Web Server Load Balancing with NGINX Plus

Why NGINX App Protect WAF?

What do application and API attacks, downtime, and deployment velocity have in common? The answer: they all can have a dramatic effect on the bottom line – and they all drive the need for an app‑centric security solution built for modern apps and how they’re developed.

NGINX App Protect WAF leverages the proven and trusted power of F5 security controls to protect apps and APIs against the latest, most advanced attacks and data exfiltration methods. Avoid regulatory non‑compliance and mitigate loss of reputation and revenue with high‑performance, scalable security deployed close to applications – wherever they’re deployed.

What makes NGINX App Protect WAF unique is its flexible software form factor, its seamless integration with the NGINX platform, and its ability to help teams “shift security left” into the development process – meaning applications, APIs, and microservices get rapid, powerful threat defense that’s as agile as the DevOps teams building them.

Learn more about key benefits of NGINX App Protect WAF:

Strong, App‑Centric Security

Defend apps and APIs against common and advanced threats:

  • Get security beyond basic signatures and attack vectors
  • Keep apps high‑performance and secure with security controls compiled into bytecode
  • Leverage security controls ported directly from F5 Advanced WAF
  • Deploy in blocking mode, confident that signature detection can be trusted, and with few false positives
  • Avoid negative impacts to reputation and revenue

Alignment with Modern App Architecture

NGINX App Protect WAF can be deployed in multiple locations in modern app environment
Secure apps and APIs wherever and however they’re deployed:

  • Build consistent app security controls for web apps, containers, microservices, and APIs
  • Reduce complexity and tool sprawl via seamless integration with the NGINX platform
  • Support modern app deployment topologies – from load balancing to per‑pod proxies
  • Run open source software securely with confidence

Centralized Control and Visibility

Unify security operations with NGINX Controller App Security:

  • Deploy NGINX App Protect WAF in an app‑centric and self‑service manner
  • Get holistic visibility into WAF deployments from a single source of truth
  • Leverage existing WAF policies from F5 Advanced WAF or BIG-IP ASM
  • Abstract away complexity with a simple, intuitive management tool
  • Bridge the divide between SecOps and DevOps

CI/CD Integration

Get application security that’s as agile as the development process:

  • Enable security to keep pace with development
  • Deploy security rapidly with a platform‑agnostic, lightweight software package
  • Use declarative policies that facilitate “security as code”
  • Let developers focus on innovation with security that’s baked into the dev process
  • Automate security with open API endpoints and CI/CD tools integration

Technical Specifications


  • Docker
  • Kubernetes
  • Red Hat OpenShift Container Platform


  • x86

Operating Systems

  • Alpine Linux
  • CentOS
  • Debian
  • Red Hat Enterprise Linux
  • Ubuntu

Cloud Platforms

  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure