Try our new research platform with insights from 80,000+ expert users
NGINX App Protect Logo

NGINX App Protect Reviews

Vendor: F5
4.2 out of 5
Leave a review

What is NGINX App Protect?

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

Get the NGINX App Protect Buyer's Guide and find out what your peers are saying about NGINX App Protect, Prisma Cloud by Palo Alto Networks, Checkmarx One and more!
NGINX App Protect is the #3 ranked solution in API Security Solutions, #16 ranked solution in top Web Application Firewalls, and #22 ranked solution in Container Security Solutions. PeerSpot users give NGINX App Protect an average rating of 8.4 out of 10. NGINX App Protect is most commonly compared to Prisma Cloud by Palo Alto Networks: NGINX App Protect vs Prisma Cloud by Palo Alto Networks. NGINX App Protect is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.
Buyer's Guide
NGINX App Protect
July 2025
Get the report
Helped 863,641 peers since 2012

Featured NGINX App Protect reviews

Read more reviews

NGINX App Protect mindshare

Product category:
Web Application Firewall (WAF)
As of July 2025, the mindshare of NGINX App Protect in the Web Application Firewall (WAF) category stands at 1.8%, down from 2.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Web Application Firewall (WAF)

PeerResearch reports based on NGINX App Protect reviews

TypeTitleDate
CategoryWeb Application Firewall (WAF)Jul 26, 2025Download
ProductReviews, tips, and advice from real usersJul 26, 2025Download
ComparisonNGINX App Protect vs AWS WAFJul 26, 2025Download
ComparisonNGINX App Protect vs F5 Advanced WAFJul 26, 2025Download
ComparisonNGINX App Protect vs Microsoft Azure Application GatewayJul 26, 2025Download
Suggested products
TitleRatingMindshareRecommending
Prisma Cloud by Palo Alto Networks4.22.0%98%111 interviewsAdd to research
Checkmarx One3.8N/A87%71 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

NGINX App Protect offers flexible security management, reverse proxy capabilities, and integration across platforms. Users value its simple command-line interface, API connectivity, and robust automation for DevOps. Features include OWASP certification, load balancing, bot and brute force protection, flexible policies, and traffic management. The tool provides comprehensive HTTP session control and auto-learning for application profiling, streamlining backend programming while enhancing security with signature-based detection, DOS protection, and effective bot detection and IP blocking.
  • "I would say that the most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves."
  • "Overall, I rate NGINX App Protect between eight and nine."
  • "There's a cache, or it works like a proxy, so it can speed up applications."

Room for Improvement

Configuration lacks flexibility, requiring more automation for setting policies and managing rules. High throughput challenges persist. Limited API exposure and slow bug fixes hinder performance. Licensing becomes expensive quickly. User interface and technical support need refinement. Compatibility issues with existing infrastructure are present. Integration with more security features and a clearer roadmap are desired. Documentation is insufficient, making advanced feature exploration difficult. Pricing and understanding of hardware requirements require attention.
  • "It would be better if it were easier to implement and if there was more information from F5 regarding hardware requirements and specifications to deploy the service, to avoid disruptions after implementation."
  • "It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."
  • "The product's price is high, making it an area of concern where improvements are required. The tool's licensing model is also not good."

ROI

Organizations experienced a notable ROI from NGINX App Protect, especially during the transition to remote work due to Covid. The investment in NGINX App Protect provided immediate advantages, enhancing application security and delivering cost-effectiveness. Some companies report being in early testing phases, lacking clear ROI visibility, although they acknowledge benefits like improved network security and integration ease with CICD pipelines. One entity invested $40,000 and anticipates $30,000 in returns within eight months.

Pricing

NGINX App Protect pricing is considered high, with licensing fees reported between $3,000 to $40,000 annually. Its subscription-based model offers flexibility with yearly or multi-year options. While some find the costs reasonable, others note it as expensive compared to alternatives like Imperva. Licensing is annual without additional fees, and pricing varies based on architecture and usage. Customers perceive it similar to top-tier Gartner Magic Quadrant products in cost.
  • "The product's price is high."
  • "NGINX App Protect is expensive."
  • "The price of NGINX App Protect is not much different from the products that fall under the leader category of Gartner Magic Quadrant."

