diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index f34fa9853..3e2dbdabb 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -791,7 +791,7 @@ func agentConfig() *Config {
 		},
 		AllowedDirectories: []string{
 			"/etc/nginx/", "/etc/nginx-agent/", "/usr/local/etc/nginx/", "/var/run/nginx/", "/var/log/nginx/",
-			"/usr/share/nginx/modules/",
+			"/usr/share/nginx/modules/", "/etc/app_protect/",
 		},
 		Collector: &Collector{
 			ConfigPath: "/etc/nginx-agent/nginx-agent-otelcol.yaml",
diff --git a/internal/config/defaults.go b/internal/config/defaults.go
index 6c4a1ab3d..160677472 100644
--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
@@ -106,6 +106,7 @@ func DefaultAllowedDirectories() []string {
 		"/usr/share/nginx/modules",
 		"/var/run/nginx",
 		"/var/log/nginx",
+		"/etc/app_protect",
 	}
 }
 
diff --git a/internal/watcher/instance/nginx-app-protect-instance-watcher_test.go b/internal/watcher/instance/nginx-app-protect-instance-watcher_test.go
index 48925663d..2dae2d254 100644
--- a/internal/watcher/instance/nginx-app-protect-instance-watcher_test.go
+++ b/internal/watcher/instance/nginx-app-protect-instance-watcher_test.go
@@ -112,7 +112,6 @@ func TestNginxAppProtectInstanceWatcher_Watch(t *testing.T) {
 			t.Fatalf("Timed out waiting for instance updates")
 		}
 	})
-
 	t.Run("Test 2: Update instance", func(t *testing.T) {
 		_, err = enforcerEngineVersionFile.WriteAt([]byte("6.113.0"), 0)
 		require.NoError(t, err)
diff --git a/nginx-agent.conf b/nginx-agent.conf
index b67980261..559754f43 100644
--- a/nginx-agent.conf
+++ b/nginx-agent.conf
@@ -12,6 +12,7 @@ log:
 
 allowed_directories: 
     - /etc/nginx
+    - /etc/app_protect
     - /usr/local/etc/nginx
     - /usr/share/nginx/modules
     - /var/run/nginx
diff --git a/scripts/packages/preinstall.sh b/scripts/packages/preinstall.sh
index 7bcc02250..530aa2706 100644
--- a/scripts/packages/preinstall.sh
+++ b/scripts/packages/preinstall.sh
@@ -109,6 +109,7 @@ labels:
             allowed_directories="${allowed_directories}\n  - ${config_dir}"
         done
         allowed_directories="${allowed_directories}\n  - /var/log/nginx"
+        allowed_directories="${allowed_directories}\n  - /etc/app_protect"
 
         echo "Writing new v3 configuration to $v3_config_file"
         v3_config_contents="
diff --git a/scripts/packages/upgrade-agent-config.sh b/scripts/packages/upgrade-agent-config.sh
index 0a3fefe9f..4ea7f1582 100755
--- a/scripts/packages/upgrade-agent-config.sh
+++ b/scripts/packages/upgrade-agent-config.sh
@@ -52,7 +52,8 @@ for config_dir in $config_dirs; do
 done
 
 allowed_directories="${allowed_directories}\n  - /var/log/nginx"
-       
+allowed_directories="${allowed_directories}\n  - /etc/app_protect"
+
 v3_config_contents="
 #
 # /etc/nginx-agent/nginx-agent.conf