feat: Add NGINX configuration page, change weights

Author: ADubhlaoich

content/waf/configure/apreload.md

@@ -2,7 +2,7 @@
 # We use sentence case and present imperative tone
 title: "Use apreload to update configuration files"
 # Weights are assigned in increments of 100: determines sorting order
-weight: 300
+weight: 200
 # Creates a table of contents and sidebar, useful for large documents
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this

content/waf/configure/compiler.md

@@ -2,7 +2,7 @@
 # We use sentence case and present imperative tone
 title: "Build and use the compiler tool"
 # Weights are assigned in increments of 100: determines sorting order
-weight: 400
+weight: 300
 # Creates a table of contents and sidebar, useful for large documents
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this

content/waf/configure/converters.md

@@ -2,7 +2,7 @@
 # We use sentence case and present imperative tone
 title: "Build and use the converter tools"
 # Weights are assigned in increments of 100: determines sorting order
-weight: 500
+weight: 400
 # Creates a table of contents and sidebar, useful for large documents
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
@@ -316,7 +316,7 @@ docker run -v `pwd`:`pwd` -w `pwd` --entrypoint /opt/app_protect/bin/convert-sig
 
 The Attack Signature Report tool scans the system for attack signatures, then generates a JSON report file with information about these signatures.
 
-This tool can be deployed and used independently from a F5 WAF for NGINX deployment using the [compiler image]({{< ref "/waf/configure/compiler.md" >}}) to generate a report about the default signatures included with F5 WAF, or the signatures included in [an update package]({{< ref "/waf/signatures/">}}).
+This tool can be deployed and used independently from a F5 WAF for NGINX deployment using the [compiler image]({{< ref "/waf/configure/compiler.md" >}}) to generate a report about the default signatures included with F5 WAF, or the signatures included in [an update package]().
 
 The latter case is possible on a standalone compiler deployment by comparing a report from before a signature update and a report from after the signature update.
 

content/waf/configure/nginx-features.md

@@ -0,0 +1,192 @@
+---
+# We use sentence case and present imperative tone
+title: "Configure NGINX features with F5 WAF"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: reference
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NAP-WAF
+---
+
+This document shows example of how to modify your NGINX configuration to enable F5 WAF for NGINX features. 
+
+It is intended as a reference for, small self-contained examples of how F5 WAF for NGINX is configured. 
+
+Certain features do not work well with F5 NGINX, such as modules requiring _subrequest_ when calling or being called from a scope that contains `app_protect_enable on`.
+
+Modules requiring the _Range_ header (Such as _Slice_) are also unsupported in a scope which enables F5 WAF for NGINX.
+
+The examples below show work arounds for the limitations of these features.
+
+For information on configuring NGINX, you should view the [NGINX documentation]({{< ref "/nginx/" >}}).
+
+## Static location
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+
+http {
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        location / {
+            app_protect_enable on;
+            proxy_pass    http://127.0.0.1:8080/proxy/$request_uri;
+        }
+
+        location /proxy {
+            default_type text/html;
+            return 200 "Hello! I got your URI request - $request_uri\n";
+        }
+    }
+}
+```
+
+## Ranges
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+
+http {
+
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        location / {
+            app_protect_enable on;
+            proxy_pass    http://127.0.0.1:8081$request_uri;
+        }
+    }
+
+    server {
+        listen       127.0.0.1:8081;
+        server_name  localhost;
+
+        location / {
+            proxy_pass http://1.2.3.4$request_uri;
+            proxy_force_ranges on;
+        }
+    }
+}
+```
+
+## Slice
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+
+http {
+    server {
+        listen 127.0.0.1:8080;
+        server_name localhost;
+
+        location / {
+            app_protect_enable on;
+            proxy_pass http://127.0.0.1:8081$request_uri;
+        }
+    }
+
+    server {
+        listen 127.0.0.1:8081;
+        server_name localhost;
+
+        location / {
+            proxy_pass http://1.2.3.4$request_uri;
+            slice 2;
+            proxy_set_header Range $slice_range;
+        }
+    }
+}
+```
+
+## Mirror
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+
+http {
+    log_format test $uri;
+
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        location / {
+            app_protect_enable on;
+            mirror /mirror;
+        }
+
+        location /mirror {
+            log_subrequest on;
+            access_log test$args.log test;
+        }
+    }
+}
+```
+
+## njs
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+load_module modules/ngx_http_js_module.so;
+
+http {
+    js_include service.js
+
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        location / {
+            app_protect_enable on;
+            proxy_pass    http://127.0.0.1:8081$request_uri;
+        }
+    }
+
+    server {
+        listen       127.0.0.1:8081;
+        server_name  localhost;
+
+        location / {
+            js_content foo;
+        }
+    }
+}
+```
+
+## Client authorization
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+
+http {
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        location / {
+            auth_request /scan;
+            proxy_pass http://localhost:8888;
+        }
+        location /scan {
+            proxy_pass http://localhost:8081$request_uri;
+       }
+    }
+
+    server {
+        listen       127.0.0.1:8081;
+        server_name  localhost;
+
+        location /scan {
+            app_protect_enable on;
+            proxy_pass http://localhost:8888;
+        }
+    }
+}
+```

content/waf/configure/secure-mtls.md

@@ -2,7 +2,7 @@
 # We use sentence case and present imperative tone
 title: "Secure traffic using mTLS"
 # Weights are assigned in increments of 100: determines sorting order
-weight: 200
+weight: 500
 # Creates a table of contents and sidebar, useful for large documents
 toc: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
@@ -12,7 +12,7 @@ nd-content-type: how-to
 nd-product: NAP-WAF
 ---
 
-This topic describes how to secure traffic between NGINX and the F5 WAF enforcer using mTLS.
+This document describes how to secure traffic between NGINX and the F5 WAF enforcer using mTLS.
 
 It explains how to generate the necessary certificates, then update configuration files to use them.
 

content/waf/install/attacks.md

@@ -5,6 +5,7 @@ title: "Update F5 WAF for NGINX attack signatures"
 weight: 100
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
+draft: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
 # Intended for internal catalogue and search, case sensitive:

content/waf/install/bots.md

@@ -5,6 +5,7 @@ title: "Update F5 WAF for NGINX bot signatures"
 weight: 300
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
+draft: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
 # Intended for internal catalogue and search, case sensitive:

content/waf/install/threat-campaigns.md

@@ -5,6 +5,7 @@ title: "Update F5 WAF for NGINX threat campaign signatures"
 weight: 200
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
+draft: true
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
 # Intended for internal catalogue and search, case sensitive: