINX policy that specifies the security controls appropriate for your apps. For more information on how to configure an F5 WAF for NGINX policy, refer to the [NGINX App Protect Configuration Guide](https://docs.nginx.com/nginx-app-protect/configuration/).
## Security Strategy for BYO NGINX App Protect Policy
The BYO NGINX App Protect policy uses the concept of a [Security Strategy]({{< ref "/controller/app-delivery/security/concepts/what-is-waf.md#security-policy-and-security-strategy" >}})
With the BYO NGINX App Protect policy feature, you can specify the exact NGINX App Protect policy for the Security Strategy. Then, the Security Strategy can be shared across -- and referenced by -- multiple app components.
-A Security Strategy can be comprised of various app-security-related Security Policies. NGINX Controller includes a custom NGINX App Protect WAF policy, which can be assigned to a Security Strategy.
+A Security Strategy can be comprised of various app-security-related Security Policies. NGINX Controller includes a custom F5 WAF for NGINX policy, which can be assigned to a Security Strategy.
-You can also add a BYO NGINX App Protect WAF policy in JSON format to NGINX Controller "as-is" for use in a Security Strategy.
+You can also add a BYO F5 WAF for NGINX policy in JSON format to NGINX Controller "as-is" for use in a Security Strategy.
-An **App Component** contains a reference to a **Security Strategy**, which, in turn, references a Security Policy. This Security Policy contains the **NGINX App Protect WAF policy**.
+An **App Component** contains a reference to a **Security Strategy**, which, in turn, references a Security Policy. This Security Policy contains the **F5 WAF for NGINX policy**.
Refer to the topic [Enable WAF for a Component Using Your Own NGINX App Protect Policy]({{< ref "/controller/app-delivery/security/tutorials/add-app-security-with-waf.md#enable-waf-for-a-component-using-your-own-nap-policy-beta" >}}) to get started.
@@ -44,8 +44,8 @@ Refer to the topic [Enable WAF for a Component Using Your Own NGINX App Protect
BYO NAP WAF policy currently has the following limitations:
-- The size of the BYO NGINX App Protect WAF policy that's referenced by app components may affect application performance.
-- References to external files, such as the following, in the NGINX App Protect WAF JSON declarative policy are not supported:
+- The size of the BYO F5 WAF for NGINX policy that's referenced by app components may affect application performance.
+- References to external files, such as the following, in the F5 WAF for NGINX JSON declarative policy are not supported:
- User Defined Signatures
- Security controls in external references
- Referenced OpenAPI spec files
diff --git a/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md b/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md
index 60a6d68eb..8a7dd8244 100644
--- a/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md
+++ b/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md
@@ -14,7 +14,7 @@ type:
F5 NGINX Controller [Snippets]({{< ref "/controller/app-delivery/about-snippets.md" >}}) let you customize your NGINX configuration by adding NGINX directives that aren't represented by the NGINX Controller API.
-Snippets also let you customize App Security for your Components by adding NGINX App Protect directives that aren't present in the NGINX Controller API. You can use Snippets when [tuning your NGINX App Protect WAF performance]({{< ref "/controller/app-delivery/security/tutorials/tune-waf-for-app" >}}) as well.
+Snippets also let you customize App Security for your Components by adding NGINX App Protect directives that aren't present in the NGINX Controller API. You can use Snippets when [tuning your F5 WAF for NGINX performance]({{< ref "/controller/app-delivery/security/tutorials/tune-waf-for-app" >}}) as well.
{{< call-out "caution" >}}
When you use Snippets to customize your NGINX configuration, your changes are applied to the `nginx.conf` file *as is*. NGINX Controller does not verify that your configuration is valid before applying the Snippet.
@@ -92,10 +92,10 @@ Using local files as a backup for Security Events may use up disk space and affe
### Add Location of User-Defined Signature Definition File
-When using [Bring Your Own WAF Policy]({{< ref "/controller/app-delivery/security/concepts/bring-your-own-policy" >}}) in NGINX Controller, you can define a URI Snippet for a Gateway API to define the location for your User-Defined Signature Definition file. The User-Defined Signature can then be referenced in the custom NGINX App Protect WAF policy that you use for your Components.
+When using [Bring Your Own WAF Policy]({{< ref "/controller/app-delivery/security/concepts/bring-your-own-policy" >}}) in NGINX Controller, you can define a URI Snippet for a Gateway API to define the location for your User-Defined Signature Definition file. The User-Defined Signature can then be referenced in the custom F5 WAF for NGINX policy that you use for your Components.
{{< call-out "note" >}}
-The file that contains the signature definition must already exist on your NGINX App Protect WAF instances. For more information regarding User-Defined Signatures, refer to the [NGINX App Protect WAF Configuration Guide](https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#user-defined-signatures).
+The file that contains the signature definition must already exist on your F5 WAF for NGINX instances. For more information regarding User-Defined Signatures, refer to the [F5 WAF for NGINX Configuration Guide](https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#user-defined-signatures).
{{< /call-out >}}
The following example adds a URI snippet to the Gateway API definition that provides the location of the User-Defined Signature Definition file.
@@ -199,7 +199,7 @@ This example adds an HTTP Snippet to a Gateway to control the memory and CPU thr
In *failure mode*, App Protect WAF stops processing app traffic. Traffic is either dropped or passed through, as determined by the `app_protect_failure_mode_action` directive.
-The example below directs NGINX App Protect WAF to enter failure mode when memory utilization or CPU utilization reaches 85% and to exit failure mode when memory or CPU utilization drops to 60%.
