Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions content/nginx-one-console/changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,16 @@ nollms: true

Stay up-to-date with what's new and improved in the F5 NGINX One Console.

## July 16, 2026

### F5 WAF for NGINX: Built-In Log Profile Support

You can now use F5 WAF for NGINX built-in log profiles as starting points while creating new log profiles. The configuration editor also now supports auto-complete for built-in log profile names, making them easier for you to reference within a config.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
You can now use F5 WAF for NGINX built-in log profiles as starting points while creating new log profiles. The configuration editor also now supports auto-complete for built-in log profile names, making them easier for you to reference within a config.
You can now use built-in F5 WAF for NGINX log profiles as starting points when you create new log profiles. The configuration editor now supports autocomplete for built-in log profile names, making it easier to reference them in a configuration.


### F5 WAF for NGINX: Log Profile Copy Support

You can now make a copy of log profiles via the log profile list row actions so that you can easily extend existing log profiles without overwriting their existing content.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
You can now make a copy of log profiles via the log profile list row actions so that you can easily extend existing log profiles without overwriting their existing content.
You can now copy log profiles from the log profile list. Use row actions to create a copy and extend an existing log profile without overwriting its content.


## June 15, 2026

### F5 WAF for NGINX: Updated policy version names
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ For detailed information about security logging capabilities and available log a

From NGINX One Console, select **WAF** > **Log Profiles**. In the screen that appears, select **Add Log Profile**. This action opens a screen where you can:

- In **Start From**, choose a F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) to use as a starting point

@travisamartin travisamartin Jul 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- In **Start From**, choose a F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) to use as a starting point
- In **Start From**, select an F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) as a starting point.

- In **General Settings**, name and describe the log profile
- Configure the filter settings to determine which requests are logged
- Set the content format and options for how log messages are structured
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ If you already know F5 WAF for NGINX, you can go beyond the options available in

From NGINX One Console, select **WAF > Policies**. In the screen that appears, select **Add Policy**. That action opens a screen where you can:

- Optionally choose a F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) to use as a starting point

@travisamartin travisamartin Jul 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Optionally choose a F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) to use as a starting point
- Optionally, select an F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles>}} as a starting point.

- In General Settings, name and describe the policy.
- You can also set one of the following enforcement modes:
- Transparent
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ Before you begin, make sure you have:
6. In the drop-down menu that appears, select the instance or instance group to deploy to.

7. Choose how to deploy the log profile:

- **Add a new log profile path**: Specify a new file path where the log profile bundle should be deployed.
- **Update all log profiles**: Sync all log profiles on the target instance or instance group. This updates all existing log profiles by compiling their latest JSON contents into bundles and deploying them to all existing file paths.

Expand All @@ -63,10 +62,13 @@ You can also deploy a log profile directly when editing the NGINX configuration

1. Select the **Configuration** tab, then select **Edit Configuration**.

{{< call-out class="note" >}}
Note: you can also reference a F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) by using its name, no deployment required.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Note: you can also reference a F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) by using its name, no deployment required.
You can also reference an F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) by name. You don't need to deploy it first.

@travisamartin travisamartin Jul 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't need "Note:" if you enclose the text in {{< call-out class="note" >}}

{{< /call-out >}}

1. Select **Apply security** and select which log profile to deploy.

1. Copy the code snippet with the required directives and paste it into your NGINX configuration. The snippet includes:

- `app_protect_security_log_enable on`
- `app_protect_security_log` with the log profile bundle path and destination

