Skip to content

Last minute changes for IP intelligence #722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Parent: NGINX App Protect 5.7 / 4.15 Release
merged 7 commits into from
Jun 23, 2025
Merged

Last minute changes for IP intelligence #722

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
97e8255
fix: last minute changes
mouraddmeiri Jun 22, 2025
7165db0
fix: additional changes
mouraddmeiri Jun 22, 2025
9f474b6
fix: revert couple of changes
mouraddmeiri Jun 22, 2025
b5d167d
Update ip-intelligence-conf.md
ohad-perets Jun 22, 2025
820bfd5
Update install.md
ohad-perets Jun 22, 2025
55cd165
Update install.md
ohad-perets Jun 22, 2025
a25991f
Merge branch 'nap-release-5.7' into ip-intelligence
ADubhlaoich Jun 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions content/includes/nap-waf/config/common/ip-intelligence-conf.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@



As of NAP version 4.15.0 (for NAP V4 deployments), and NAP version 5.7.0 (for NAP V5 deployments), NGINX App Protect WAF includes a new feature named IP Intelligence. This features allows customizing the enforcement based on the source IP of the request to limit access from IP addresses with questionable reputation. Please note that:
- The IP intelligence feature is **disabled** by default and needs to be explicitly enabled and configured in the policy.
- The package `app-protect-ip-intelligence` must be installed (for NAP V4 deployments), or the IP Intelligence image deployed (for NAP V5 deployments), before configuring and using the feature. This package installs the client that downloads and updates the database required for enforcing IP Intelligence.
NGINX App Protect WAF supports IP Intelligence feature, which allows customizing the enforcement based on the source IP of the request to limit access from IP addresses with questionable reputation. Please note that:
- The IP intelligence feature is **disabled** by default and needs to be installed, enabled and configured within the policy.
- To review the installation steps, please refer to the administration guide([V4]({{< ref "/nap-waf/v4/admin-guide/install.md#Prerequisites" >}})[V5]({{< ref "/nap-waf/v5/admin-guide/install.md#Prerequisites" >}})

After installing the package or image, enable the feature in the following two places in the policy:
1. By enabling the corresponding violation in the violation list: `"name": "VIOL_MALICIOUS_IP"` and assigning the appropriate `block` and `alarm` values to the violation.

2. By enabling the featue in the corresponding IP Intelligence JSON section: `"ip-intelligence": {"enabled": true}` and define actions for the IP Intelligence categories listed below.
2. By enabling the feature in the corresponding IP Intelligence JSON section: `"ip-intelligence": {"enabled": true}` and defining actions for the IP Intelligence categories listed below.

An example policy where both elements are enabled, and all the IP intelligence categories are configured to `block` and `alarm` can be found here:

Expand Down
Loading