+The example below directs F5 WAF for NGINX to enter failure mode when memory utilization or CPU utilization reaches 85% and to exit failure mode when memory or CPU utilization drops to 60%.
```json
{
diff --git a/content/controller/app-delivery/security/concepts/what-is-waf.md b/content/controller/app-delivery/security/concepts/what-is-waf.md
index 7859c350c..c03264384 100644
--- a/content/controller/app-delivery/security/concepts/what-is-waf.md
+++ b/content/controller/app-delivery/security/concepts/what-is-waf.md
@@ -23,10 +23,10 @@ A WAF protects your web apps by filtering, monitoring, and blocking any maliciou
App Security on NGINX Controller provides an app‑centric self‑service model to address the security needs of modern apps.
-The App Security add-on uses the NGINX App Protect Web Application Firewall (NGINX App Protect WAF) enforcement engine on the data path (data plane).
+The App Security add-on uses the NGINX App Protect Web Application Firewall (F5 WAF for NGINX) enforcement engine on the data path (data plane).
When you enable WAF on an app component using NGINX Controller, a security policy (sets of security controls and enforcement logic) is deployed and applied to configured NGINX App Protect instances that process traffic for the app component.
-NGINX App Protect WAF inspects incoming traffic as specified in the Security Policy to identify potential threats. When malicious traffic is suspected or blocked, the NGINX Controller Analytics module logs security events and metrics. These are then included in the NGINX Controller Threat Visibility and Analytics reporting.
+F5 WAF for NGINX inspects incoming traffic as specified in the Security Policy to identify potential threats. When malicious traffic is suspected or blocked, the NGINX Controller Analytics module logs security events and metrics. These are then included in the NGINX Controller Threat Visibility and Analytics reporting.
{{< call-out "note" >}}To learn more, read the [Threat Visibility and Analytics](https://www.nginx.com/blog/threat-visibility-analytics-nginx-controller-app-security/) blog post on [nginx.com](https://nginx.com).{{< /call-out>}}
@@ -34,7 +34,7 @@ NGINX App Protect WAF inspects incoming traffic as specified in the Security Pol
## Security Policy
-In NGINX Controller, the Security Policy contains an NGINX App Protect WAF policy. The NGINX App Protect WAF policy has security controls and settings in a declarative JSON format. The Security Policy defines the rules and settings for application traffic inspection, detection of malicious traffic, and handling violations when they occur. For more about creating, updating, or deleting Security Policies, see the [Policies API Reference](https://docs.nginx.com/nginx-controller/api/ctlr-adc-api/#operation/listPolicies).
+In NGINX Controller, the Security Policy contains an F5 WAF for NGINX policy. The F5 WAF for NGINX policy has security controls and settings in a declarative JSON format. The Security Policy defines the rules and settings for application traffic inspection, detection of malicious traffic, and handling violations when they occur. For more about creating, updating, or deleting Security Policies, see the [Policies API Reference](https://docs.nginx.com/nginx-controller/api/ctlr-adc-api/#operation/listPolicies).
When enabling WAF to protect your Apps, you can either add your own custom Security Policy or use the default Security Policy.
diff --git a/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md b/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md
index 10b02146f..74c0e66d3 100644
--- a/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md
+++ b/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md
@@ -129,13 +129,13 @@ This JSON object should be added to the Component endpoint similar to the follow
}
```
-## Enable WAF for a Component Using Your Own NGINX App Protect WAF Policy
+## Enable WAF for a Component Using Your Own F5 WAF for NGINX Policy
Instead of using NGINX Controller's default policy for WAF, you can [bring your own NGINX App Protect Policy]({{< ref "/controller/app-delivery/security/concepts/bring-your-own-policy.md" >}}) for use in a Security Strategy to protect your app components.
-To do so, you first need to upload your NGINX App Protect WAF declarative JSON policy to the Security Policy endpoint and reference it in a Security Strategy. Then, you can reference the Security Strategy in the Component where you are enabling WAF.
+To do so, you first need to upload your F5 WAF for NGINX declarative JSON policy to the Security Policy endpoint and reference it in a Security Strategy. Then, you can reference the Security Strategy in the Component where you are enabling WAF.
-### Upload your NGINX App Protect WAF Policy
+### Upload your F5 WAF for NGINX Policy
To upload your NGINX App Protect declarative JSON Policy to NGINX Controller, use an HTTP client like cURL and send a `PUT` request to the [Security Policy REST API}(https://docs.nginx.com/nginx-controller/api/ctlr-adc-api/)
The JSON object should be similar to the example below:
@@ -154,9 +154,9 @@ The JSON object should be similar to the example below:
}
```
-### Create or Update a Security Strategy with a BYO NGINX App Protect WAF Policy
+### Create or Update a Security Strategy with a BYO F5 WAF for NGINX Policy
-You can create or update a Security Strategy that references a BYO NGINX App Protect WAF policy by sending a `PUT` request to the [Strategies REST API](https://docs.nginx.com/nginx-controller/api/ctlr-adc-api/) endpoint.
+You can create or update a Security Strategy that references a BYO F5 WAF for NGINX policy by sending a `PUT` request to the [Strategies REST API](https://docs.nginx.com/nginx-controller/api/ctlr-adc-api/) endpoint.
The JSON object should be similar to the example below:
@@ -181,7 +181,7 @@ The JSON object should be similar to the example below:
```
-### Add a BYO NGINX App Protect WAF policy to an App Component
+### Add a BYO F5 WAF for NGINX policy to an App Component
To add your BYO NGINX App Protect Policy to your App(s), you need to add a reference to the Security Strategy that contains the policy to your App Component.
diff --git a/content/controller/releases/adc/adc-release-notes-3.20.md b/content/controller/releases/adc/adc-release-notes-3.20.md
index 90cee4aff..3f03dab3c 100644
--- a/content/controller/releases/adc/adc-release-notes-3.20.md
+++ b/content/controller/releases/adc/adc-release-notes-3.20.md
@@ -51,9 +51,9 @@ Take note of the following considerations when upgrading to this version of the
For more information, see the AskF5 article [K02089505](https://support.f5.com/csp/article/K02089505).
-- **Bring your own custom NGINX App Protect WAF Policy to configure app security**
+- **Bring your own custom F5 WAF for NGINX Policy to configure app security**
- Now, you can [use your own custom NGINX App Protect WAF JSON declarative policy]({{< ref "/controller/app-delivery/security/concepts/bring-your-own-policy.md" >}}) as your WAF policy with NGINX Controller, in addition to using the default policy. F5 Advanced WAF and BIG-IP Application Security Module (ASM) customers can convert their standardized WAF policy to an App Protect policy to use with NGINX Controller.
+ Now, you can [use your own custom F5 WAF for NGINX JSON declarative policy]({{< ref "/controller/app-delivery/security/concepts/bring-your-own-policy.md" >}}) as your WAF policy with NGINX Controller, in addition to using the default policy. F5 Advanced WAF and BIG-IP Application Security Module (ASM) customers can convert their standardized WAF policy to an App Protect policy to use with NGINX Controller.
## NAP Vulnerability Fixes
diff --git a/content/includes/acm/about/api-proxy-policies.md b/content/includes/acm/about/api-proxy-policies.md
index 3a604af74..6a608f174 100644
--- a/content/includes/acm/about/api-proxy-policies.md
+++ b/content/includes/acm/about/api-proxy-policies.md
@@ -15,7 +15,7 @@ The following table shows the available API Proxy Policies you can use when crea
| [Access Control Routing]({{< ref "/nms/acm/how-to/policies/access-control-routing" >}}) | | | Inbound | Restrict access to your application servers based on JWT claims or header values. |
| [ACL Consumer Restriction]({{< ref "/nms/acm/how-to/policies/api-access-control-lists#create-acl-consumer-restriction-policy" >}}) | | | Inbound | Protect your upstream TCP application servers by denying/allowing access from certain consumers client IDs or authenticated JWT claims. |
| [ACL IP Restriction]({{< ref "/nms/acm/how-to/policies/api-access-control-lists#create-acl-ip-restriction-policy" >}}) | | | Inbound | Protect your upstream TCP application servers by denying/allowing access from certain client IP addresses or CIDR blocks |
-| [Advanced Security]({{< ref "/nms/acm/how-to/policies/advanced-security" >}}) | | | Inbound | Protect your upstream TCP application servers by applying an NGINX App Protect WAF policy to the traffic to your proxy |
+| [Advanced Security]({{< ref "/nms/acm/how-to/policies/advanced-security" >}}) | | | Inbound | Protect your upstream TCP application servers by applying an F5 WAF for NGINX policy to the traffic to your proxy |
| [Allowed HTTP Methods]({{< ref "/nms/acm/how-to/policies/allowed-http-methods" >}}) | | | Inbound | Restrict access to specific request methods and set a custom response code for non-matching requests. |
| [APIKey Authentication]({{< ref "/nms/acm/how-to/policies/apikey-authn" >}}) | | | Inbound | Secure the API gateway proxy by adding an API key. |
| [HTTP Backend Config]({{< ref "/nms/acm/how-to/policies/http-backend-configuration" >}}) | | | Inbound | Customize settings to ensure fault tolerance, maximize throughput, reduce latency, and optimize resource usage. |
diff --git a/content/includes/nap-waf/build-from-official-nginx-image.md b/content/includes/nap-waf/build-from-official-nginx-image.md
index 085908c9e..3125460de 100644
--- a/content/includes/nap-waf/build-from-official-nginx-image.md
+++ b/content/includes/nap-waf/build-from-official-nginx-image.md
@@ -12,7 +12,7 @@ nd-docs: "DOCS-1509"
# Base image
FROM nginx:1.25.5-bookworm
-# Install NGINX App Protect WAF v5 module
+# Install F5 WAF for NGINX v5 module
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
apt-get update \
diff --git a/content/includes/nap-waf/build-nginx-image-cmd.md b/content/includes/nap-waf/build-nginx-image-cmd.md
index ddc2a7100..fb1e6e805 100644
--- a/content/includes/nap-waf/build-nginx-image-cmd.md
+++ b/content/includes/nap-waf/build-nginx-image-cmd.md
@@ -3,7 +3,7 @@ nd-docs: "DOCS-1512"
---
{{< call-out "note" >}}
-Never upload your NGINX App Protect WAF v5 images to a public container registry such as Docker Hub. Doing so violates your license agreement.
+Never upload your F5 WAF for NGINX v5 images to a public container registry such as Docker Hub. Doing so violates your license agreement.
