Merge branch 'main' into revamp-spec-summary-table

Author: mjang

content/includes/waf/table-policy-features.md

@@ -13,17 +13,17 @@
 | [Deny and Allow IP lists]({{< ref "/waf/policies/deny-allow-ip.md" >}}) | Manually define denied & allowed IP addresses as well as IP addresses to never log. |
 | [Disallowed file type extensions]({{< ref "/waf/policies/disallowed-extensions.md" >}}) | Support any file type, and includes a predefined list of file types by default |
 | [Evasion techniques]({{< ref "/waf/policies/evasion-techniques.md" >}}) | All evasion techniques are enabled by default, and can be disabled individually. These include directory traversal, bad escaped characters and more. |
-| [Geolocation]({{< ref "/waf/policies/geolocation.md" >}}) | | 
-| [GraphQL protection]({{< ref "/waf/policies/graphql-protection.md" >}}) | | 
+| [Geolocation]({{< ref "/waf/policies/geolocation.md" >}}) | The geolocation feature allows you to configure enforcement based on the location of an object using the two-letter ISO code representing a country. | 
+| [GraphQL protection]({{< ref "/waf/policies/graphql-protection.md" >}}) | GraphQL protection allows you to configure enforcement for GraphQL, an API query language. | 
 | [gRPC protection]({{< ref "/waf/policies/evasion-techniques.md" >}}) | gRPC protection detects malformed content, parses well-formed content, and extracts the text fields for detecting attack signatures and disallowed meta-characters. In addition, it enforces size restrictions and prohibition of unknown fields. The Interface Definition Language (IDL) files for the gRPC API must be attached to the profile. gRPC protection is available for unary or bidirectional traffic. |
 | [HTTP compliance]({{< ref "/waf/policies/http-compliance.md" >}}) | All HTTP protocol compliance checks are enabled by default except for GET with body and POST without body. It is possible to enable any of these two. Some of the checks enabled by default can be disabled, but others, such as bad HTTP version and null in request are performed by the NGINX parser and NGINX App Protect WAF only reports them. These checks cannot be disabled. |
 | [IP address lists]({{< ref "/waf/policies/ip-address-lists.md" >}}) | Organize lists of allowed and forbidden IP addresses across several lists with common attributes. |
 | [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) | Configure the IP Intelligence feature to customize enforcement based on the source IP of the request, limiting access from IP addresses with questionable reputation. |
-| [JWT protection]({{< ref "/waf/policies/jwt-protection.md" >}}) | | 
+| [JWT protection]({{< ref "/waf/policies/jwt-protection.md" >}}) | JWT protection allows you to configure policies based on properties of JSON web tokens, such as their header and signature properties. | 
 | [Server technology signatures]({{< ref "/waf/policies/server-technology-signatures.md" >}}) | Support adding signatures per added server technology. |
 | [Time-based signature staging]({{< ref "/waf/policies/time-based-signature-staging.md" >}}) | Time-based signature staging allows you to stage signatures for a specific period of time. During the staging period, violations of staged signatures are logged but not enforced. After the staging period ends, violations of staged signatures are enforced according to the policy's enforcement mode. |
 | [Threat campaigns]({{< ref "/waf/policies/threat-campaigns.md" >}}) | These are patterns that detect all the known attack campaigns. They are very accurate and have almost no false positives, but are very specific and do not detect malicious traffic that is not part of those campaigns. The default policy enables threat campaigns but it is possible to disable it through the respective violation. |
 | [User-defined HTTP headers]({{< ref "/waf/policies/user-headers.md" >}}) | Handling headers as a special part of requests |
 | [XFF trusted headers]({{< ref "/waf/policies/xff-headers.md" >}}) | Disabled by default, and can accept an optional list of custom XFF headers. |
-| [XML and JSON content]({{< ref "/waf/policies/xml-json-content.md" >}}) | XML content and JSON content detect malformed content and detects signatures in the element values. Default policy checks maximum structure depth. It is possible to enable more size restrictions: maximum total length of XML/JSON data, maximum number of elements are more. |
-{{< /table >}}
+| [XML and JSON content]({{< ref "/waf/policies/xml-json-content.md" >}}) | XML content and JSON content profiles detect malformed content and signatures in the element values. Default policy checks maximum structure depth. It is possible to enable more size restrictions: maximum total length of XML/JSON data, maximum number of elements and more. |
+{{< /table >}}

