docs: consolidate glossary pages #1374
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| title: "F5 NGINX Glossary" | ||
| weight: 100 | ||
| --- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| --- | ||
| description: '' | ||
| title: Glossary | ||
| nd-docs: DOCS-602 | ||
| weight: 1000 | ||
| toc: true | ||
| nd-content-type: reference | ||
| --- | ||
|
|
||
| This glossary defines terms used in F5 NGINX. | ||
|
|
||
| ## General terms | ||
|
|
||
| {{<table>}} | ||
| | Term | Definition | | ||
| |-------------|-------------| | ||
| | **Config Sync Group** / **Instance Group** | A group of NGINX systems (or instances) with identical configurations. They may also share the same certificates. However, the instances in a Config Sync Group could belong to different systems and even different clusters. Also known as an Instance Group in NGINX Instance Manager. For more information, see this explanation of [Important considerations]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md#important-considerations" >}}) | | ||
| | **Control Plane** | The control plane is the part of a network architecture that manages and controls the flow or data or traffic (the Data Plane). It is responsible for system-level tasks such as routing and traffic management. | | ||
| | **Data Plane** | The data plane is the part of a network architecture that carries user traffic. It handles tasks like forwarding data packets between devices and managing network communication. In the context of NGINX, the data plane is responsible for tasks such as load balancing, caching, and serving web content. | | ||
| | **Instance** | An instance is an individual system with NGINX installed. You can group the instances of your choice in a Config Sync Group. When you add an instance to NGINX One Console, you need to use a data plane key. | | ||
| | **Namespace** | In F5 Distributed Cloud, a namespace groups a tenant's configuration objects, similar to administrative domains. Every object in a namespace must have a unique name, and each namespace must be unique to its tenant. This setup ensures isolation, preventing cross-referencing of objects between namespaces. You'll see the namespace in the NGINX One Console URL as `/namespaces/<namespace name>/`. To switch an instance between namespaces, you have to deregister an instance from an old namespace, and register it on the new namespace. | | ||
| | **NGINX Agent** | A lightweight software component installed on NGINX instances to enable communication with the NGINX One console. NGINX Agent also enables communication with NGINX Instance Manager. | | ||
| | **Staged Configurations** | Also known as **Staged Configs**. Allows you to save "work in progress." You can create it from scratch, an Instance, another Staged Config, or a Config Sync Group. It does _not_ have to be a working configuration until you publish it to an instance or a Config Sync Group. You can even manage your **Staged Configurations** through our [API]({{< ref "/nginx-one/api/api-reference-guide/#tag/StagedConfigs" >}}). | | ||
| | **Tenant** | A tenant in F5 Distributed Cloud is an entity that owns a specific set of configuration and infrastructure. It is fundamental for isolation, meaning a tenant cannot access objects or infrastructure of other tenants. Tenants can be either individual or enterprise, with the latter allowing multiple users with role-based access control (RBAC). | | ||
| {{</table>}} | ||
|
|
||
| ## Authentication and Authorization terms | ||
|
|
||
| {{<table>}} | ||
| | Term | Definition | | ||
| |-------------|-------------| | ||
| | **Access Token** | Defined in OAuth2, this (optional) short lifetime token provides access to specific user resources as defined in the scope values in the request to the authorization server (can be a JSON token as well). | | ||
| | **ID Token** | Specific to OIDC, the primary use of the token in JWT format is to provide information about the authentication operation's outcome. | | ||
| | **Identity Provider (IdP)** | A service that authenticates users and verifies their identity for client applications. | | ||
| | **JSON Web Token (JWT)** | An open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. | | ||
| | **Protected Resource** | A resource that is hosted by the resource server and requires an access token to be accessed. | | ||
| | **Refresh Token** | Coming from OAuth2 specs, the token is usually long-lived and may be used to obtain new access tokens. | | ||