{{< /call-out >}}
To build the image, execute the following command in the directory containing the `nginx-repo.crt`, `nginx-repo.key`, and `Dockerfile`. Here, `nginx-app-protect-5` is an example image tag.
diff --git a/content/includes/nap-waf/concept/apreload.md b/content/includes/nap-waf/concept/apreload.md
index 2da2e366c..4a172dc04 100644
--- a/content/includes/nap-waf/concept/apreload.md
+++ b/content/includes/nap-waf/concept/apreload.md
@@ -2,7 +2,7 @@
nd-docs: DOCS-000
---
-apreload is a tool that can update that can update the NGINX App Protect WAF configuration without having to reload NGINX if only the App Protect configuration is changed and the `nginx.conf` file remains unchanged. apreload does not affect the existing NGINX reload process and it functions in the same manner as before.
+apreload is a tool that can update that can update the F5 WAF for NGINX configuration without having to reload NGINX if only the App Protect configuration is changed and the `nginx.conf` file remains unchanged. apreload does not affect the existing NGINX reload process and it functions in the same manner as before.
#### Some Conditions Required for apreload to Work:
diff --git a/content/includes/nap-waf/concept/global-directives.md b/content/includes/nap-waf/concept/global-directives.md
index ad92b63d1..9efcabae7 100644
--- a/content/includes/nap-waf/concept/global-directives.md
+++ b/content/includes/nap-waf/concept/global-directives.md
@@ -6,7 +6,7 @@ Global configuration consists of a series of `nginx.conf` directives at the `htt
When applied to a cluster, all cluster members will get the same globals as expected.
-{{< call-out "note" >}} Whether an incoming request is inspected by NGINX App Protect WAF may be determined by the URL in the request. This happens if you configure `app_protect_enable` and `app_protect_policy_file` directives in the `location` scope. In the case where the URL itself has violations such as *bad unescape* or *illegal metacharacter* then the request might be assigned to a location in which NGINX App Protect WAF is disabled or has a relaxed policy that does not detect these violations. Such malicious requests will be allowed without inspection. In order to avoid this, it is recommended to have a basic policy enabled at the `http` scope or at least at the `server` scope to process malicious requests in a more complete manner.{{< /call-out >}}
+{{< call-out "note" >}} Whether an incoming request is inspected by F5 WAF for NGINX may be determined by the URL in the request. This happens if you configure `app_protect_enable` and `app_protect_policy_file` directives in the `location` scope. In the case where the URL itself has violations such as *bad unescape* or *illegal metacharacter* then the request might be assigned to a location in which F5 WAF for NGINX is disabled or has a relaxed policy that does not detect these violations. Such malicious requests will be allowed without inspection. In order to avoid this, it is recommended to have a basic policy enabled at the `http` scope or at least at the `server` scope to process malicious requests in a more complete manner.{{< /call-out >}}
{{< bootstrap-table "table table-striped table-bordered table-sm table-responsive" >}}
|Directive Name | Syntax | Description | Default |
diff --git a/content/includes/nap-waf/concept/grpc-logging.md b/content/includes/nap-waf/concept/grpc-logging.md
index bcce1d690..88fc1678d 100644
--- a/content/includes/nap-waf/concept/grpc-logging.md
+++ b/content/includes/nap-waf/concept/grpc-logging.md
@@ -5,7 +5,7 @@ nd-docs: DOCS-000
Security log for gRPC requests has unique fields: `uri`, `grpc_method`, and `grpc_service`. Also, since the content of gRPC requests is binary (Protocol Buffers), it is better transferred in Base64 encoding. Hence, it is recommended to use the `headers` and `request_body_base64` fields instead of the `request` field. A new predefined log format called `grpc` should be used in all gRPC locations that also use policies with gRPC Content Profiles.
The `grpc` format also contains the above new gRPC fields (`grpc_service` and `grpc_method`). See [Available Security Log Attributes]({{< ref "/nap-waf/v5/logging-overview/security-log#available-security-log-attributes" >}}).
-NGINX App Protect WAF provides three security log bundles for gRPC: `log_grpc_all`, `log_grpc_illegal` and `log_grpc_blocked` using the `grpc` format with three filters: all requests, illegal requests, and blocked requests respectively. Unless you have special logging format requirements, the best practice is to use one of these bundles in all gRPC locations with the `app_protect_security_log` directive.
+F5 WAF for NGINX provides three security log bundles for gRPC: `log_grpc_all`, `log_grpc_illegal` and `log_grpc_blocked` using the `grpc` format with three filters: all requests, illegal requests, and blocked requests respectively. Unless you have special logging format requirements, the best practice is to use one of these bundles in all gRPC locations with the `app_protect_security_log` directive.
Here is a typical example:
diff --git a/content/includes/nap-waf/config/common/anti-automation.md b/content/includes/nap-waf/config/common/anti-automation.md
index 93459aaba..5a76d4f71 100644
--- a/content/includes/nap-waf/config/common/anti-automation.md
+++ b/content/includes/nap-waf/config/common/anti-automation.md
@@ -103,7 +103,7 @@ In this example, we override the action for a specific signature (python-request
#### Bot Signatures Update File
-Starting with NGINX App Protect WAF release 4.7, the bot signature file `included_bot_signatures`, is located at the following path: `/opt/app-protect/var/update_files/bot_signatures/included_bot_signatures`. This will be part of the **app-protect-bot-signatures** package.
+Starting with F5 WAF for NGINX release 4.7, the bot signature file `included_bot_signatures`, is located at the following path: `/opt/app-protect/var/update_files/bot_signatures/included_bot_signatures`. This will be part of the **app-protect-bot-signatures** package.
This file contains an up-to-date list of all bot signatures that have been updated with the new bot signature package. This list is automatically generated as a part of the **app-protect-bot-signatures** package and follows a format similar to the README-style text file found in the attack signature. This file contains essential information which includes:
@@ -137,7 +137,7 @@ This is a list of the trusted bots that are currently part of the bot signatures
#### Header Anomalies
-In addition to detecting Bot Signatures, by default NGINX App Protect WAF verifies that a client claiming to be a browser is indeed one by inspecting the HTTP headers.
+In addition to detecting Bot Signatures, by default F5 WAF for NGINX verifies that a client claiming to be a browser is indeed one by inspecting the HTTP headers.
Each request receives a score, is categorized by anomaly, and is enforced according to the default configured anomaly action:
diff --git a/content/includes/nap-waf/config/common/clickjacking-protection.md b/content/includes/nap-waf/config/common/clickjacking-protection.md
index c73c94b8e..ed7e6f747 100644
--- a/content/includes/nap-waf/config/common/clickjacking-protection.md
+++ b/content/includes/nap-waf/config/common/clickjacking-protection.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1611"
---
-Clickjacking refers to a technique used by malicious actors to embed remote website content into their malicious websites, tricking the end users to click on the embedded frames triggering actions the users were not aware of, such as liking a certain Facebook page or giving a restaurant a 5 star rating. To protect against such attacks, NGINX App Protect WAF uses the `X-Frame-Options` header capabilities. The `X-Frame-Options` header is injected by NGINX App Protect WAF to indicate to the browser whether it should embed the content or not. Please note that this additional layer of security is available only in browsers that support the `X-Frame-Options` headers.
+Clickjacking refers to a technique used by malicious actors to embed remote website content into their malicious websites, tricking the end users to click on the embedded frames triggering actions the users were not aware of, such as liking a certain Facebook page or giving a restaurant a 5 star rating. To protect against such attacks, F5 WAF for NGINX uses the `X-Frame-Options` header capabilities. The `X-Frame-Options` header is injected by F5 WAF for NGINX to indicate to the browser whether it should embed the content or not. Please note that this additional layer of security is available only in browsers that support the `X-Frame-Options` headers.
##### Configuration
@@ -10,9 +10,9 @@ Clickjacking refers to a technique used by malicious actors to embed remote webs
- X-Frame-Options: `deny` - This option will prevent the browser from displaying the content in a frame, regardless of the website trying to do so.
- X-Frame-Options: `only-same` - This option allows the browser to display the content in a frame only if it comes from the same website.
-Please note that a third configuration option was available but it was deprecated by RFC and is not supported by NGINX App Protect WAF.
+Please note that a third configuration option was available but it was deprecated by RFC and is not supported by F5 WAF for NGINX.
-To enable this protection in NGINX App Protect WAF, we enable the feature for a URL (or for all URLs, via the wildcard URL), and then set the value to be assigned to the `X-Frame-Options` header. Following is an example of a policy enabling the feature for the URL `/clickme`, and using `only-same` as the value for the `X-Frame-Options` header:
+To enable this protection in F5 WAF for NGINX, we enable the feature for a URL (or for all URLs, via the wildcard URL), and then set the value to be assigned to the `X-Frame-Options` header. Following is an example of a policy enabling the feature for the URL `/clickme`, and using `only-same` as the value for the `X-Frame-Options` header:
```json
{
diff --git a/content/includes/nap-waf/config/common/csrf-protection.md b/content/includes/nap-waf/config/common/csrf-protection.md
index f17fd9dd0..fe7b0314c 100644
--- a/content/includes/nap-waf/config/common/csrf-protection.md
+++ b/content/includes/nap-waf/config/common/csrf-protection.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1590"
---
-CSRF (Cross-Site Request Forgery) is an attack vector in which the victim user that visits a sensitive site such as a bank account, is lured to click on a malicious link attempting a fraudulent operation on that sensitive site. The link may be sent over email or in a hidden frame in another site. NGINX App Protect WAF provides protection against CSRF attacks by validating the Origin header for AJAX POST requests (default configuration).
+CSRF (Cross-Site Request Forgery) is an attack vector in which the victim user that visits a sensitive site such as a bank account, is lured to click on a malicious link attempting a fraudulent operation on that sensitive site. The link may be sent over email or in a hidden frame in another site. F5 WAF for NGINX provides protection against CSRF attacks by validating the Origin header for AJAX POST requests (default configuration).
##### CSRF Configuration
diff --git a/content/includes/nap-waf/config/common/custom-log-overview.md b/content/includes/nap-waf/config/common/custom-log-overview.md
index 3ae13b711..a8bdff796 100644
--- a/content/includes/nap-waf/config/common/custom-log-overview.md
+++ b/content/includes/nap-waf/config/common/custom-log-overview.md
@@ -2,6 +2,6 @@
nd-docs: "DOCS-1614"
---
-Custom dimensions log entries feature refers to the new configuration in NGINX App Protect WAF, where the new directive called `app_protect_custom_log_attribute` is assigned to a particular location or server or http level in the `nginx.conf` file. The need is to be able to add custom identifiers to the respective location and/or server and identify requests in the Security Log by those identifiers.
+Custom dimensions log entries feature refers to the new configuration in F5 WAF for NGINX, where the new directive called `app_protect_custom_log_attribute` is assigned to a particular location or server or http level in the `nginx.conf` file. The need is to be able to add custom identifiers to the respective location and/or server and identify requests in the Security Log by those identifiers.
