F5 WAF for NGINX 5.10 release (#1504)

F5 WAF for NGINX 5.10 changes

---------

Co-authored-by: ohad-perets <126083286+ohad-perets@users.noreply.github.com>
Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com>

Author: 3 people

content/includes/waf/dockerfiles/alpine-oss.md

@@ -7,8 +7,8 @@ nd-files:
 ```dockerfile
 # syntax=docker/dockerfile:1
 
-# Supported OS_VER's are 3.16/3.17/3.19
-ARG OS_VER="3.19"
+# Supported OS_VER's are 3.22
+ARG OS_VER="3.22"
 
 # Base image
 FROM alpine:${OS_VER}

content/includes/waf/dockerfiles/alpine-plus.md

@@ -7,8 +7,8 @@ nd-files:
 ```dockerfile
 # syntax=docker/dockerfile:1
 
-# Supported OS_VER's are 3.16/3.17/3.19
-ARG OS_VER="3.19"
+# Supported OS_VER's are 3.22
+ARG OS_VER="3.22"
 
 # Base image
 FROM alpine:${OS_VER}

content/includes/waf/policy.html

@@ -3847,7 +3847,7 @@ <h2 id="policy/parameters">parameters</h2>
 <li><strong>pipe</strong>: pipe-separated values. Array color=["blue","black"] -&gt; color=blue|black.</li>
 <li><strong>form</strong>: ampersand-separated values. Array color=["blue","black"] -&gt; color=blue,black.</li>
 <li><strong>matrix</strong>: semicolon-prefixed values. Array color=["blue","black"] -&gt; ;color=blue,black.</li>
-<li><strong>tsv</strong>: tab-separated values. Array color=["blue","black"] -&gt; color=blue	black.</li>
+<li><strong>tsv</strong>: tab-separated values. Array color=["blue","black"] -&gt; color=bluetblack.</li>
 <li><strong>csv</strong>: comma-separated values. Array color=["blue","black"] -&gt; color=blue,black.</li>
 <li><strong>label</strong>: dot-prefixed values. Array color=["blue","black"] -&gt; .blue.black.</li>
 <li><strong>multi</strong>: multiple parameter instances rather than multiple values. Array color=["blue","black"] -&gt; color=blue&amp;color=black.</li>

content/includes/waf/table-policy-features.md

@@ -14,7 +14,7 @@ nd-files:
 | [Brute force attack preventions]({{< ref "/waf/policies/brute-force-attacks.md" >}}) | Configure parameters to secure areas of a web application from brute force attacks. |
 | [Cookie enforcement]({{< ref "/waf/policies/cookie-enforcement.md" >}}) | By default all cookies are allowed and not enforced for integrity. The user can add specific cookies, wildcards or explicit, that will be enforced for integrity. It is also possible to set the cookie attributes: HttpOnly, Secure and SameSite for cookies found in the response. |
 | [Data guard]({{< ref "/waf/policies/data-guard.md" >}}) | Detects and masks Credit Card Number (CCN) and/or U.S. Social Security Number (SSN) and/or custom patterns in HTTP responses. Disabled by default. |
-| [Deny and Allow IP lists]({{< ref "/waf/policies/deny-allow-ip.md" >}}) | Manually define denied & allowed IP addresses as well as IP addresses to never log. |
+| [Deny and Allow IP lists]({{< ref "/waf/policies/deny-allow-ip.md" >}}) | **Deprecated**. See [IP address lists]({{< ref "/waf/policies/ip-address-lists.md" >}}) |
 | [Do-nothing]({{< ref "/waf/policies/do-nothing.md" >}}) | Do-nothing allows you to avoid inspecting or parsing a URL. |
 | [Disallowed file type extensions]({{< ref "/waf/policies/disallowed-extensions.md" >}}) | Support any file type, and includes a predefined list of file types by default |
 | [Evasion techniques]({{< ref "/waf/policies/evasion-techniques.md" >}}) | All evasion techniques are enabled by default, and can be disabled individually. These include directory traversal, bad escaped characters and more. |
@@ -31,6 +31,7 @@ nd-files:
 | [Server technology signatures]({{< ref "/waf/policies/server-technology-signatures.md" >}}) | Support adding signatures per added server technology. |
 | [Time-based signature staging]({{< ref "/waf/policies/time-based-signature-staging.md" >}}) | Time-based signature staging allows you to stage signatures for a specific period of time. During the staging period, violations of staged signatures are logged but not enforced. After the staging period ends, violations of staged signatures are enforced according to the policy's enforcement mode. |
 | [Threat campaigns]({{< ref "/waf/policies/threat-campaigns.md" >}}) | These are patterns that detect all the known attack campaigns. They are very accurate and have almost no false positives, but are very specific and do not detect malicious traffic that is not part of those campaigns. The default policy enables threat campaigns but it is possible to disable it through the respective violation. |
+| [User-defined browser control]({{< ref "/waf/policies/user-browers.md" >}}) | Allow or deny specific browsers, and define custom browsers |
 | [User-defined HTTP headers]({{< ref "/waf/policies/user-headers.md" >}}) | Handling headers as a special part of requests |
 | [User-defined URLs and parameters]({{< ref "/waf/policies/user-urls-parameters.md" >}}) | Use user-defined properties when configuring violations. |
 | [XFF trusted headers]({{< ref "/waf/policies/xff-headers.md" >}}) | Disabled by default, and can accept an optional list of custom XFF headers. |