Popular Use Cases

NGINX App Protect is mainly used for securing web applications, including internet banking and published services. It functions as a web application firewall, load balancer, and reverse proxy. Users employ it in container environments such as Kubernetes and OpenShift, in cloud perimeter security, and to protect APIs. It also integrates into deployment pipelines and guards against OWASP threats, with capabilities for automated cases and decentralized applications.

Service and Support

NGINX App Protect's customer service is fast and helpful, though some report delays in response time. Technical support is knowledgeable but sometimes asks unnecessary questions. Users experienced varying quality, with some finding it expensive, lacking technical skills, or requiring issue escalation. Previous experiences with BIG-IP were efficient. Though responsiveness has improved, some prefer alternatives. Many rate support highly, around eight to nine out of ten. Some customers rely on their expertise due to unavailable support.

Deployment

NGINX App Protect's initial setup is generally considered simple, especially for those familiar with similar tasks, but can become challenging due to security certificates and custom configurations. Most organizations faced additional work when dealing with certificates. Basic deployments are quick, but complex setups involving multiple applications or granular security require more time. Experience aids efficiency, while novices may find it more demanding. Deployment times vary from days to months, with automation and preparation easing the process.

Scalability

NGINX App Protect offers scalability with various licensing options, suitable for diverse user counts. While perceived as scalable by many, challenges exist in handling traffic and configuration complexities, especially with deployment lag and lack of centralized options. It supports a wide range of users but may require upgrading hardware for traffic expansion. Users report it to be scalable but note specific limitations related to policy design and application-specific scalability.

Stability

NGINX App Protect exhibits excellent stability. Many users highlight its dependable operation and compare it favorably against other options like Imperva. It can manage substantial traffic, handling up to 70,000 requests per second. Users often rate its stability between eight and eight-point-five out of ten, praising its lightweight and fast performance. Some mention areas for improvement but consistently note its reliability. The application is versatile, running efficiently as a module with Ingress Controller.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our NGINX App Protect Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
14%
Comms Service Provider
8%
Manufacturing Company
7%
Retailer
6%
Energy/Utilities Company
5%
University
5%
Healthcare Company
5%
Media Company
3%
Insurance Company
3%
Educational Organization
3%
Legal Firm
3%
Real Estate/Law Firm
3%
Performing Arts
2%
Wholesaler/Distributor
2%
Government
2%
Hospitality Company
2%
Construction Company
2%
Transportation Company
1%
Non Profit
1%
Outsourcing Company
1%
Pharma/Biotech Company
1%
Recreational Facilities/Services Company
1%
Logistics Company
1%
Consumer Goods Company
1%

Compare NGINX App Protect with alternative products

Go!

Learn more about NGINX App Protect

  • Integrating security controls directly into the development automation pipeline
  • Applying and managing security for modern and distributed application environments such as containers and microservices
  • Providing the right level of security controls without impacting release and go-to-market velocity
  • Complying with security and regulatory requirements

NGINX App Protect offers:

  • Expanded security beyond basic signatures to ensure adequate controls
  • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
  • Confidently run in “blocking” mode in production with proven F5 expertise
  • High‑confidence signatures for extremely low false positives
  • Increases visibility, integrating with third‑party analytics solutions
  • Integrates security and WAF natively into the CI/CD pipeline
  • Deploys as a lightweight software package that is agnostic of underlying infrastructure
  • Facilitates declarative policies for “security as code” and integration with DevOps tools
  • Decreases developer burden and provides feedback loop for quick security remediation
  • Accelerates time to market and reduces costs with DevSecOps‑automated security

NGINX App Protect was previously known as NGINX WAF, NGINX Web Application Firewall.

Related questions

  • 45
Which lesser known firewall product has the best chance at unseating the market leaders?
  • 60
Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
  • 90
What do you recommend for a securing Web Application?
  • 30
Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
  • 45
Imperva WAF vs. Barracuda: Which One is Better?
  • 202
F5 vs. Imperva WAF?
  • 242
When should companies use SSL Inspection?
  • 465
NGFW with URL Filtering vs Web Proxy
  • 685
How does a WAF help to protect against DDoS attacks?
  • 33
What's right for me? Fortinet or Citrix?

