Test Driving F5 NGINX Plus with App Protect

Test Driving F5 NGINX Plus with App Protect

NGINX App Protect is a web application firewall (WAF) designed to safeguard web applications against various threats, including DDoS attacks, SQL injection, cross-site scripting (XSS), and other common web application attacks.

Built on top of the NGINX web server, NGINX App Protect is deployed as a module within the NGINX Plus application delivery platform. It utilizes advanced techniques, including machine learning algorithms, to swiftly detect and block malicious traffic in real-time.

One of the key advantages of NGINX App Protect is its ability to provide comprehensive protection for web applications without compromising performance. It can be deployed on-premises, in the cloud, or in a hybrid environment. Furthermore, it seamlessly integrates with popular DevOps tools and platforms such as Kubernetes, AWS, and Azure.

Part 1 of this 3-part demo is to deploy NGINX Plus. In order to utilize NGINX Plus, the following prerequisites must be met:

  • Possession of an active NGINX Plus subscription. If you don’t already have NGINX Plus, sign up for a 30‑day free trial.
  • Usage of a compatible operating system.
  • Access to the NGINX Plus Customer Portal with valid login credentials.
  • Availability of the NGINX Plus certificate and corresponding public key.

We will be working with Visual Studio Code to run NGINX commands and edit NGINX Plus configuration files. An official guide to installing NGINX on various platforms can be found here.

Within the terminal of VSCode, we will type in the following to confirm we are root.

whoami

Now we will cd to the /root directory to verify the nginx-repo.crt and nginx-repo.key files are present.

cd /root
ls -l

Once that is verified, we are ready to run the installation commands.

mkdir -p /etc/ssl/nginx
cp nginx-repo.* /etc/ssl/nginx
wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key
apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring

wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | sudo tee /usr/share/keyrings/app-protect-security-updates.gpg >/dev/null

printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list

wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx

apt-get update

apt-get install -y nginx-plus

After a few minutes, we can verify the version.

nginx -v

Next we can install the NGINX Plus GeoIP2 Dynamic Module. Please refer to the module documentation for further details:

https://github.com/leev/ngx_http_geoip2_module

apt-get -y install nginx-plus-module-geoip2

Now that the system and module is installed, we can start and verify.

systemctl start nginx
systemctl status nginx

We should now be able to browse the default landing page by navigating to https://NGINX-server/application1/index.html.

Discover more from Determined Network Guy

Subscribe to get the latest posts to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

wpChatIcon

Discover more from Determined Network Guy

Subscribe now to keep reading and get access to the full archive.

Continue reading

Verified by MonsterInsights