diff --git a/content/includes/nginxaas-google/logging-config-security-logs.md b/content/includes/nginxaas-google/logging-config-security-logs.md new file mode 100644 index 000000000..783bafb38 --- /dev/null +++ b/content/includes/nginxaas-google/logging-config-security-logs.md @@ -0,0 +1,17 @@ +--- +f5-product: NGOOGL +f5-files: +- content/nginxaas-google/monitoring/enable-nginx-logs.md +--- + +You can enable security logs by adding **app_protect_security_log** directives to your NGINX configuration to specify the location of the logs and logging formats. The log path should always be configured under **/var/log/app_protect**. + +```nginx +app_protect_security_log_enable on; +app_protect_security_log log_default /var/log/app_protect/security.log; +``` + +NGINXaaS does not support custom logging profiles and is limited to the [default logging profiles]({{< ref "/waf/logging/logs-overview.md#default-logging-profile-bundles" >}}). + +{{< call-out "warning" >}}WAF logs should always be stored under the **/var/log/app_protect** directory. You may lose logging data if you choose any other log paths. +{{< /call-out >}} diff --git a/content/nginxaas-google/changelog.md b/content/nginxaas-google/changelog.md index 7142641ba..2e038d254 100644 --- a/content/nginxaas-google/changelog.md +++ b/content/nginxaas-google/changelog.md @@ -12,6 +12,15 @@ Learn about the latest updates, new features, and resolved bugs in F5 NGINXaaS f To see a list of currently active issues, visit the [Known issues]({{< ref "/nginxaas-google/known-issues.md" >}}) page. + +## May 15, 2026 + +- {{% icon-feature %}} **NGINXaaS for Google now supports F5 WAF for NGINX (Preview)** + +You can now deploy NGINXaaS with [F5 WAF for NGINX]({{< ref "/waf" >}}); an advanced high-performance web application firewall (WAF) to provide protection from OWASP Top 10 web application security risks. + +**Note:** This feature is currently in Preview and free to use during the preview period. Custom security policies and custom logging profiles are not yet supported. + ## April 16, 2026 - {{% icon-feature %}} **NGINXaaS for Google now supports Managed Public Endpoint deployments (Preview)** diff --git a/content/nginxaas-google/getting-started/create-deployment/deploy-console.md b/content/nginxaas-google/getting-started/create-deployment/deploy-console.md index 27032206e..684c70c21 100644 --- a/content/nginxaas-google/getting-started/create-deployment/deploy-console.md +++ b/content/nginxaas-google/getting-started/create-deployment/deploy-console.md @@ -60,6 +60,7 @@ Next, create a new NGINXaaS deployment using the NGINXaaS Console: - Add an optional description for your deployment. - Change the **NCU Capacity** if needed. - The default value of `20 NCU` should be adequate for most scenarios. + - Enable **WAF** if you want [F5 WAF for NGINX]({{< ref "/waf" >}}) enabled for your deployment. - In the Apply Configuration section, select an NGINX configuration [you created earlier](#create-or-import-an-nginx-configuration) from the **Choose Configuration** list. - Select a **Configuration Version** from the list. - In the Cloud Details section, enter the network attachment ID that [you created earlier](#create-a-network-attachment) or select it in the **Network attachment** list. @@ -78,7 +79,7 @@ In the NGINXaaS Console, 1. To open the details of your deployment, select its name from the list of deployments. - You can view the details of your deployment, including the status, region, network attachment, NGINX configuration, and more. -1. Select **Edit** to modify the deployment description, and NCU Capacity. +1. Select **Edit** to modify the deployment description, NCU Capacity, and WAF enablement. - You can also configure monitoring from here. Detailed instructions can be found in [Enable Monitoring]({{< ref "/nginxaas-google/monitoring/enable-monitoring.md" >}}) 1. Select **Update** to save your changes. 1. Select the Configuration tab to view the current NGINX configuration associated with the deployment. diff --git a/content/nginxaas-google/getting-started/nginx-configuration/overview.md b/content/nginxaas-google/getting-started/nginx-configuration/overview.md index 4a0af4d11..e16b61d5e 100644 --- a/content/nginxaas-google/getting-started/nginx-configuration/overview.md +++ b/content/nginxaas-google/getting-started/nginx-configuration/overview.md @@ -78,7 +78,9 @@ For connection and request rate limiting, consider using these NGINX modules: ## Configuration directives list -NGINXaaS supports a limited set of NGINX directives. +NGINXaaS supports a limited set of NGINX directives. The directives with the "app_protect" prefix require [F5 WAF for NGINX]({{< ref "/waf" >}}) to be enabled for the deployment. + +NGINXaaS does not yet support F5 WAF for NGINX custom security policies or logging profiles. Support is limited to the [prebuilt policies]({{< ref "/waf/policies/configuration.md#default-policy" >}}) and the [default logging profiles]({{< ref "/waf/logging/logs-overview.md#default-logging-profile-bundles" >}}). {{< details summary="Alphabetical index of directives">}} @@ -99,6 +101,19 @@ NGINXaaS supports a limited set of NGINX directives. [allow (ngx_stream_access_module)](https://nginx.org/en/docs/stream/ngx_stream_access_module.html#allow)\ [ancient_browser](https://nginx.org/en/docs/http/ngx_http_browser_module.html#ancient_browser)\ [ancient_browser_value](https://nginx.org/en/docs/http/ngx_http_browser_module.html#ancient_browser_value)\ +[app_protect_compressed_requests_action]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_compressed_requests_action" >}})\ +[app_protect_cookie_seed]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_cookie_seed" >}})\ +[app_protect_cpu_thresholds]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_cpu_thresholds" >}})\ +[app_protect_custom_log_attribute]({{< ref "/waf/policies/directives/#f5-waf-for-nginx-directives:~:text=app_protect_custom_log_attribute" >}})\ +[app_protect_enable]({{< ref "/waf/policies/directives/#f5-waf-for-nginx-directives:~:text=modules/ngx_http_app_protect_module.so-,app_protect_enable" >}})\ +[app_protect_failure_mode_action]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_failure_mode_action" >}})\ +[app_protect_physical_memory_util_thresholds]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_physical_memory_util_thresholds" >}})\ +[app_protect_policy_file](<{{< ref "/waf/policies/directives/#f5-waf-for-nginx-directives:~:text=app_protect_enable%20on-%2Capp_protect_policy_file" >}}>)\ +[app_protect_reconnect_period_seconds]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_reconnect_period_seconds" >}})\ +[app_protect_request_buffer_overflow_action]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_request_buffer_overflow_action" >}})\ +[app_protect_security_log]({{< ref "/waf/policies/directives/#f5-waf-for-nginx-directives:~:text=app_protect_security_log" >}})\ +[app_protect_security_log_enable]({{< ref "/waf/policies/directives/#f5-waf-for-nginx-directives:~:text=app_protect_security_log_enable" >}})\ +[app_protect_user_defined_signatures]({{< ref "/waf/policies/directives/#global-directives:~:text=app_protect_user_defined_signatures" >}})\ [auth_basic](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html#auth_basic)\ [auth_basic_user_file](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html#auth_basic_user_file)\ [auth_delay](https://nginx.org/en/docs/http/ngx_http_core_module.html#auth_delay)\ diff --git a/content/nginxaas-google/monitoring/enable-nginx-logs.md b/content/nginxaas-google/monitoring/enable-nginx-logs.md index 618f9ff37..dec5a8162 100644 --- a/content/nginxaas-google/monitoring/enable-nginx-logs.md +++ b/content/nginxaas-google/monitoring/enable-nginx-logs.md @@ -8,7 +8,7 @@ f5-content-type: how-to f5-product: NGOOGL --- -F5 NGINXaaS for Google (NGINXaaS) supports integrating with Google Cloud services to collect NGINX error and access logs. +F5 NGINXaaS for Google (NGINXaaS) supports integrating with Google Cloud services to collect NGINX error and access logs, and F5 WAF for NGINX security logs. ## Prerequisites @@ -24,6 +24,10 @@ F5 NGINXaaS for Google (NGINXaaS) supports integrating with Google Cloud service {{< include "/nginxaas-google/logging-config-access-logs.md" >}} +## Setting up F5 WAF for NGINX security logs + +{{< include "/nginxaas-google/logging-config-security-logs.md" >}} + ## Export NGINX logs to a Google Cloud Project To enable sending logs to your desired Google Cloud project, you must specify the project ID when creating or updating a deployment. To create a deployment, see [our documentation on creating an NGINXaaS deployment]({{< ref "/nginxaas-google/getting-started/create-deployment/" >}}) for a step-by-step guide. To update the deployment, in the NGINXaaS console,