NGINX.com is now F5.com. Find out more

F5 NGINX App Protect

A lightweight, high-performance software security solution designed to protect APIs and modern apps.

Platform Agnostic Security for Modern Apps and APIs

defend against attacks vignette

Defend against attacks

Leverage a single, powerful, low-latency security solution across clouds and distributed architectures. Scale your app security in Kubernetes clusters and the cloud while significantly reducing compute costs.

  • Secure APIs: Support for gRPC, GraphQL, REST, OWASP Top 10 APIs.
  • Prevent App-Layer Attacks: Get superior attack detection by going beyond tracking client traffic patterns, with combined service health checks. 
  •  Multi-Layer Defense: Mitigate attacks faster with a multi-layered defense strategy leveraging eBPF technology and managed by app teams.

Product Overview

Enforce, automate, and scale your app and API security across distributed architectures and hybrid environments

Protecting your applications and APIs from attacks is easy using NGINX App Protect WAF, an advanced, lightweight, and high-performance web application firewall (WAF) for modern apps and APIs in DevOps environments. Running natively on F5 NGINX Plus and F5 NGINX Ingress Controller, it is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.

Mitigate layer 7 denial-of-service (DoS) attacks on your apps and APIs

Achieve comprehensive protection against application layer DoS and DDoS attacks for your apps and APIs with a multi-layered, adaptive, and automated mitigation strategy for DevOps environments. Running natively on F5 NGINX Plus and F5 NGINX Ingress Controller, NGINX App Protect DoS is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.

Core Capabilities

High-performance, automated, and lightweight WAF and DoS protection across distributed architectures and environments with NGINX App Protect.

App-centric security designed to protect and provide security controls for the application.

Deploys tools to secure REST, GraphQL, gRPC, and APIs.

Declarative API-based deployment and configuration enables delivering security as “code.”

Behavioral analytics and machine learning provide accurate L7 DoS detection and mitigation.

App-centric security designed to protect and provide security controls for the application.

Defends critical apps from today’s biggest security concerns, including those listed in the OWASP Top 10.

Correlate singular attack incidents as part of extensible and sophisticated attacks with threat intelligence and SOC team expertise.

Integrate WAF and DoS security with NGINX data and management planes across multicloud environments.

Resources