NGINXaaS Custom Security Policies

[edarzins]

Updated doc to support the use of NGINX App Protect custom security policies.

Proposed changes

Update NGINXaaS for Azure doc to support NGINX App Protect custom policies

Problem: Document new feature for NGINXaaS for Azure

Solution: N/A

Testing: N/A

Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
specific feedback, add them here.

If this PR addresses an issue on GitHub, ensure that you link to it here:

Checklist

Before merging a pull request, run through this checklist and mark each as complete.

• I have read the contributing guidelines
• I have signed the F5 Contributor License Agreement (CLA)
• I have rebased my branch onto main
• I have ensured my PR is targeting the main branch and pulling from my branch from my own fork
• I have ensured that the commit messages adhere to Conventional Commits
• I have ensured that documentation content adheres to the style guide
• If the change involves potentially sensitive changes¹, I have assessed the possible impact
• If applicable, I have added tests that prove my fix is effective or that my feature works
• I have ensured that existing tests pass after adding my changes
• If applicable, I have updated README.md and CHANGELOG.md

Footnotes

1. Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation. Please refer to our style guide for guidance about placeholder content. ↩

[github-actions]

✅ All required contributors have signed the F5 CLA for this PR. Thank you!
_{Posted by the CLA Assistant Lite bot.}

[edarzins]

I have hereby read the F5 CLA and agree to its terms

[russokj]

Did a quick grep on where we refer to NAP as being in preview. Please change the following:

• content/nginxaas-azure/app-protect/_index.md:title
• content/nginxaas-azure/app-protect/enable-waf.md
• Make sure change log indicates NAP is no longer in Preview and will be billed as specified in https://azuremarketplace.microsoft.com/en-us/marketplace/apps/f5-networks.f5-nginx-for-azure?tab=PlansAndPrice

[russokj]

Don't forget to call out anything in the official docs that cannot be done with the Saas version (a few general exceptions are mentioned in the NLB-5567 ticket).

[russokj]

They might not be available yet, but should we have a section for the CLI tool, as well as Terraform?

[amudukutore]

@edarzins - thanks for making these changes. I'll echo Ken's comment about removing any references to preview associated with the NAP feature. Also, we should add a note of this in the Changelog along with calling out that NAP capability is now generally available and no longer considered preview.

[russokj]

Another thought I had given the current incident reported by Liftr is that we should highly suggest they enable NGINX Security Logs (in the Diagnostic settings for Portal users).

[russokj]

Still missing a Troubleshooting section for NAP

[JTorreG]

Suggested change

	After your policy has been saved, you can then reference it in your NGINX configuration the same as you did for precompiled policies.
	After your policy has been saved, you can then reference it in your NGINX configuration as you did before for precompiled policies.

[russokj]

This assumes the customer used precompiled policies previously. We shouldn't make this assumption.

[edarzins]

Removed mention of precompiled polcies.

[JTorreG]

@edarzins please review the conflicts with the target branch (another PR updated the changelog too)

[russokj]

@JTorreG - please approve this MR if there are no specific changes needed besides rebasing. The pipeline will automatically block the merge until the conflicts are resolved and there will probably be multiple rebases needed. We want to be in a position that when the production code is live we can push the docs too.