F5 Networks offers the Advanced Web Application Firewall (WAF) to provide bot defense, advanced application protection, anti-bot SDK, and other features.
N/A
NGINX
Score 9.2 out of 10
Enterprise companies (1,001+ employees)
NGINX, a business unit of F5 Networks, powers over 65% of the world's busiest websites and web applications. NGINX started out as an open source web server and reverse proxy, built to be faster and more efficient than Apache. Over the years, NGINX has built a suite of infrastructure software products o tackle some of the biggest challenges in managing high-transaction applications. NGINX offers a suite of products to form the core of what organizations need to create…
N/A
Pricing
F5 Big-IP Advanced WAF
NGINX
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
F5 Big-IP Advanced WAF
NGINX
Free Trial
No
Yes
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
—
More Pricing Information
Community Pulse
F5 Big-IP Advanced WAF
NGINX
Features
F5 Big-IP Advanced WAF
NGINX
Application Servers
Comparison of Application Servers features of Product A and Product B
Advanced WAF is well suited for protection against account enumeration attacks, protection against known and new increasing attack vectors through out of the box attack signatures and threat campaigns. Also, up to date and accurate IP intelligence database to block based on known IP reputation.
Nginx is well suited for serving any static content - whether that be images, JS files, HTML files, CSS files, videos, etc. If you have a high-traffic website, Nginx will be a great fit because it handles large number of requests extremely efficiently. Nginx has full support on Unix systems, but only has limited support on Microsoft Windows machines.
So the product definitely is helping us for sudden attacks through DDOS, some injection ingestion into UI URLs, and definitely it's capturing those and I definitely see that as an advantage for us. They can stop the hackers from using our endpoints.
Straight-forward configuration format that users of all skill levels can learn, and yet is powerful enough for the huge breadth of features that Nginx provides.
Massive scale right out the box. We've never had a Nginx instance overwhelmed by requests, and if we did it would be trivial to spin up more Nginx instances to handle the load.
SSL termination means that we can deliver content over HTTPS without needing our individual services to require TLS support. This saves us a lot of time and headache while keeping us secure.
Nginx is open-source and free, meaning that anyone can use it to power their services, from individual projects to billion-dollar websites.
The UI for events. E.g., clicking the "Accept" button does nothing.
Traffic learning suggestions are often very incorrect. We were originally suggested to use "Automatic" learning, and had to completely scrap the policy due to the suggestions.
"All in one" dashboard for viewing application URL/parameter overrides per policy.
Nginx often requires some initial configuration. It's worth doing, because you'll end up with great results, but it can be slightly daunting for someone to get started using it. Apache might have a leg up in that regard--When you install Apache, typically it's just about ready to do what you want already. But the issue with Apache is that most people skip the extensive tuning phase required after that, and with nginx it becomes more just a part of the configuration process.
Sometimes, the configuration syntax, even though it's powerful and terse, isn't the most intuitive. Luckily there's plenty of documentation about what things mean and how to accomplish certain things. There may not be much that can be done about this--to have a powerful web server, you need a powerful-enough configuration language.
The nginx brand is somewhat fragmented, and it can be confusing. There's the open source nginx web server, which I've primarily been referring to. But then there's NGINX Plus, a premium subscription-based service which works with a range of other NGINX products (NGINX WAF, NGINX Amplify, NGINX Controller). I've met a number of people who weren't very familiar with nginx, and instinctively went to nginx.com first, and from there it seems like everything costs money. It's only when they realize there's a different site, nginx.org, that they find what they went looking for.
Most* of it is very intuitive and easy to use. The "Help" section is fairly fantastic. See some of my other comments about things like the "Traffic Learning" section being wildly wrong sometimes, and also the event logs with UI buttons that don't do anything. Overall though, it's an excellent product.
Front end proxy and reverse proxy of Nginx is always useful. I always prefer to Nginx in overall usability when you have application server and database or multiple application servers and single database i.e. clustered application. Nginx provides really good features and flexibility which helps the system administrator in case of troubleshooting and also from the administration perspective. Also, Nginx doesn't delay any request because of internal performance issues.
Community support is great, and they've also had a presence at conferences. Overall, there is no shortage of documentation and community support. We're currently using it to serve up some WordPress sites, and configuring NGINX for this purpose is well documented.
I believe that in the case of Big-IP F5, it has a lot of power, a lot of features including the VPN features and also the evaluation of security posture of the devices that connect through VPN. That's very solid and that's something that is not found in all the WAF solutions and so I haven't seen that in Azure.
I have found that [NGINX] seems to perform better throughout the years with less issues although I've used Apache more. I would definitely recommend [NGINX] for any high volume site and I've seen this to usually be the case from most provided web hosts who will pick [NGINX] over alternatives
In our case it has been great because the pricing is just right for all the features that we have on the platform and the flexibility. In fact, we acquired another license last year, so that's something that we're interested in. We are currently moving towards the cloud with our ERP systems and eliminating the IBM platform, so we would like to see that F5 virtual option available on Azure.
When we first migrated our primary bidding environment architecture to Nginx, it was under duress due to Apache's inability to keep up when we consolidated away from an HAproxy model to a central HTTP proxy. So we even when we did not know what we were doing, we were able to make it work in a bad situation, and everyone was quite happy.
The biggest complaint I have is that I find the module compilation requirements for nginx+ rather burdensome. If we pay for Nginx+, I'd love to see then have pre-built modules for ready for each release of more modules. We are spending our own time engineering an in-house solution for module testing for nginx+ releases, which is disappointing.
I've also, as the primary Nginx person at my organization, inserted my expertise into other projects, and have saved our company lots of money getting rid of big $$$ appliances for general SSL proxying.
Speaking of Nginx replacing SSL appliances, we had an instance where we had to suddenly enable elliptic-curve SSL ciphers and our big $$$ appliances (you know who they are), were falling over. Even their SSL accelerator cards, after all, are just a few extra cores to process SSL. But in an environment of our size, we use DNS to spread the load to hundreds of frontend proxies with dozens of cores each to spread this load out, all at a lower price than ONE of the appliance pairs running Nginx. We couldn't even tell the change in load in our Nginx architecture when we enabled the ciphers.