Expand All @@ -77,7 +79,7 @@ You can also deploy a log profile directly when editing the NGINX configuration
app_protect_security_log /etc/nginx/log-profile-bundle.tgz syslog:server=localhost:514;
```

8. Select **Save**, then select **Publish**.
1. Select **Save**, then select **Publish**.

---

Expand All @@ -86,7 +88,6 @@ You can also deploy a log profile directly when editing the NGINX configuration
After deployment, verify that the log profile is active on the target instances or instance groups.

1. Confirm that the NGINX configuration includes the required directives:

- `app_protect_security_log_enable on`
- `app_protect_security_log` with the correct log profile bundle path and destination

Expand All @@ -106,4 +107,4 @@ For more information, see:
- [Review log profiles]({{< ref "/nim/waf-integration/policies-and-logs/log-profiles/review-log-profile.md" >}})
- [Compile a security log profile]({{< ref "/nim/waf-integration/policies-and-logs/log-profiles/compile-log-profile.md" >}})
- [Security log directives]({{< ref "/waf/logging/security-logs.md#directives-in-nginxconf" >}})
- [Security Logs]({{< ref "/waf/logging/security-logs.md" >}})
- [Security Logs]({{< ref "/waf/logging/security-logs.md" >}})
70 changes: 45 additions & 25 deletions static/nginx-one-console/api/one.json
Original file line number Diff line number Diff line change
Expand Up @@ -4416,7 +4416,7 @@
"WAF Log Profiles"
],
"summary": "List WAF log profiles",
"description": "Returns a list of WAF log profiles.",
"description": "Returns a list of WAF log profiles.\n\nBuilt-in log profiles are excluded by default. To include them, filter by `source` with value `built_in`. Built-in profiles are pre-installed in the WAF engine and do not need to be compiled or deployed.\n",
"operationId": "listWafLogProfiles",
"parameters": [
{
Expand Down Expand Up @@ -10309,7 +10309,7 @@
}
},
"example": {
"public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
"public_certs": "UkVEQUNURUQ="
}
},
"CertificateRequest": {
Expand All @@ -10332,7 +10332,7 @@
"example": {
"name": "example-ca-bundle",
"content": {
"public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==",
"public_certs": "UkVEQUNURUQ=",
"private_key": ""
}
}
Expand Down Expand Up @@ -10616,7 +10616,7 @@
}
},
"example": {
"private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t"
"private_key": "UkVEQUNURUQ="
}
},
"CertificateUpdateRequest": {
Expand All @@ -10636,7 +10636,7 @@
"example": {
"name": "example-cert-object",
"content": {
"public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
"public_certs": "UkVEQUNURUQ="
}
}
},
Expand Down Expand Up @@ -13637,6 +13637,18 @@
"path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
}
},
"TemplateSubmissionObjectID": {
"description": "A globally unique identifier for a template submission.",
"type": "string",
"format": "object_id",
"pattern": "^tmplsm_.*",
"x-go-type": "objects.ID",
"x-go-type-import": {
"name": "objects",
"path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
},
"example": "tmplsm_frBobKIAQ_21grAwV83VYz"
},
"StagedConfigCertificateSummary": {
"type": "object",
"description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.",
Expand Down Expand Up @@ -13702,6 +13714,10 @@
"format": "date-time",
"description": "The date and time when the NGINX configuration object was last modified for the instance."
},
"template_submission_id": {
"description": "A globally unique identifier for the template submission associated with this staged config, if applicable.",
"$ref": "#/components/schemas/TemplateSubmissionObjectID"
},
"cert_summary": {
"$ref": "#/components/schemas/StagedConfigCertificateSummary"
}
Expand Down Expand Up @@ -15590,6 +15606,7 @@
"name": "test-log-profiles",
"object_id": "lp_XYxnZgVYQFKire4M1KcVVQ",
"is_f5_default": false,
"source": "user_defined",
"config": "eyJsb2dfc3RyZWFtIjogIntmb3JtYXQgY29tYmluZWQgZXg=",
"deployments": [
{
Expand Down Expand Up @@ -15635,6 +15652,7 @@
"name": "test-log-profiles",
"object_id": "lp_XYxnZgVYQFKire4M1KcVVQ",
"is_f5_default": false,
"source": "user_defined",
"deployments": [
{
"nap_release": "5.10.0",
Expand All @@ -15656,6 +15674,7 @@
"object_id",
"hash",
"is_f5_default",
"source",
"modified_at",
"created_at"
],
Expand All @@ -15672,7 +15691,18 @@