Product Categories

Product Categories
Web Application Firewall (WAF)
Container Security
API Security

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs NGINX App Protect Logo
Prisma Cloud by Palo Alto Networks vs NGINX App Protect
Checkmarx One vs NGINX App Protect Logo
Checkmarx One vs NGINX App Protect
Microsoft Azure Application Gateway vs NGINX App Protect Logo
Microsoft Azure Application Gateway vs NGINX App Protect
Azure Front Door vs NGINX App Protect Logo
Azure Front Door vs NGINX App Protect
CrowdStrike Falcon Cloud Security vs NGINX App Protect Logo
CrowdStrike Falcon Cloud Security vs NGINX App Protect
AWS WAF vs NGINX App Protect Logo
AWS WAF vs NGINX App Protect
F5 Advanced WAF vs NGINX App Protect Logo
F5 Advanced WAF vs NGINX App Protect
Fortinet FortiWeb vs NGINX App Protect Logo
Fortinet FortiWeb vs NGINX App Protect
Cloudflare Web Application Firewall vs NGINX App Protect Logo
Cloudflare Web Application Firewall vs NGINX App Protect
Imperva Web Application Firewall vs NGINX App Protect Logo
Imperva Web Application Firewall vs NGINX App Protect
Imperva DDoS vs NGINX App Protect Logo
Imperva DDoS vs NGINX App Protect
Akamai App and API Protector vs NGINX App Protect Logo
Akamai App and API Protector vs NGINX App Protect
Azure Web Application Firewall vs NGINX App Protect Logo
Azure Web Application Firewall vs NGINX App Protect
SUSE NeuVector vs NGINX App Protect Logo
SUSE NeuVector vs NGINX App Protect
Barracuda Web Application Firewall vs NGINX App Protect Logo
Barracuda Web Application Firewall vs NGINX App Protect
See all alternatives
 

NGINX App Protect reviews

Sort by:
JP
Project Manager at a comms service provider with 10,001+ employees
Verified user of NGINX App Protect
Mar 12, 2025
Blocking IPs and detecting bots enhances security for medical websites

Pros

"Overall, I rate NGINX App Protect between eight and nine."

What is our primary use case?

I was researching products like NGINX App Protect and F5 Advanced WAF for long-term options. I have some use for such a solution, but probably not before next year.

What is most valuable?

Detecting bots and blocking IPs have proven effective for securing applications. We were able to block groups of IP addresses that were consistently attempting attacks, preventing them from accessing the website. These features have been deployed for a medical instrument company to protect their website.
*Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Read full review (265 words)
PeerSpot user
IT Architect at a financial services firm with 10,001+ employees
Verified user of NGINX App Protect
Mar 18, 2025
Empowers seamless DevOps integration and future-ready configurations

Pros

"I would say that the most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves."

Cons

"It would be better if it were easier to implement and if there was more information from F5 regarding hardware requirements and specifications to deploy the service, to avoid disruptions after implementation."

What is our primary use case?

We are moving into a private cloud for our company, and we need to find a solution to supplement the ASM policy, which is not very flexible in the new environment.

What is most valuable?

I would say that the most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves. It is about keeping some capabilities for the future.
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (331 words)
Buyer's Guide
Download free report
Find out what your peers are saying about NGINX App Protect. Updated July 2025
863,641 professionals have used our research since 2012.
Saurav Kumar - PeerSpot user
Senior security architecture at National Payment Corporation Of India
Verified user of NGINX App Protect
Mar 26, 2024
Offers protection to users from external threats

Pros

"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."

Cons

"Right now, the tool doesn't provide an option revolving around update feeds, specifically the signature update option in the UI."

What is our primary use case?

I use the solution in my company since it has the ability to offer protection from external threats, including the ones under OWASP Top 10. The tool gives you a log report, audit report, and access log report. You can also create your own profile and have the option to block or create transparent, block, and learning modes.

