NGINX App Protect WAF Troubleshooting Guide
Learn about the NGINX App Protect WAF Troubleshooting Guide.
This Troubleshooting Guide is intended to provide guidance to customers in the detection and correction of programming issues in NGINX App Protect. It may also be useful to IT in resolving any installation or configuration problems.
Refer to the below table for any NGINX App Protect WAF installation or configuration known problems.
|Starting version 3.12, installation steps and Docker deployment examples were changed in the Admin Guide. You may encounter one of the following error messages:
# example of yum installation error when the app-protect-security-updates repository is missing:
# example of apt installation error when the app-protect-security-updates repository is missing:
|Enable the app-protect-security-updates repository.
|NGINX is not running (ps -aux)
Reloading NGINX fails
|Check the error log at
Fix the problem and re-run NGINX.
|NGINX App Protect WAF functionality is not as expected
|NGINX App Protect WAF has several logs which can be used for troubleshooting.
Usually, it is best to look for any warning or error messages within the logs.
Refer to Logs Overview
Too many open files error message
|Increase number of file descriptors.
worker_rlimit_nofile 65535; in the main context of
Refer to worker_rlimit_nofile directive
setrlimit ... failed (Permission denied) error message
|Increase the limit using the following command as the root user:
setsebool -P httpd_setrlimit 1;
Refer to Issue 4: Too many files are open Error
app_protect_xxx error message
|App Protect module is not loaded. Add this line to the main (global) context of nginx.conf:
ELK issues are addressed directly in GitHub by posting the issue to Kibana dashboards for F5 App Protect WAF GitHub repo.
App Protect files and processes are labeled with the following two contexts:
NGINX Plus is labeled with the
If you run into a situation where SELinux denies access to something, start the troubleshooting by searching for audit denials related to one of the above contexts.
ausearch --start recent -m avc --raw -se nap-engine_t
--start recenthere means to start the search from 10 minutes ago
For more information about how to use NGINX Plus with SELinux - check our blog
In order to open a support ticket, collect the troubleshooting information in a tarball and send it to your customer support engineer.
Tarball preparation to collect data for troubleshooting:
- Get all versions via:
cat /opt/app_protect/VERSION /opt/app_protect/RELEASE > package_versions.txt
rpm -qa nginx-plus* app-protect* >> package_versions.txt
apt list --installed | grep -E 'nginx-plus|app-protect' >> package_versions.txt
- Get OS via:
cat /etc/os-release > system_version.txt && uname -r >> system_version.txt && cat /proc/version >> system_version.txt
Create a list of files for tarball in a file called logs.txt:
/var/log/app_protect/*(all app protect files)
/var/log/nginx/*(all NGINX files)
Add all policies and log file configuration
Add all nginx configuration including all references such as
Create the tarball:
tar cvfz logs.tgz `cat logs.txt`
logs.tgzto support ticket.
On the support ticket, in the NGINX App Protect WAF, set the release version according to the
This documentation applies to the following versions of NGINX App Protect WAF: 4.7.