"description": "The hash value of the NGINX App Protect log profile configs."
},
"is_f5_default": {
"$ref": "#/components/schemas/IsF5Default"
"type": "boolean",
"deprecated": true,
"description": "Indicates whether this is an F5 default object (true) or a user-defined object (false).\nDeprecated: Use the `source` field instead. This field will be removed after December 2026.\n"
},
"source": {
"type": "string",
"description": "Classifies the origin of the log profile.\n- `user_defined` — created by a user; can be compiled, deployed, modified, and deleted.\n- `f5_default` — provided by F5; can be compiled and deployed but not modified or deleted.\n- `built_in` — pre-installed in the WAF engine; can be referenced directly in NGINX configuration by name. Cannot be compiled, deployed, modified, or deleted. Excluded from list results unless explicitly filtered with `source=built_in`.\n",

@travisamartin travisamartin Jul 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"description": "Classifies the origin of the log profile.\n- `user_defined` — created by a user; can be compiled, deployed, modified, and deleted.\n- `f5_default` — provided by F5; can be compiled and deployed but not modified or deleted.\n- `built_in` — pre-installed in the WAF engine; can be referenced directly in NGINX configuration by name. Cannot be compiled, deployed, modified, or deleted. Excluded from list results unless explicitly filtered with `source=built_in`.\n",
"description": "Classifies the source of the log profile.\n- `user_defined` — Created by a user. You can compile, deploy, modify, or delete these profiles.\n- `f5_default` — Provided by F5. You can compile and deploy these profiles, but you can't modify or delete them.\n- `built_in` — Included in the WAF engine. You can reference these profiles by name in the NGINX configuration. You can't compile, deploy, modify, or delete them. These profiles are excluded from list results unless you filter for `source=built_in`.\n",

"enum": [
"user_defined",
"f5_default",
"built_in"
]
},
"description": {
"description": "Optional field to describe the NGINX App Protect log profile.",
Expand Down Expand Up @@ -16305,22 +16335,20 @@
},
"FilterNameNapLogProfile": {
"type": "string",
"description": "Keywords for NGINX App Protect log profile filters.\n",
"description": "Keywords for NGINX App Protect log profile filters.\nWhen filtering on `source`, the following `filter_values` are supported: `user_defined`, `f5_default`, `built_in`.\nBuilt-in log profiles are excluded from all results unless `source=built_in` is explicitly specified.\n",
"enum": [
"name",
"object_id",
"deployment_status"
"deployment_status",
"source"
],
"x-enum-varnames": [
"filter_name_nap_log_profile_name",
"filter_name_nap_log_profile_object_id",
"filter_name_nap_log_profile_deployment_status"
"filter_name_nap_log_profile_deployment_status",
"filter_name_nap_log_profile_source"
]
},
"IsF5Default": {
"type": "boolean",
"description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)."
},
"FilterNameNapLogProfileDeployment": {
"type": "string",
"description": "Keywords for NGINX App Protect log profile deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n",
Expand Down Expand Up @@ -17413,18 +17441,6 @@
"error": "\"upstream\" directive is not allowed here in /etc/nginx/nginx.conf:1"
}
},
"TemplateSubmissionObjectID": {
"description": "A globally unique identifier for a template submission.",
"type": "string",
"format": "object_id",
"pattern": "^tmplsm_.*",
"x-go-type": "objects.ID",
"x-go-type-import": {
"name": "objects",
"path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects"
},
"example": "tmplsm_frBobKIAQ_21grAwV83VYz"
},
"TemplateSubmissionListResponse": {
"description": "List of template submissions.",
"allOf": [
Expand Down Expand Up @@ -17705,6 +17721,10 @@
"filter_name_templates_is_f5_default"
]
},
"IsF5Default": {
"type": "boolean",
"description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)."

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)."
"description": "Indicates whether the object is an F5 default object (`true`) or a user-defined object (`false`)."

},
"FilterNameSubmissions": {
"type": "string",
"description": "Keywords for config template submissions filters.\n",
Expand Down
Loading