F5 NGINX App Protect WAF

Enforce, automate and scale your app and API security across distributed architectures and hybrid environments with lightweight, high-performance, advanced protection against Layer 7 attacks.

Improve Security, Accelerate DevOps, and Simplify Management

Protecting your applications and APIs from Layer 7 attacks is easy using NGINX App Protect WAF, a lightweight, high-performance web application firewall for DevOps environments. Running natively on NGINX Plus and NGINX Ingress Controller, it is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.

Why Use NGINX App Protect WAF

platform agnostic diagram

Deploy Platform-Agnostic Security

Secure your organization’s apps and APIs with a single security solution across distributed architectures and environments including on-premises, hybrid, and multi-cloud. With NGINX App Protect WAF you can:

  • Build consistent security controls for web apps, microservices, containers, and APIs
  • Achieve seamless single-vendor technology integration within the NGINX platform for reduced complexity, friction, and tool sprawl
  • Deploy the uniquely flexible software form factor across all modern app topologies – from load balancers at the edge to API gateways and Kubernetes Ingress controllers to per-service or per-pod proxies inside the Kubernetes cluster
  • Scale your Kubernetes apps in the cloud with a lightweight, high-performance, low-latency, and low-compute security solution

support for Shift Left, DevSecOps, and Security Automation diagram

Support for Shift Left, DevSecOps, and Security Automation

Enable a shift-left strategy where security is incorporated into every stage of the software development lifecycle (SDLC). With NGINX App Protect WAF you can:

  • Use declarative policies created by SecOps to enable DevOps to integrate security as code into CI/CD pipelines
  • Implement security automation to reduce the cost of breaches by up to 80%
  • Save time and money by finding and fixing vulnerabilities before an app is released into production
  • Maintain developer agility and innovation while building more reliable and secure apps
  • Accelerate time to market and reduce costs with DevSecOps automated security


Technical Specifications


Modern app security solution that works seamlessly in DevOps environments.




Red Hat OpenShift Container Platform



Operating Systems

Alpine Linux



Oracle Linux

Red Hat Enterprise Linux


Cloud Platforms

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Next Steps