The `app_protect_custom_log_attribute` directive will be used to track the assigned location/server/http dimension of each request by adding the `app_protect_custom_log_attribute` to the **Security Logs** a.k.a **Request Logs**. Since it is a custom attribute a customer can set, that custom attribute will appear for every request log entry that was handled by that location/server.
\ No newline at end of file
diff --git a/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md b/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md
index 45ebb85ef..24c7b0e5f 100644
--- a/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md
+++ b/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md
@@ -63,7 +63,7 @@ In this IPv4 example, we use the default configuration while enabling the deny l
```
{{< call-out "note" >}}
-The above configuration assumes the IP address represents the original requestor. However, it is also common that the client address may instead represent a downstream proxy device as opposed to the original requestor's IP address. In this case, you may need to configure NGINX App Protect WAF to prefer the use of an `X-Forwarded-For` (or similar) header injected to the request by a downstream proxy in order to more accurately identify the *actual* originator of the request. [See the XFF Headers and Trust](#xff-headers-and-trust) for information regarding the additional settings required for this configuration.
+The above configuration assumes the IP address represents the original requestor. However, it is also common that the client address may instead represent a downstream proxy device as opposed to the original requestor's IP address. In this case, you may need to configure F5 WAF for NGINX to prefer the use of an `X-Forwarded-For` (or similar) header injected to the request by a downstream proxy in order to more accurately identify the *actual* originator of the request. [See the XFF Headers and Trust](#xff-headers-and-trust) for information regarding the additional settings required for this configuration.
{{< /call-out >}}
diff --git a/content/includes/nap-waf/config/common/detect-base64-string-values.md b/content/includes/nap-waf/config/common/detect-base64-string-values.md
index 56e58f6a7..15d262132 100644
--- a/content/includes/nap-waf/config/common/detect-base64-string-values.md
+++ b/content/includes/nap-waf/config/common/detect-base64-string-values.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1563"
---
-The Detect Base64 feature allows NGINX App Protect WAF to detect whether values in string fields in gRPC payload are Base64 encoded. When a value is detected as Base64 encoded NGINX App Protect WAF will enforce the configured signatures on the decoded value __and__ on the original value.
+The Detect Base64 feature allows F5 WAF for NGINX to detect whether values in string fields in gRPC payload are Base64 encoded. When a value is detected as Base64 encoded F5 WAF for NGINX will enforce the configured signatures on the decoded value __and__ on the original value.
This feature is disabled by default and can be enabled by setting `decodeStringValuesAsBase64` to `enabled`.
diff --git a/content/includes/nap-waf/config/common/detect-base64.md b/content/includes/nap-waf/config/common/detect-base64.md
index c80861c63..9bc3e96f4 100644
--- a/content/includes/nap-waf/config/common/detect-base64.md
+++ b/content/includes/nap-waf/config/common/detect-base64.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1593"
---
-The Detect Base64 feature allows NGINX App Protect WAF to detect whether values in headers, cookies, and parameters are Base64 encoded. When an entity is detected as Base64 encoded NGINX App Protect WAF will enforce the configured signatures on the decoded value, instead of on the original value.
+The Detect Base64 feature allows F5 WAF for NGINX to detect whether values in headers, cookies, and parameters are Base64 encoded. When an entity is detected as Base64 encoded F5 WAF for NGINX will enforce the configured signatures on the decoded value, instead of on the original value.
This feature is disabled by default or by setting the `decodeValueAsBase64` to `disabled`.
diff --git a/content/includes/nap-waf/config/common/enforcer-cookie-settings.md b/content/includes/nap-waf/config/common/enforcer-cookie-settings.md
index 0b66474af..c128b3978 100644
--- a/content/includes/nap-waf/config/common/enforcer-cookie-settings.md
+++ b/content/includes/nap-waf/config/common/enforcer-cookie-settings.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1608"
---
-NGINX App Protect WAF generates its own cookies and adds them on top of the application cookies.
+F5 WAF for NGINX generates its own cookies and adds them on top of the application cookies.
These are called Enforcer Cookies.
diff --git a/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md b/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md
index f485fcb9a..b4250c0ba 100644
--- a/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md
+++ b/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1542"
---
-The following table specifies the Evasion Techniques sub-violation settings. All are supported in NGINX App Protect WAF.
+The following table specifies the Evasion Techniques sub-violation settings. All are supported in F5 WAF for NGINX.
{{}}
|Sub-Violation | Default Template | Description |
diff --git a/content/includes/nap-waf/config/common/filetypes-and-responses.md b/content/includes/nap-waf/config/common/filetypes-and-responses.md
index c65c0aa33..cc8231a63 100644
--- a/content/includes/nap-waf/config/common/filetypes-and-responses.md
+++ b/content/includes/nap-waf/config/common/filetypes-and-responses.md
@@ -94,7 +94,7 @@ When enforcing signatures on the response, we have the flexibility to restrict t
#### How Does Restrict Response Signature Check Work?
-The response signature check is always done on the configured `responseCheckLength` as described above. Usually NGINX App Protect WAF will buffer only that part of the response saving memory and CPU, but in some conditions the whole response may have to be buffered, such as when the response body is compressed.
+The response signature check is always done on the configured `responseCheckLength` as described above. Usually F5 WAF for NGINX will buffer only that part of the response saving memory and CPU, but in some conditions the whole response may have to be buffered, such as when the response body is compressed.
#### Allowed Methods
diff --git a/content/includes/nap-waf/config/common/geolocation-overview.md b/content/includes/nap-waf/config/common/geolocation-overview.md
index 4cf2e1833..9502ba761 100644
--- a/content/includes/nap-waf/config/common/geolocation-overview.md
+++ b/content/includes/nap-waf/config/common/geolocation-overview.md
@@ -4,4 +4,4 @@ nd-docs: "DOCS-1615"
Geolocation refers to the process of assessing or determining the geographic location of an object. This feature helps in identifying the geographic location of a client or web application user.
-In NGINX App Protect WAF, the Enforcer will look up the client IP address in the Geolocation file included in the app protect package, and extract the corresponding [ISO 3166](https://www.iso.org/obp/ui/#search) two-letter code, representing the country. For instance, "IL" denotes Israel. This information is denoted as "geolocation" in the condition and is also included in the request reporting.
+In F5 WAF for NGINX, the Enforcer will look up the client IP address in the Geolocation file included in the app protect package, and extract the corresponding [ISO 3166](https://www.iso.org/obp/ui/#search) two-letter code, representing the country. For instance, "IL" denotes Israel. This information is denoted as "geolocation" in the condition and is also included in the request reporting.
diff --git a/content/includes/nap-waf/config/common/graphql-security.md b/content/includes/nap-waf/config/common/graphql-security.md
index 067eb4833..e898cd8e8 100644
--- a/content/includes/nap-waf/config/common/graphql-security.md
+++ b/content/includes/nap-waf/config/common/graphql-security.md
@@ -2,6 +2,6 @@
nd-docs: "DOCS-1566"
---
-Securing GraphQL APIs with NGINX App Protect WAF involves using WAF to monitor and protect against security threats and attacks. GraphQL, like REST, is usually [served over HTTP](http://graphql.org/learn/serving-over-http/), using GET and POST requests and a proprietary [query language](https://graphql.org/learn/schema/#the-query-and-mutation-types). It is prone to the typical Web APIs security vulnerabilities, such as injection attacks, Denial of Service (DoS) attacks and abuse of flawed authorization.
+Securing GraphQL APIs with F5 WAF for NGINX involves using WAF to monitor and protect against security threats and attacks. GraphQL, like REST, is usually [served over HTTP](http://graphql.org/learn/serving-over-http/), using GET and POST requests and a proprietary [query language](https://graphql.org/learn/schema/#the-query-and-mutation-types). It is prone to the typical Web APIs security vulnerabilities, such as injection attacks, Denial of Service (DoS) attacks and abuse of flawed authorization.
Unlike REST, where Web resources are identified by multiple URLs, GraphQL server operates on a single URL/endpoint, usually **/graphql**. All GraphQL requests for a given service should be directed to this endpoint.
\ No newline at end of file
diff --git a/content/includes/nap-waf/config/common/graphql-violations.md b/content/includes/nap-waf/config/common/graphql-violations.md
index 288fa29a4..bc4748339 100644
--- a/content/includes/nap-waf/config/common/graphql-violations.md
+++ b/content/includes/nap-waf/config/common/graphql-violations.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1578"
---
-NGINX App Protect WAF introduces four new violations specific to GraphQL: `VIOL_GRAPHQL_FORMAT`, `VIOL_GRAPHQL_MALFORMED`, `VIOL_GRAPHQL_INTROSPECTION_QUERY` and `VIOL_GRAPHQL_ERROR_RESPONSE`.
+F5 WAF for NGINX introduces four new violations specific to GraphQL: `VIOL_GRAPHQL_FORMAT`, `VIOL_GRAPHQL_MALFORMED`, `VIOL_GRAPHQL_INTROSPECTION_QUERY` and `VIOL_GRAPHQL_ERROR_RESPONSE`.
Under the "blocking-settings," user can either enable or disable these violations. Note that these violations will be enabled by default. Any changes to these violation settings here will override the default settings. The details regarding logs will be recorded in the security log.
diff --git a/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md b/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md
index dac89ee48..e479c85a4 100644
--- a/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md
+++ b/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md
@@ -2,5 +2,5 @@
nd-docs: "DOCS-1558"
---
-gRPC is a remote API standard and is an alternative to OpenAPI. If your applications expose gRPC APIs, NGINX App Protect WAF can protect them by parsing the messages; making sure they comply with the API definition; and enforcing security restrictions - such as size limits, detecting attack signatures, threat campaigns, and suspicious metacharacters in message string field values.
+gRPC is a remote API standard and is an alternative to OpenAPI. If your applications expose gRPC APIs, F5 WAF for NGINX can protect them by parsing the messages; making sure they comply with the API definition; and enforcing security restrictions - such as size limits, detecting attack signatures, threat campaigns, and suspicious metacharacters in message string field values.
In the following sections, you will learn how to configure gRPC protection in the policy using gRPC Content Profiles.
\ No newline at end of file
diff --git a/content/includes/nap-waf/config/common/http-compliance-subviolations.md b/content/includes/nap-waf/config/common/http-compliance-subviolations.md
index c9482ea62..338b0a8e4 100644
--- a/content/includes/nap-waf/config/common/http-compliance-subviolations.md
+++ b/content/includes/nap-waf/config/common/http-compliance-subviolations.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1576"
---
-The following table specifies the HTTP Compliance sub-violation settings. All are supported in NGINX App Protect WAF, but not all are enabled in the default App Protect security template. The table specifies which. Some of the checks are enforced by NGINX Plus and App Protect only gets a notification. **Note:** In this case, the request is **always** blocked regardless of the App Protect policy.
