Download a security policy bundle

To download a security policy bundle using the NGINX Instance Manager web interface:

1. In your browser, go to the FQDN for your NGINX Instance Manager host and log in.
2. In the left menu, select WAF > Policies.
3. On the Security Policies page, find the policy you want to download a bundle for.
4. Select the Actions menu (…) and choose Download Bundle.
   • The Download Bundle option is available only when the Compilation Status is Compiled.
5. When the download starts, a .tgz file named <PolicyName>-security-policy-bundle.tgz is saved to your system.

Note: By default, Download Bundle retrieves the latest bundle revision of the selected policy.

To download a specific security policy bundle, send a GET request to the Security Policy Bundles API using the policy UID and bundle UID in the URL path.

You must have "READ" permission for the bundle to retrieve it.

Example:

curl -X GET https://{{NIM_FQDN}}/api/platform/v1/security/policies/<policy-uid>/bundles/<bundle-uid> \
  -H "Authorization: Bearer <access token>"

The response includes a content field that contains the bundle in base64 format. To use it, decode the content and save it as a .tgz file.

Example:

curl -X GET "https://{{NIM_FQDN}}/api/platform/v1/security/policies/<policy-uid>/bundles/<bundle-uid>" \
  -H "Authorization: Bearer <access token>" | jq -r '.content' | base64 -d > security-policy-bundle.tgz

{
  "metadata": {
    "created": "2023-10-04T23:19:58.502Z",
    "modified": "2023-10-04T23:19:58.502Z",
    "appProtectWAFVersion": "4.457.0",
    "policyUID": "<policy-uid>",
    "attackSignatureVersionDateTime": "2023.08.10",
    "botSignatureVersionDateTime": "2023.08.09",
    "threatCampaignVersionDateTime": "2023.08.09",
    "uid": "<bundle-uid>"
  },
  "content": "ZXZlbnRzIHt9Cmh0dHAgeyAgCiAgICBzZXJ2ZXIgeyAgCiAgICAgICAgbGlzdGVuIDgwOyAgCiAgICAgICAgc2VydmVyX25hbWUgXzsKCiAgICAgICAgcmV0dXJuIDIwMCAiSGVsbG8iOyAgCiAgICB9ICAKfQ==",
  "compilationStatus": {
    "status": "compiled",
    "message": ""
  }
}