Security Controls

In this section

NGINX SSL Termination

Terminate HTTPS traffic from clients, relieving your upstream web and application servers of the computational load of SSL/TLS encryption.

SSL Termination for TCP Upstream Servers

Terminate SSL/TLS-encrypted traffic from clients, relieving your upstream TCP servers of the computational load.

Restricting Access with HTTP Basic Authentication

Control access using HTTP Basic authentication, and optionally in combination with IP address-based access control.

Authentication Based on Subrequest Result

Authenticate clients during request processing by making a subrequest to an external authentication service, such as LDAP or OAuth.

Setting up JWT Authentication

This article explains how to control authentication of your web resources using JWT authentication.

Single Sign-On with OpenID Connect and Identity Providers

Enable OpenID Connect-based single sign-on (SSO) for applications proxied by NGINX Plus, using an Identity Provider (IdP).

Limiting Access to Proxied HTTP Resources

Protect your upstream web and application servers by limiting connections, rate of requests, or bandwidth, based on client IP address or other variables.

Restricting Access to Proxied TCP Resources

Protect your upstream TCP application servers by limiting connections or bandwidth, based on client IP address or other variables.

Restricting Access by Geographical Location

Control access or forward traffic to different upstream servers based on the client's geographical location, using the GeoIP2 dynamic module.

Securing HTTP Traffic to Upstream Servers

Secure HTTP traffic between NGINX or F5 NGINX Plus and upstream servers, using SSL/TLS encryption.

Securing TCP Traffic to Upstream Servers

Secure TCP traffic between NGINX or F5 F5 NGINX Plus and upstream servers, using SSL/TLS encryption.

Dynamic Denylisting of IP Addresses

Control access to your site or apps from specific client IP addresses, using dynamic denylists built with the F5 NGINX Plus key-value store and API.