Security Controls
In this section
NGINX SSL Termination
Terminate HTTPS traffic from clients, relieving your upstream web and application servers of the computational load of SSL/TLS encryption.
SSL Termination for TCP Upstream Servers
Terminate SSL/TLS-encrypted traffic from clients, relieving your upstream TCP servers of the computational load.
Restricting Access with HTTP Basic Authentication
Control access using HTTP Basic authentication, and optionally in combination with IP address-based access control.
Authentication Based on Subrequest Result
Authenticate clients during request processing by making a subrequest to an external authentication service, such as LDAP or OAuth.
Setting up JWT Authentication
This article explains how to control authentication of your web resources using JWT authentication.
Single Sign-On with OpenID Connect and Identity Providers
Enable OpenID Connect-based single sign-on (SSO) for applications proxied by NGINX Plus, using an Identity Provider (IdP).
Limiting Access to Proxied HTTP Resources
Protect your upstream web and application servers by limiting connections, rate of requests, or bandwidth, based on client IP address or other variables.
Restricting Access to Proxied TCP Resources
Protect your upstream TCP application servers by limiting connections or bandwidth, based on client IP address or other variables.
Restricting Access by Geographical Location
Control access or forward traffic to different upstream servers based on the client's geographical location, using the GeoIP2 dynamic module.
Securing HTTP Traffic to Upstream Servers
Secure HTTP traffic between NGINX or F5 NGINX Plus and upstream servers, using SSL/TLS encryption.
Securing TCP Traffic to Upstream Servers
Secure TCP traffic between NGINX or F5 F5 NGINX Plus and upstream servers, using SSL/TLS encryption.
Dynamic Denylisting of IP Addresses
Control access to your site or apps from specific client IP addresses, using dynamic denylists built with the F5 NGINX Plus key-value store and API.