+The following table specifies the HTTP Compliance sub-violation settings. All are supported in F5 WAF for NGINX, but not all are enabled in the default App Protect security template. The table specifies which. Some of the checks are enforced by NGINX Plus and App Protect only gets a notification. **Note:** In this case, the request is **always** blocked regardless of the App Protect policy.
{{}}
diff --git a/content/includes/nap-waf/config/common/ip-intelligence-conf.md b/content/includes/nap-waf/config/common/ip-intelligence-conf.md
index 094b42cb6..6b253b4e5 100644
--- a/content/includes/nap-waf/config/common/ip-intelligence-conf.md
+++ b/content/includes/nap-waf/config/common/ip-intelligence-conf.md
@@ -1,6 +1,6 @@
-NGINX App Protect WAF provides an IP Intelligence feature, which allows customizing the enforcement based on the source IP of the request to limit access from IP addresses with questionable reputation. Please note that:
+F5 WAF for NGINX provides an IP Intelligence feature, which allows customizing the enforcement based on the source IP of the request to limit access from IP addresses with questionable reputation. Please note that:
- The IP intelligence feature is **disabled** by default and needs to be installed, enabled, and configured within the policy.
- To review the installation steps, please refer to the administration guide: [App Protect v4]({{< ref "/nap-waf/v4/admin-guide/install.md#Prerequisites" >}}) / [App Protect v5]({{< ref "/nap-waf/v5/admin-guide/install.md#Prerequisites" >}})
- The system must have an active Internet connection and a working DNS.
diff --git a/content/includes/nap-waf/config/common/json-web-token-overview.md b/content/includes/nap-waf/config/common/json-web-token-overview.md
index 76cf116ba..b34cf6265 100644
--- a/content/includes/nap-waf/config/common/json-web-token-overview.md
+++ b/content/includes/nap-waf/config/common/json-web-token-overview.md
@@ -2,11 +2,11 @@
nd-docs: "DOCS-1550"
---
-JSON Web Token (JWT) is a compact and self-contained way to represent information between two parties in a JSON (JavaScript Object Notation) format and is commonly used for authentication and authorization. With NGINX App Protect now it is possible to control access to its application using JWT validation. NGINX App Protect WAF validates the authenticity and well-formedness of JWTs coming from a client, denying access to the service exclusively when the validation process fails. JWT is mainly used for API access.
+JSON Web Token (JWT) is a compact and self-contained way to represent information between two parties in a JSON (JavaScript Object Notation) format and is commonly used for authentication and authorization. With NGINX App Protect now it is possible to control access to its application using JWT validation. F5 WAF for NGINX validates the authenticity and well-formedness of JWTs coming from a client, denying access to the service exclusively when the validation process fails. JWT is mainly used for API access.
When a user logs in to a web application, they might receive a JWT, which can then be included in subsequent requests to the server. The server can validate the JWT to ensure that the user is authenticated to access the requested resources.
-Now NGINX App Protect WAF provides JSON Web Token (JWT) protection. NGINX App Protect WAF will be placed in the path leading to the application server and will handle the token for the application. This includes:
+Now F5 WAF for NGINX provides JSON Web Token (JWT) protection. F5 WAF for NGINX will be placed in the path leading to the application server and will handle the token for the application. This includes:
1. Validating the token's existence and ensuring its correct structure for specific URLs.
2. Verifying the token's signature based on provisioned certificates.
@@ -45,7 +45,7 @@ These claims provide information about the JWT and can be used by the recipient
- **Signature** - To create the signature part, the header and payload are encoded using a specified algorithm and a secret key. This signature can be used to verify the authenticity of the token and to ensure that it has not been tampered with during transmission. The signature is computed based on the algorithm and the keys used and also Base64-encoded.
-#### NGINX App Protect WAF supports the following types of JWT:
+#### F5 WAF for NGINX supports the following types of JWT:
JSON Web Signature (JWS) - JWT content is digitally signed. The following algorithm can be used for signing:
diff --git a/content/includes/nap-waf/config/common/json-web-tokens-violations.md b/content/includes/nap-waf/config/common/json-web-tokens-violations.md
index b04d82780..efcad7a2a 100644
--- a/content/includes/nap-waf/config/common/json-web-tokens-violations.md
+++ b/content/includes/nap-waf/config/common/json-web-tokens-violations.md
@@ -2,7 +2,7 @@
nd-docs: "DOCS-1594"
---
-NGINX App Protect WAF introduces three new violations specific to JWT: `VIOL_ACCESS_INVALID`, `VIOL_ACCESS_MISSING` and `VIOL_ACCESS_MALFORMED`.
+F5 WAF for NGINX introduces three new violations specific to JWT: `VIOL_ACCESS_INVALID`, `VIOL_ACCESS_MISSING` and `VIOL_ACCESS_MALFORMED`.
Under the "blocking-settings," user can either enable or disable these violations. Note that these violations will be enabled by default. The details regarding logs will be recorded in the security log.
diff --git a/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md b/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md
index 2630c54ec..ce32ad960 100644
--- a/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md
+++ b/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md
@@ -11,22 +11,22 @@ This guide assumes that you have some familiarity with various Layer 7 (L7) Hype
{{}}
|Term | Definition |
| ---| --- |
-|Alarm | If selected, the NGINX App Protect WAF system records requests that trigger the violation in the remote log (depending on the settings of the logging profile). |
-|Attack signature | Textual patterns which can be applied to HTTP requests and/or responses by NGINX App Protect WAF to determine if traffic is malicious. For example, the string `