nginxinc · ADubhlaoich · May 29, 2024 · May 23, 2024
@@ -31,7 +31,7 @@ spec:
       timeout: 5
   ```
 
-2. Enable App Protect DoS on an Ingress by adding an annotation on the Ingress. Set the value of the annotation to the qualified identifier(`namespace/name`) of a DosProtectedResource:
+2. Enable App Protect DoS for an Ingress resource by adding an annotation to the Ingress. Set the value of the annotation to the qualified identifier(`namespace/name`) of a DosProtectedResource:
 
   ```yaml
    apiVersion: networking.k8s.io/v1
@@ -42,7 +42,7 @@ spec:
          appprotectdos.f5.com/app-protect-dos-resource: "default/dos-protected"
   ```
 
-3. Enable App Protect DoS on a VirtualServer by setting the `dos` field value to the qualified identifier(`namespace/name`) of a DosProtectedResource:
+3. Enable App Protect DoS on a VirtualServer resource by setting the `dos` field value to the qualified identifier(`namespace/name`) of a DosProtectedResource:
 
   ```yaml
 apiVersion: k8s.nginx.org/v1
@@ -75,10 +75,10 @@ For example, say you want to use DoS Policy as shown below:
    bad_actors: "on",
    automation_tools_detection: "on",
    tls_fingerprint: "on",
-}
+   }
   ```
 
-You would create an `APDosPolicy` resource with the policy defined in the `spec`, as shown below:
+Create an `APDosPolicy` resource with the policy defined in the `spec`, as shown below:
 
   ```yaml
    apiVersion: appprotectdos.f5.com/v1beta1

@@ -1,20 +1,22 @@
 ---
-title: DoS Protected Resource
-
-description: "Dos Protected Resource Specification"
+docs: DOCS-581
+doctypes:
+- ''
+title: DoS protected resource specification
+toc: true
 weight: 300
 doctypes: [""]
 toc: true
 docs: "DOCS-581"
 ---
 
-> Note: This feature is only available in NGINX Plus with AppProtectDos.
+NGINX App Protect DoS protected resource specification
 
-> Note: The feature is implemented using the NGINX Plus [NGINX App Protect Dos Module](/nginx-app-protect-dos/deployment-guide/learn-about-deployment/).
+{{< note >}} This feature is only available using the NGINX Plus [NGINX App Protect DoS Module](/nginx-app-protect-dos/deployment-guide/learn-about-deployment/). {{< /note >}}
 
-## DoS Protected Resource Specification
+## DoS Protected resource specification
 
-Below is an example of a dos protected resource.
+Below is an example of a DoS protected resource.
 
 ```yaml
 apiVersion: appprotectdos.f5.com/v1beta1
@@ -52,51 +54,56 @@ The `apDosPolicy` is a reference (qualified identifier in the format `namespace/
 
 This is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1).
 
-### Invalid DoS Protected Resources
+### Invalid DoS Protected resources
 
-NGINX will treat a dos protected resource as invalid if one of the following conditions is met:
+NGINX will treat a DoS protected resource as invalid if one of the following conditions is met:
 
-- The dos protected resource doesn't pass the [comprehensive validation](#comprehensive-validation).
-- The dos protected resource isn't present in the cluster.
+- The DoS protected resource doesn't pass the [comprehensive validation](#comprehensive-validation).
+- The DoS protected resource isn't present in the cluster.
 
 ### Validation
 
-Two types of validation are available for the dos protected resource:
+Two types of validation are available for the DoS protected resource:
 
 - *Structural validation*, done by `kubectl` and the Kubernetes API server.
-- *Comprehensive validation*, done by the Ingress Controller.
+- *Comprehensive validation*, done by NGINX Ingress Controller.
 
-#### Structural Validation
+#### Structural validation
 
-The custom resource definition for the dos protected resource includes a structural OpenAPI schema, which describes the type of every field of the resource.
+The custom resource definition for the DoS protected resource includes a structural OpenAPI schema, which describes the type of every field of the resource.
 
 If you try to create (or update) a resource that violates the structural schema -- for example, the resource uses a string value instead of a bool in the `enable` field -- `kubectl` and the Kubernetes API server will reject the resource.
 
 - Example of `kubectl` validation:
 
+    ```shell
+    kubectl apply -f apdos-protected.yaml
     ```
-    $ kubectl apply -f apdos-protected.yaml
+    ```shell
     error: error validating "examples/app-protect-dos/apdos-protected.yaml": error validating data: ValidationError(DosProtectedResource.spec.enable): invalid type for com.f5.appprotectdos.v1beta1.DosProtectedResource.spec.enable: got "string", expected "boolean"; if you choose to ignore these errors, turn validation off with --validate=false
     ```
 
 - Example of Kubernetes API server validation:
 
