NGINXaaS Custom Security Policies

content/nginxaas-azure/app-protect/_index.md

@@ -1,5 +1,5 @@
 ---
-title: NGINX App Protect WAF (Preview)
+title: NGINX App Protect WAF
 weight: 200
 url: /nginxaas/azure/app-protect/
 ---

content/nginxaas-azure/app-protect/configure-waf.md

@@ -101,7 +101,30 @@ The following table shows the path to the precompiled policy file that needs to
 
 To view the contents of the available security policies, navigate to the azure portal and select the **Security Policies** tab in the App Protect section.
 
-{{<note>}}Custom policies are not supported at this time.{{</note>}}
+## Custom policies
+
+NGINXaas for Azure also supports custom security policies. You can create and modify custom security policies to deploy to NGINX App Protect Instances using the API or Azure Portal.
+
+### Manage custom policies
+
+To create a custom security policy in the Azure Portal:
+
+1. Select your deployment
+2. Select **NGINX app protect WAF** from the menu on the left
+3. Select **Custom Policies**
+4. Select **Add Custom Security Policy** to open the policy editor
+
+In the policy editor, enter the **Name**, **File path**, your policy content, and then select **Save**. The **File path** is optional and will default to the path "/etc/app_protect/conf/" plus the policy **Name** with a ".json" extension. After your policy has been saved, you can then reference it in your NGINX configuration. For more information on policy configuration and syntax, refer to the NGINX App Protect [configuration guide](https://docs.nginx.com/nginx-app-protect-waf/v5/configuration-guide/configuration/).
+
+{{<note>}}The **name** field within the security policy must be unique among the policies referenced in your NGINX configuration.{{</note>}}
+
+{{<warning>}}Referencing both custom and precompiled policies in your NGINX configuration is not supported at this time. 
+As a workaround, make a copy of the default policy you want to use, then add it as a custom policy with a different name.
+{{</warning>}}
+
+The **Custom Policies** tab shows the status of your custom policies (Compilation and Application Status). Custom policies are automatically compiled when created or modified. Policies that are applied to the NGINX configuration cannot be deleted until they are first removed from the configuration. 
+
+It is highly recommended to use logging to monitor the performance of NGINX App Protect WAF and to help diagnose problems. See [Enable App Protect WAF Logs]({{< ref "/nginxaas-azure/app-protect/enable-logging.md" >}}) for directions to configure security and operational logs.
 
 ## What's next
 

content/nginxaas-azure/app-protect/enable-waf.md

@@ -14,7 +14,8 @@ This guide explains how to enable F5 NGINX App Protect WAF on a F5 NGINX as a Se
 ## Before you start
 - NGINX App Protect WAF can only be enabled on NGINXaaS for Azure deployments with the **Standard v2** [plan]({{< ref "/nginxaas-azure/billing/overview.md" >}})
 
-## Enable NGINX App Protect (Preview)
+## Enable NGINX App Protect
+
 NGINX App Protect is disabled by default and needs to be explicitly enabled on an NGINXaaS deployment. Follow these steps:
 
 ### Using the Microsoft Azure Portal

content/nginxaas-azure/changelog.md

@@ -13,6 +13,14 @@ To see a list of currently active issues, visit the [Known issues]({{< ref "/ngi
 
 To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/changelog-archive" >}}) section.
 
+## April 22, 2025
+
+### What's New
+
+- {{% icon-feature %}} **NGINX App Protect WAF is now generally available**
+
+NGINX App Protect WAF is now generally available and is no longer a preview feature and will therefore be billed as specified in the [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/f5-networks.f5-nginx-for-azure?tab=PlansAndPrice)
+
 ## April 16, 2025
 
 - {{% icon-feature %}} **Notification on update to deployments using the Stable Upgrade Channel**
@@ -24,7 +32,6 @@ To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/
 
    If you have any questions or concerns, please [contact us]({{< ref "/nginxaas-azure/troubleshooting/troubleshooting.md" >}}).
 
-
 ## March 31, 2025
 
 ### What's New

content/nginxaas-azure/known-issues.md

@@ -9,6 +9,12 @@ url: /nginxaas/azure/known-issues/
 
 List of known issues in the latest release of F5 NGINX as a Service for Azure (NGINXaaS).
 
+### {{% icon-bug %}} Custom and precompiled security policies cannot both be referenced in an NGINX configuration 
+
+When using NGINX App Protect WAF, you can only reference default or custom security policies in your NGINX configuration, not both.
+
+**Workaround**: Make a copy of the default policy you want to use, then add it as a custom policy with a different name.  
+
 ### {{% icon-bug %}} Terraform fails to apply due to validation errors, but creates "Failed" resources in Azure (ID-4424)
 
 Some validation errors are caught later in the creation process, and can leave behind "Failed" resources in Azure. An example initial failure might look like:

content/nginxaas-azure/troubleshooting/troubleshooting.md

@@ -38,6 +38,11 @@ To contact support about F5 NGINX as a Service for Azure (NGINXaaS):
 - Date and time of the issue
 - Resource ID
 
+If your deployment is configured to use NGINX App Protect WAF, please collect the following information also:
+
+- Package versions from the NGINX App Protect WAF page
+- Security policies in-use and the content of all custom security policies
+
 {{< img src="nginxaas-azure/properties.png" alt="Screenshot of the Azure portal showing the Properties section" >}}
 
 8. Complete the **Additional information** and **Contact details** sections of your case and select **Submit**.

go.mod

@@ -2,4 +2,4 @@ module github.com/nginxinc/docs
 
 go 1.19
 
-require github.com/nginxinc/nginx-hugo-theme v0.42.1 // indirect
+require github.com/nginxinc/nginx-hugo-theme v0.42.28 // indirect

go.sum

@@ -1,2 +1,6 @@
 github.com/nginxinc/nginx-hugo-theme v0.42.1 h1:SYj7R7fKPYwtbQobTcJWy/ZWQxa5tlHCSJfU2dxYXxY=
 github.com/nginxinc/nginx-hugo-theme v0.42.1/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
+github.com/nginxinc/nginx-hugo-theme v0.42.27 h1:D80Sf/o9lR4P0NDFfP/hCQllohz6C5qlJ4nGNfdfnqM=
+github.com/nginxinc/nginx-hugo-theme v0.42.27/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=
+github.com/nginxinc/nginx-hugo-theme v0.42.28 h1:1SGzBADcXnSqP4rOKEhlfEUloopH6UvMg+XTyVVQyjU=
+github.com/nginxinc/nginx-hugo-theme v0.42.28/go.mod h1:DPNgSS5QYxkjH/BfH4uPDiTfODqWJ50NKZdorguom8M=