Introducing F5 WAF for NGINX with Intuitive GUI in NGINX One Console and NGINX Instance Manager

F5 WAF for NGINX (formerly NGINX App Protect WAF) now has an intuitive, GUI-based policy management experience within NGINX One Console and NGINX Instance Manager. It’s easier than ever to streamline security operations and reduce false positives and false negatives.

 

Important Changes!

This product release unites the latest version of F5 WAF for NGINX with NGINX One Console and NGINX Instance Manager to deliver major enhancements empowering SecOps teams.

 

New and enhanced capabilities for F5 WAF for NGINX users include:

A GUI for WAF Policy Management

A modern, wizard-driven UI debuts in NGINX One Console and NGINX Instance Manager, for F5 WAF for NGINX. The initial phases of the new UI focus on foundational tasks for SecOps workflows, which will be followed by subsequent phases supporting additional advanced capabilities to mitigate false positives and false negatives. The current release delivers GUI based attack mitigation workflows that provide:

1. Enabling or disabling signature sets for fast but broad categories of attacks
2. Enabling or disabling signatures for a specific attack type
3. Enabling or disabling signatures and defining actions for a specific user-defined URL, cookie, or parameter

 

A New Name

NGINX App Protect is now F5 WAF for NGINX and F5 DoS for NGINX. This is the first product rename to align with F5’s unified platform, enabling security for any app and API, anywhere. Any prior or historical articles, blogs, and other materials will remain unchanged. While the name has changed, all product functionality, code, and configurations remain intact, ensuring a seamless experience for customers.

Only branding changes – from NGINX App Protect to F5 WAF for NGINX – have been made to documentation and materials to ensure that no breaking changes have been implemented. Existing workflows remain fully compatible.

Upgrading also remains seamless. Users may move from v4.x (e.g. v4.16) to F5 WAF for NGINX v5.9, just as in prior version upgrades.

 

Version Alignment

Both packaged and containerized versions of F5 WAF for NGINX now share a single version label for this release: v5.9. This eliminates confusion, simplifies deployments, and ensures consistency across form factors. Additional information is available in the F5 WAF for NGINX 5.9 release notes.

 

Documentation Update

F5 WAF for NGINX and F5 DoS for NGINX now feature a completely redesigned documentation experience. Monolithic configuration pages have been replaced with streamlined, logically organized sections, making content easier to navigate, consume, and contribute for faster adoption and collaboration. For more details, refer to the F5 WAF for NGINX docs.

 

Operations Simplification in Kubernetes (EA)

This is an ‘Early Availability’ feature for limited customers in the F5 WAF for NGINX v5.9 release for NGINX Plus. This capability removes the need for custom policy compilation workflows. Users can now update policies directly – fully Kubernetes-native with support for JSON, YAML, and Bundle formats, streamlining security operations for modern environments. In future releases, this capability will also extend to NGINX Ingress Controller. For more details, refer to the NGINX docs.

Please note that F5 WAF for NGINX v5.9 is a standard release, and upgrading to this version is at the customer’s option.

Also, signature updates will continue for NGINX App Protect WAF v4.x customers under the current policy.

 

GUI Eases Implementing Best Practices for WAF Workflows

Start in Detection Mode

Deploy signature sets in Transparent mode initially to analyze traffic patterns without blocking legitimate requests. This approach allows teams to identify false positives before switching to Block mode.

 

Granular Exception Strategy

Rather than broad exclusions that weaken security, implement targeted exceptions that address specific false positive scenarios while maintaining protection elsewhere.

 

Continuous Monitoring and Adjustment

Security teams should regularly review WAF logs to identify new false-positive patterns and adjust signature sets accordingly. WAF signatures are updated regularly, requiring ongoing tuning.

1. Enable or disable signature sets for fast but broad categories of attacks.
2. Enabling or disabling signatures for a specific attack type
3. Enabling or disabling signatures and defining actions for a specific user-defined URL, cookie, or parameter

The key to effective WAF deployment lies in precise tuning through signature sets and targeted exceptions, ensuring robust protection without disrupting business operations.

 

Releases

F5 WAF for NGINX v5.9 (formerly NGINX App Protect WAF) released in September 2025. The complete changelog details are here.

F5 DoS for NGINX (formerly NGINX App Protect DoS) documentation update is here. There has been no new release of this package.

NGINX One Console, with the GUI supporting the new workflows, will be released in early October 2025. Find all the latest additions to the NGINX One Console in the changelog here.

NGINX Instance Manager with the GUI supporting the new workflows will be coming soon (November 2025).