The WAF Dilemma
How I lowered false positives with NGINX App Protect without compromising security.
We are always facing the dilemma "Security vs Usability" in the world of security.
This becomes painfully obvious once you start implementing a WAF. I have now implemented a wide range of WAF secur...
Updated Aug 27, 2025
Version 2.0
Nikoolayy1
MVP
MVPThe F5 AWAF/ASM has an option "Do nothing" as shown in https://my.f5.com/manage/s/article/K38690758 (the bd process is used in the two cases so most options should be the same) and I checked https://docs.nginx.com/nginx-app-protect-waf/v4/configuration-guide/configuration/ and the " do-nothing " option seems to be there as well that does not inspect the body. Many use cases and ways to do stuff in Nginx like with F5 BIG-IP and it is great 😀
lnxgeekMVP
MVPHow could I miss that?!?! I have been looking for that specific feature like forever in NAP 😆
It will solve a lot of issues for sure - Thanks!