Test Driving F5 NGINX Plus with App Protect
Test Driving F5 NGINX Plus with App Protect
NGINX App Protect is a web application firewall (WAF) designed to safeguard web applications against various threats, including DDoS attacks, SQL injection, cross-site scripting (XSS), and other common web application attacks.
Built on top of the NGINX web server, NGINX App Protect is deployed as a module within the NGINX Plus application delivery platform. It utilizes advanced techniques, including machine learning algorithms, to swiftly detect and block malicious traffic in real-time.
One of the key advantages of NGINX App Protect is its ability to provide comprehensive protection for web applications without compromising performance. It can be deployed on-premises, in the cloud, or in a hybrid environment. Furthermore, it seamlessly integrates with popular DevOps tools and platforms such as Kubernetes, AWS, and Azure.
Part 1 of this 3-part demo is to deploy NGINX Plus. In order to utilize NGINX Plus, the following prerequisites must be met:
- Possession of an active NGINX Plus subscription. If you don’t already have NGINX Plus, sign up for a 30‑day free trial.
- Usage of a compatible operating system.
- Access to the NGINX Plus Customer Portal with valid login credentials.
- Availability of the NGINX Plus certificate and corresponding public key.
We will be working with Visual Studio Code to run NGINX commands and edit NGINX Plus configuration files. An official guide to installing NGINX on various platforms can be found here.
Within the terminal of VSCode, we will type in the following to confirm we are root.
whoami
Now we will cd to the /root directory to verify the nginx-repo.crt and nginx-repo.key files are present.
cd /root
ls -l
Once that is verified, we are ready to run the installation commands.
mkdir -p /etc/ssl/nginx
cp nginx-repo.* /etc/ssl/nginx
wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key
apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | sudo tee /usr/share/keyrings/app-protect-security-updates.gpg >/dev/null
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
apt-get update
apt-get install -y nginx-plus
After a few minutes, we can verify the version.
nginx -v
Next we can install the NGINX Plus GeoIP2 Dynamic Module. Please refer to the module documentation for further details:
https://github.com/leev/ngx_http_geoip2_module
apt-get -y install nginx-plus-module-geoip2
Now that the system and module is installed, we can start and verify.
systemctl start nginx
systemctl status nginx
We should now be able to browse the default landing page by navigating to https://NGINX-server/application1/index.html.
Discover more from Determined Network Guy
Subscribe to get the latest posts to your email.