What needs improvement?

Right now, the tool doesn't provide an option revolving around update feeds, specifically the signature update option in the UI. My company uses NGINX Management Suite, which doesn't have the option for UI. NGINX Management Suite doesn't have the proper UI to change a configuration file, which is an ability that the tool should offer.

It would be good if NGINX could provide documentation explaining how to deploy gRPC over NGINX App Protect.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (583 words)
Tomaz Sobczak - PeerSpot user
Security System Engineer at Ascomp S.A.
Verified user of NGINX App Protect
Jul 1, 2024
Signature-based detection, DOS protection, and bot protection

Pros

"There's a cache, or it works like a proxy, so it can speed up applications."

Cons

"It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."

How has it helped my organization?

NGINX App Protect is easier to automate and configure, or manage from an API. This is good for securing applications. However, it's not suitable for more complex tasks.

NGINX App Protect positively impacted performance changes. There's a cache or it works like a proxy, so it can speed up applications. It can also offload some functions from servers, which NGINX can handle faster.

What is most valuable?

It has simple functions, especially for CICD pipelines and automation capabilities. The functions are not as broad as the Advanced WAF.

NGINX has signature-based detection, DOS protection, and bot protection.

*Disclosure: My company has a business relationship with this vendor other than being a customer. partner
Read full review (407 words)
MariosChristodoulou - PeerSpot user
Chief Information Officer at F.P. eSafe Solutions LTD
Verified user of NGINX App Protect
Mar 6, 2024
Very robust and easy to deploy

Pros

"It's very easy to deploy."

Cons

"They could provide a better user interface."

What is our primary use case?

The solution is useful to protect applications. Another use case is integrating NGINX into your deployment pipelines, allowing you to protect your workflows directly from your deployment pipelines.

What is most valuable?

The product is very robust. It's very easy to deploy. You need to take into consideration that it's a security solution that requires knowledge of backend programming. The security team needs to communicate effectively with the developer team for successful integration. If you align communication between the security and developer teams, you'll have the best deployment possible. The way it works is that developers have their way of doing things, and there's a security-centric approach.

*Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Read full review (392 words)
AntoineBlaud - PeerSpot user
Security Data Scientist at a comms service provider with 10,001+ employees
Verified user of NGINX App Protect
Jan 30, 2024
Useful in research of detection percentages but issues persist with custom rules upgrading

Pros

"I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes. "

Cons

"I encountered issues with NGINX App Protect while trying to upgrade custom rules. "

What is our primary use case?

I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes.

What needs improvement?

I encountered issues with NGINX App Protect while trying to upgrade custom rules. 

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (126 words)
Fernando Silva - PeerSpot user
Ingeniero at Servicios Eyenet S.A De C.V
Verified user of NGINX App Protect
May 28, 2024
Useful for customer platforms and portal environments like e-commerce

Pros

"The tool's most valuable feature is the OWASP certification. Additionally, the tool's ability to enforce strong passwords and OTP within minutes is impressive. With its analytics and recommendations, it is a very good solution. "

Cons

"The solution needs to be improved in the e-commerce portal. "

What is our primary use case?

We use the tool for customer platforms and portal environments like e-commerce.

What is most valuable?

The tool's most valuable feature is the OWASP certification. Additionally, the tool's ability to enforce strong passwords and OTP within minutes is impressive. With its analytics and recommendations, it is a very good solution.

*Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Read full review (170 words)
PeerSpot user
Head Competence Center Agile & Communication at a insurance company with 1,001-5,000 employees
Verified user of NGINX App Protect
Dec 1, 2021
Capable of complete automation but is costly

Pros

"We were looking for a product that is capable of complete automation and a container based solution. It's working."

Cons

"As far as scalability, it takes a long time for deployment."

What is our primary use case?

We tried to secure our public exposed APIs with NGINX App Protect. The cases must be all completely automated, because we want to build a self-service engine so that a decentralized approach is possible in the organization.

What is most valuable?

We were looking for two main valuable features. We were looking for a product that is capable of complete automation and a container based solution. It's working.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (710 words)