Enable NGINX App Protect on the Arcadia Finance App

Now you will now enable NGINX App Protect and apply a WAF policy to the Arcadia Finance app.

Attention

The release we’ve used in the lab, 2.8.0, has a known issue. This issue is fixed in releases 2.9.0 and higher. Due to time restrictions, we were unable to upgrade this lab prior to the event.

For details on the known-issue, refer to Precompiled Publication setting is reverted to false after error publishing NGINX App Protect policy on the NGINX Management Suite Known Issues page.

  1. First, you’ll need to address the known-issue in the lab’s release of NGINX Management Suite. From the Applications menu, click SSH Shortcuts and log into nginx-plus-2. Issue the following command:
sudo sed -i 's/precompiled_publication: true/precompiled_publication: false/g' /etc/nginx-agent/nginx-agent.conf; sudo systemctl restart nginx-agent; sleep 7; sudo sed -i 's/precompiled_publication: false/precompiled_publication: true/g' /etc/nginx-agent/nginx-agent.conf; sudo systemctl restart nginx-agent
  1. Open Firefox and click on the NMS bookmark.
../../../_images/nms_bookmark.png
  1. Log in using the lab / Agility2023! credentials. Click on the Instance Manager tile.
../../../_images/nms_dashboard.png
  1. Click on nginx-plus-2.agility.lab instance in the list.
../../../_images/nms_instance_select.png
  1. Click on the Edit Config button.
../../../_images/nms_instance_edit_config.png
  1. Select the arcadia-financial.conf file in the navigation pane on the left.
../../../_images/config_nav_pane.png
  1. Add the following configuration lines to the server block that includes the listen 443 ssl directive:
app_protect_enable on;
app_protect_policy_file "/etc/nms/AgilityPolicy.tgz";
app_protect_security_log_enable on;
app_protect_security_log "/etc/nms/secops_dashboard.tgz" syslog:server=127.0.0.1:514;

Your screen should look similar to below:

../../../_images/modified_arcadia-financial_conf.png
  1. Click the Publish icon in the toolbar in the file editor.
../../../_images/publish_btn.png
  1. You will be presented with a confirmation prompt. Click Publish to continue.
../../../_images/publish_confirm1.png
  1. After a few moments, you will see a notification that the configuration was successfully published.
../../../_images/publish_notification.png
  1. Click on App Protect from the menu.
../../../_images/app_protect_nav.png
  1. On the list of policies, click on the name AgilityPolicy.
../../../_images/agilitypolicy_select.png
  1. On this screen, you can see that the policy is applied.
../../../_images/agility_policy_applied.png