+    ```shell
+    kubectl apply -f access-control-policy-allow.yaml --validate=false
     ```
-    $ kubectl apply -f access-control-policy-allow.yaml --validate=false
+    ```shell
     The DosProtectedResource "dos-protected" is invalid: spec.enable: Invalid value: "string": spec.enable in body must be of type boolean: "string"
     ```
 
-If a resource passes structural validation, then the Ingress Controller's comprehensive validation runs.
+If a resource passes structural validation, then NGINX Ingress Controller will start comprehensive validation.
 
-#### Comprehensive Validation
+#### Comprehensive validation
 
-The Ingress Controller validates the fields of a dos protected resource. If a resource is invalid, the Ingress Controller will reject it. The resource will continue to exist in the cluster, but the Ingress Controller will ignore it.
+NGINX Ingress Controller validates the fields of a DoS protected resource. If a resource is invalid, NGINX Ingress Controller will reject it. The resource will continue to exist in the cluster, but NGINX Ingress Controller will ignore it.
 
-You can use `kubectl` to check if the Ingress Controller successfully applied a dos protected resource configuration. For our example `dos-protected` dos protected resource, we can run:
+You can use `kubectl` to check if NGINX Ingress Controller successfully applied a DoS protected resource configuration. For our example `dos-protected` DoS protected resource, we can run:
 
+```shell
+kubectl describe dosprotectedresource dos-protected
 ```
-$ kubectl describe dosprotectedresource dos-protected
-. . .
+```shell
 Events:
   Type    Reason          Age                From                      Message
   ----    ------          ----               ----                      -------
@@ -105,17 +112,18 @@ Events:
 
 Note how the events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied.
 
-If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a dos protected resource `dos-protected` with an invalid URI `bad` in the `dosSecurityLog/dosLogDest` field, you will get:
+If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a dos protected resource `dos-protected` with an invalid URI `bad` in the `dosSecurityLog/dosLogDest` field, you will get:
 
+```shell
+kubectl describe policy webapp-policy
 ```
-$ kubectl describe policy webapp-policy
-. . .
+```shell
 Events:
   Type     Reason    Age   From                      Message
   ----     ------    ----  ----                      -------
   Warning  Rejected  2s    nginx-ingress-controller  error validating DosProtectedResource: dos-protected invalid field: dosSecurityLog/dosLogDest err: invalid log destination: bad, must follow format: <ip-address | localhost | dns name>:<port> or stderr
 ```
 
-Note how the events section includes a Warning event with the Rejected reason.
+The events section has Warning event with the rejection error in the message.
 
-**Note**: If you make an existing resource invalid, the Ingress Controller will reject it.
+{{< warning >}} If you invalidate an existing resource, NGINX Ingress Controller will reject it. {{< /warning >}}
@@ -1,6 +1,9 @@
 ---
-title: Building NGINX Ingress Controller with NGINX App Protect DoS
-description: "This document explains how to build an image for NGINX Ingress Controller with the NGINX App Protect DoS from source code."
+docs: DOCS-583
+doctypes:
+- ''
+title: Build NGINX Ingress Controller with NGINX App Protect DoS
+toc: true
 weight: 100
 doctypes: [""]
 toc: true

@@ -1,19 +1,19 @@
 ---
-title: "Troubleshooting with NGINX App Protect DoS"
-description: "This document describes how to troubleshoot problems when using NGINX Ingress Controller and the App Protect DoS module."
-weight: 600
-doctypes: [""]
+docs: DOCS-1456
+doctypes:
+- ''
+title: Troubleshooting NGINX App Protect DoS
 toc: true
-docs: "DOCS-1456"
-aliases:
- - /content/troubleshooting/troubleshooting-with-app-protect-dos
+weight: 400
 ---
 
+This document describes how to troubleshoot problems when using NGINX Ingress Controller and the App Protect DoS module.
+
 To troubleshoot other parts of NGINX Ingress Controller, check the [troubleshooting]({{< relref "troubleshooting/troubleshoot-common" >}}) section of the documentation.
 
 ## Potential Problems
 
-The table below categorizes some potential problems with NGINX Ingress Controller when the App Protect DoS module is enabled. It suggests how to troubleshoot those problems, using one or more methods from the next section.
+The table below outlines potential problems with NGINX Ingress Controller when the App Protect DoS module is enabled. It suggests how to troubleshoot those problems with methods explained in the next section.
 
 {{% table %}}
 |Problem area | Symptom | Troubleshooting method | Common cause |
@@ -22,7 +22,7 @@ The table below categorizes some potential problems with NGINX Ingress Controlle
 |DosProtectedResource, APDosLogConf, APDosPolicy or Ingress Resource. | The configuration is not applied. | Check the events of the DosProtectedResource, APDosLogConf, APDosPolicy and Ingress Resource, check the Ingress Controller logs. | DosProtectedResource, APDosLogConf or APDosPolicy is invalid. |
 {{% /table %}}
 
-## Troubleshooting Methods
+## Troubleshooting ethods
 
 ### Checking NGINX Ingress Controller and App Protect DoS logs