Web Server Load Balancing with NGINX Plus

Why NGINX App Protect WAF?

What do application and API attacks, downtime, and deployment velocity have in common? The answer: they all can have a dramatic effect on the bottom line – and they all drive the need for an app‑centric security solution built for modern apps and how they’re developed.

NGINX App Protect WAF leverages the proven and trusted power of F5 security controls to protect apps and APIs against the latest, most advanced attacks and data exfiltration methods. Avoid regulatory non‑compliance and mitigate loss of reputation and revenue with high‑performance, scalable security deployed close to applications – wherever they’re deployed.

What makes NGINX App Protect WAF unique is its flexible software form factor, its seamless integration with the NGINX platform, and its ability to help teams “shift security left” into the development process – meaning applications, APIs, and microservices get rapid, powerful threat defense that’s as agile as the DevOps teams building them.

Learn more about key benefits of NGINX App Protect WAF:

Strong, App‑Centric Security

Defend apps and APIs against common and advanced threats:

  • Get security beyond basic signatures and attack vectors
  • Keep apps high‑performance and secure with security controls compiled into bytecode
  • Leverage security controls ported directly from F5 Advanced WAF
  • Deploy in blocking mode, confident that signature detection can be trusted, and with few false positives
  • Avoid negative impacts to reputation and revenue

Alignment with Modern App Architecture

NGINX App Protect WAF can be deployed in multiple locations in modern app environment
Secure apps and APIs wherever and however they’re deployed:

  • Build consistent app security controls for web apps, containers, microservices, and APIs
  • Reduce complexity and tool sprawl via seamless integration with the NGINX platform
  • Support modern app deployment topologies – from load balancing to per‑pod proxies
  • Run open source software securely with confidence

Centralized Control and Visibility

Unify security operations with NGINX Controller App Security:

  • Deploy NGINX App Protect WAF in an app‑centric and self‑service manner
  • Get holistic visibility into WAF deployments from a single source of truth
  • Leverage existing WAF policies from F5 Advanced WAF or BIG-IP ASM
  • Abstract away complexity with a simple, intuitive management tool
  • Bridge the divide between SecOps and DevOps

CI/CD Integration

Get application security that’s as agile as the development process:

  • Enable security to keep pace with development
  • Deploy security rapidly with a platform‑agnostic, lightweight software package
  • Use declarative policies that facilitate “security as code”
  • Let developers focus on innovation with security that’s baked into the dev process
  • Automate security with open API endpoints and CI/CD tools integration

Technical Specifications


  • Docker
  • Kubernetes
  • Red Hat OpenShift Container Platform


  • x86

Operating Systems

  • Alpine Linux
  • CentOS
  • Debian
  • Red Hat Enterprise Linux
  • Ubuntu

Cloud Platforms

  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure
woman typing at desk computer

Visit NGINX Docs For Full Technical Specifications

Modern app security solution that works seamlessly in DevOps environments.

NGINX App Protect WAF

Learn More About NGINX App Protect

NGINX App Protect


NGINX App Protect

NGINX App Protect combines the proven effectiveness of F5’s advanced WAF technology with the agility and performance of NGINX. It runs natively on NGINX Plus to address the security...

Application Security with NGINX

NGINX Webinars

Application Security with NGINX

Join this webinar to learn how easy it is to leverage NGINX security solutions to protect your applications.

Web Application Security


Web Application Security

Available compliments of NGINX, this O’Reilly Media eBook features practical security tips and advice that your development and security teams can use right away.