Onboard custom security policies
After verifying that F5 WAF for NGINX is active on your instances, you can onboard your own custom security policies. Use this option when you need to apply application-specific rules or integrate policies created in other environments. You’ll upload your JSON policy files, package them into .tgz bundles, and publish them through F5 NGINX Instance Manager.
- Make sure the policy you plan to onboard is valid JSON and follows the F5 WAF for NGINX schema.
- Confirm that the NGINX Agent has permission to access the directory where you’ll store your bundles.
- Review the F5 WAF for NGINX configuration guide for examples of policy structure and directive usage.
-
In a web browser, go to the FQDN for your NGINX Instance Manager host and log in. Then, select Instance Manager from the Launchpad menu.
-
In the left menu, select Security Policies.
-
Choose Upload Policy, then select your
.jsonor.tgzpolicy file. -
If you uploaded a
.jsonfile, NGINX Instance Manager automatically compiles it into a.tgzbundle. -
After upload, select Publish to make the policy available to your instances.
Use tools such ascurlor Postman to send requests to the NGINX Instance Manager REST API. The API base URL ishttps://<NIM-FQDN>/api/[nim|platform]/<API_VERSION>.
All requests require authentication. For details on authentication methods, see the API overview.
Use the NGINX Instance Manager REST API to onboard policies programmatically.
| Method | Endpoint |
|---|---|
| POST | /api/platform/v1/security/policies |
| GET | /api/platform/v1/security/policies |
Example — upload and publish a policy:
curl -X POST https://{{NMS_FQDN}}/api/platform/v1/security/policies \
-H "Authorization: Bearer <access token>" \
--header "Content-Type: multipart/form-data" \
-F "file=@my-custom-policy.json"The API response includes the policy ID. Use that ID to reference your custom policy in your NGINX configuration:
app_protect_policy_file /etc/nms/my-custom-policy.tgz;