From 816d30318d84b35056e81825a34db4c12ccbc102 Mon Sep 17 00:00:00 2001
From: Yehudis Klughaupt <y.klughaupt@f5.com>
Date: Wed, 10 Sep 2025 12:24:15 +0000
Subject: [PATCH 1/2] WAFMC-13048-offline-solution-for-APSignature

---
 content/nap-waf/v5/admin-guide/policy-lifecycle-management.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md b/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
index dcf459466..a1f3f698d 100644
--- a/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
+++ b/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
@@ -285,6 +285,7 @@ kubectl apply -f config/policy-manager/samples/appprotect_v1_apsignatures.yaml
 Downloading security updates may take several minutes. The version of security updates available at the time of compilation is always used to compile policies. If APSignatures is not created or the specified versions are not downloaded, the versions contained in the compiler docker image will be used.
 {{< /call-out >}}
 
+
 ### Creating Policy Resources
 
 Once PLM is deployed, you can create policy resources using Kubernetes manifests. Apply the following Custom Resource examples or create your own based on these templates:

From 9a275664aae92475b4cb0352c45430a37b192b15 Mon Sep 17 00:00:00 2001
From: Yehudis Klughaupt <y.klughaupt@f5.com>
Date: Thu, 11 Sep 2025 05:51:02 +0000
Subject: [PATCH 2/2] fix: doc offline solution for APSignatures

---
 .../v5/admin-guide/policy-lifecycle-management.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md b/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
index a1f3f698d..dfcba2b75 100644
--- a/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
+++ b/content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
@@ -285,6 +285,21 @@ kubectl apply -f config/policy-manager/samples/appprotect_v1_apsignatures.yaml
 Downloading security updates may take several minutes. The version of security updates available at the time of compilation is always used to compile policies. If APSignatures is not created or the specified versions are not downloaded, the versions contained in the compiler docker image will be used.
 {{< /call-out >}}
 
+#### Using Security Update for users who can't use the nginx repo - Offline solution
+
+For users who prefer not to download the security update packages directly from the NGINX repository when using the APSignatures CR, there are two supported options:
+
+**1. Manual Package Placement**
+
+ - Download the required packages.
+ - Place them in the `/mnt/nap5_bundles_pv_data/security_updates_data/` directory.
+ - Ensure the files have `101:101` ownership and permissions.
+
+**2. Custom Compiler Image**
+
+ - Build a Docker image that includes the desired packages.
+ - Use this custom image in place of downloading packages at runtime.
+
 
 ### Creating Policy Resources