Skip to content

fix: remove app_protect_enforcer_address from virt config #1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 28, 2025
Merged

fix: remove app_protect_enforcer_address from virt config #1368

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d762d40
fix: remove app_protect_enforcer_address from virt config
mjang Oct 24, 2025
56f1204
Update content/waf/install/virtual-environment.md
mjang Oct 24, 2025
4ac446b
Merge branch 'main' into fix-virt-env
mjang Oct 28, 2025
5548059
Apply suggestions from code review
mjang Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 112 additions & 1 deletion content/waf/install/virtual-environment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,118 @@ sudo apt-get install app-protect

## Update configuration files

{{< include "waf/install-update-configuration.md" >}}
Once you have installed F5 WAF for NGINX, you must load it as a module in the main context of your NGINX configuration.

```nginx
load_module modules/ngx_http_app_protect_module.so;
```

And finally, F5 WAF for NGINX can enabled on a _http_, _server_ or _location_ context:

```nginx
app_protect_enable on;
```

{{< call-out "warning" >}}

You should only enable F5 WAF for NGINX on _proxy_pass_ and _grpc_pass_ locations.

{{< /call-out >}}

Here are two examples of how these additions could look in configuration files:

{{< tabs name="configuration-examples" >}}

{{% tab name="nginx.conf" %}}

The default path for this file is `/etc/nginx/nginx.conf`.

```nginx {hl_lines=[5, 33]}
user nginx;
worker_processes auto;

# F5 WAF for NGINX
load_module modules/ngx_http_app_protect_module.so;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;
}
```

{{% /tab %}}

{{% tab name="default.conf" %}}

The default path for this file is `/etc/nginx/conf.d/default.conf`.

```nginx {hl_lines=[10]}
server {
listen 80;
server_name domain.com;


location / {

# F5 WAF for NGINX
app_protect_enable on;

client_max_body_size 0;
default_type text/html;
proxy_pass http://127.0.0.1:8080/;
}
}

server {
listen 8080;
server_name localhost;


location / {
root /usr/share/nginx/html;
index index.html index.htm;
}

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
```

{{% /tab %}}

{{< /tabs >}}

Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment:

- `nginx -s reload`
- `sudo systemctl reload nginx`

## Post-installation checks

Expand Down