Protecting NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945 with ASM

This is more a question for F5 support not Devcentral forum to be honest.

Still nginx should in theory as even if the waf module happens after the rewrite module you should be able to first process the traffic with server 1 (with appprotect WAF on nginx) then forward it to server 2  with proxy_pass http://127.0.0.1:8081; for example. On F5 they are called events but on nginx phases (request processing phases) and from what I googled the rewrite could be before the WAF but with 2 servers (external with WAF and Internal with rewrite) this could be workaround but support can confirm.

"Internal" location option will protect so that the second location is not processed directly.

https://nginx.org/en/docs/http/ngx_http_core_module.html

Also custom signatures can be written but support will give an answer if a custom signature is needed.

https://docs.nginx.com/waf/policies/user-signatures/