content/nginx-one/agent/configure-instances/configure-agent-features.md

@@ -0,0 +1,96 @@
+---
+title: Review and configure features
+weight: 350
+toc: true
+nd-docs: DOCS-000
+nd-content-type: how-to
+---
+
+## Overview
+
+This guide describes the F5 NGINX Agent features, and how to enable and disable them using the NGINX Agent configuration file, CLI flags, environment variables, and gRPC updates.
+
+## Before you begin
+
+Before you start, make sure that you have:
+
+- [NGINX Agent installed]({{< ref "/nginx-one/agent/install-upgrade/" >}}) in your system.
+- Access to the NGINX Agent configuration file, CLI, or container environment.
+
+## Features
+
+The following table lists the NGINX Agent features:
+
+{{< table "features" >}}
+| Feature Name        | Description                                                                 | Default |
+| ------------------- | --------------------------------------------------------------------------- | ------- |
+| configuration       | Full read/write management of configurations, controlled by DataPlaneConfig ConfigMode. | On      |
+| certificates        | Inclusion of public keys and other certificates in the configurations toggled by DataPlaneConfig CertMode                 | Off     |
+| file-watcher        | Monitoring of file changes in the allowed directories list and references from product configs.             | On      |
+| metrics             | Full metrics reporting.                                                      | On      |
+| > metrics-host      | Host-level metrics (cpu, disk, load, fs, memory, network, paging).           | On      |
+| > metrics-container | Container-level metrics from cgroup information.                             | On      |
+| > metrics-instance  | OSS and Plus metrics depending on NGINX instance.                            | On      |
+| logs                | Collection and reporting of NGINX error logs.                                | Off     |
+| > logs-nap          | F5 WAF for NGINX logs.                                                       | Off     |
+{{< /table >}}
+
+## Configuration sources
+
+You can enable or disable features using several configuration sources:
+
+### CLI parameters
+
+Enable features at launch:
+
+   ```shell
+   ./nginx-agent --features=configuration,metrics,file-watcher
+   ```
+
+### Environment variables
+
+Use environment variables for containerized deployments:
+
+   ```shell
+   export NGINX_AGENT_FEATURES="configuration,metrics,file-watcher"
+   ```
+
+### Configuration file
+
+Define features in the `nginx-agent.conf` file:
+
+   ```yaml
+   features:
+   - configuration
+   - metrics
+   - file-watcher
+   ```
+
+## Use cases
+
+### Enable metrics only
+
+1. Access the NGINX instance: Connect using SSH to the VM or server where NGINX Agent is running.
+
+   `ssh user@your-nginx-instance`
+
+1. Open the NGINX Agent configuration file in a text editor.
+
+   `sudo vim /etc/nginx-agent/nginx-agent.conf`
+
+1. Add the features section: Add the following to the end of the configuration file if it doesn't already exist.
+
+   ```yaml
+   features:
+   - metrics
+   - metrics-host
+   - metrics-container
+   - metrics-instance
+   ```
+
+1. Restart the NGINX Agent service to apply the changes.
+
+   `sudo systemctl restart nginx-agent`
+
+Once the steps have been completed, users will be able to view metrics data being sent but will not have the capability to push NGINX configuration changes.
+

content/nginx-one/changelog.md

@@ -30,6 +30,13 @@ h2 {
 
 Stay up-to-date with what's new and improved in the F5 NGINX One Console.
 
+## October 2, 2025
+
+### You can now set up config templates
+
+- Start with how you can [Author templates]({{< ref "/nginx-one/nginx-configs/config-templates/author-templates.md" >}})
+- Automate with our **experimental** endpoints for [NGINX One Console templates]({{< ref "/nginx-one/api/api-reference-guide/#tag/Templates" >}})
+
 ## September 16, 2025
 
 ### IPv6 endpoints for NGINX Agent and NGINX Plus usage reporting

content/nginx-one/nginx-configs/config-templates/_index.md

@@ -0,0 +1,6 @@
+---
+description:
+title: Manage config templates
+weight: 400
+url: /nginx-one/nginx-configs/config-templates
+---