content/includes/waf/f5-waf-for-nginx-compiler-compatibility.md renamed to content/includes/waf/waf-nim-compiler-support.md

@@ -5,8 +5,6 @@ nd-files:
 - content/nim/waf-integration/configuration/install-waf-compiler/install.md
 ---
 
-{{<bootstrap-table "table table-striped table-bordered">}}
-
 | F5 WAF for NGINX version | WAF compiler version       |
 |---------------------------|----------------------------|
 | 5.9.0                     | nms-nap-compiler-v5.527.0  |
@@ -27,5 +25,3 @@ nd-files:
 | 4.10.0                    | nms-nap-compiler-v5.48.0   |
 | 4.9.0                     | nms-nap-compiler-v5.17.0   |
 | 4.8.1                     | nms-nap-compiler-v4.815.0  |
-
-{{</bootstrap-table>}}

content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md

@@ -13,19 +13,15 @@ You can install the WAF compiler on a system without internet access by creating
 - **Step 1:** Generate the WAF compiler package on a system with internet access.  
 - **Step 2:** Move the generated package to the offline target system and install it.
 
----
-
 ## Before you begin
 
 {{< include "/nim/waf/nim-waf-before-you-begin.md" >}}
 
----
-
 ## WAF compiler version support
 
 Use the table below to find the correct WAF compiler version for each release of F5 WAF for NGINX:
 
-{{< include "/waf/f5-waf-for-nginx-compiler-compatibility.md" >}}
+{{< include "/waf/waf-nim-compiler-support.md" >}}
 
 {{< call-out "note" >}}
 Beginning with version 5.9.0, both the virtual machine and container installation packages are categorized under the 5.x.x tag.  

content/nim/waf-integration/configuration/install-waf-compiler/install.md

@@ -24,27 +24,21 @@ To organize instances running the same version, you can create [instance groups]
 
 For an overview of how the compiler works, see [Security bundle compilation]({{< ref "/nim/waf-integration/overview#security-bundle" >}}).
 
----
-
 ## Before you begin
 
 {{< include "/nim/waf/nim-waf-before-you-begin.md" >}}
 
----
-
 ## WAF compiler version support
 
 Use the table below to find the correct WAF compiler version for each release of F5 WAF for NGINX:
 
-{{< include "/waf/f5-waf-for-nginx-compiler-compatibility.md" >}}
+{{< include "/waf/waf-nim-compiler-support.md" >}}
 
 {{< call-out "note" >}}
 Beginning with version 5.9.0, both the virtual machine and container installation packages are categorized under the 5.x.x tag.  
 Earlier releases used 4.x.x for VM packages (for example, NAP 4.15.0, NAP 4.16.0) and 5.x.x for container packages (for example, NAP 5.7.0, NAP 5.8.0).
 {{< /call-out >}}
 
----
-
 ## Install the WAF compiler
 
 {{< tabs name="install-waf-compiler" >}}