| | **Relying Party (RP)** | A client service required to verify user identity. | | ||
| {{</table>}} | ||
|
|
||
| ## Kubernetes and Ingress Controller terms | ||
|
|
||
| {{<table>}} | ||
| | Term | Definition | | ||
| |-------------|-------------| | ||
| | **Ingress** | Refers to an *Ingress Resource*, a Kubernetes API object which allows access to [Services](https://kubernetes.io/docs/concepts/services-networking/service/) within a cluster. They are managed by an [Ingress Controller]({{< ref "/nic/glossary.md#ingress-controller">}}). *Ingress* resources enable the following functionality:<br>* **Load balancing**, extended through the use of Services<br>* **Content-based routing**, using hosts and paths<br>* **TLS/SSL termination**, based on hostnames<br><br>For additional information, please read the official [Kubernetes Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/). | | ||
| | **Ingress Controller** | Ingress Controllers are applications within a Kubernetes cluster that enable [Ingress]({{< ref "/nic/glossary.md#ingress">}}) resources to function. They are not automatically deployed with a Kubernetes cluster, and can vary in implementation based on intended use, such as load balancing algorithms for Ingress resources. [The design of NGINX Ingress Controller]({{< ref "/nic/overview/design.md">}}) explains the technical details of NGINX Ingress Controller. | | ||
| {{</table>}} | ||
|
|
||
| ## F5 WAF for NGINX | ||
| This section defines terminology used when describing functionality of F5 WAF for NGINX. | ||
|
|
||
| It assumes you are familiar with various layer 7 (L7) hypertext transfer protocol (HTTP) concepts such as: | ||
|
|
||
| - Cookies | ||
| - HTTP methods and status codes | ||
| - HTTP headings, requests, responses, and parameters | ||
| - Uniform Resource Identifier (URI) | ||
| - Uniform Resource Location (URL) | ||
|
|
||
| {{< include "waf/terminology.md" >}} | ||
|
|
||
| ## NGINX Alerts | ||
|
|
||
| To set up NGINX Alerts through the F5 Distributed Cloud, follow the procedure in [Set up security alerts]({{< ref "/nginx-one/secure-your-fleet/set-up-security-alerts/" >}}). | ||
|
|
||
| {{< include "/nginx-one/alert-labels.md" >}} | ||
|
|
||
|
|
||
| ## Legal notice: Licensing agreements for NGINX products | ||
|
Contributor
There was a problem hiding this comment. This section seems out of place. Is it necessary?
Contributor
There was a problem hiding this comment. I don't know. When I run a git blame in our now archived repo, it shows that you added this info to content/nginx-one/about.md in obsolete PR 594 back in January of 2024. |
||
|
|
||
| Using NGINX One is subject to our End User Service Agreement (EUSA). For [NGINX Plus]({{< ref "/nginx" >}}), usage is governed by the End User License Agreement (EULA). Open source projects, including [NGINX Agent](https://github.com/nginx/agent) and [NGINX Open Source](https://github.com/nginx/nginx), are covered under their respective licenses. For more details on these licenses, follow the provided links. | ||
|
|
||
| ## References | ||
|
|
||
| - [F5 Glossary](https://www.f5.com/glossary) | ||
| - [F5 Distributed Cloud: Core Concepts](https://docs.cloud.f5.com/docs/ves-concepts/core-concepts) | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| --- | ||
| files: | ||
| - content/glossary/glossary.md | ||
| - content/waf/fundamentals/terminology.md | ||
| --- | ||
|
|
||
| {{<table>}} | ||
|
|
||
| |Term | Definition | | ||
| | ---| --- | | ||
| | Alarm | If selected, the F5 WAF for NGINX system records requests that trigger the violation in the remote log (depending on the settings of the logging profile). | | ||
| | Attack signature | Textual patterns which can be applied to HTTP requests and/or responses by F5 WAF for NGINX to determine if traffic is malicious. For example, the string `<script>` inside an HTTP request triggers an attack signature violation. | | ||
| | Attack signature set | A collection of attack signatures designed for a specific purpose (such as Apache). | | ||
| | Bot signatures | Textual patterns which can be applied to an HTTP request's User Agent or URI by F5 WAF for NGINX to determine if traffic is coming from a browser or a bot (trusted, untrusted or malicious). For example, the string `googlebot` inside the User-Agent header will be classified as `trusted bot`, and the string `Bichoo Spider` will be classified as `malicious bot`. | | ||
| | Block | To prevent a request from reaching a protected web application. If selected (and enforcement mode is set to Blocking), F5 WAF for NGINX blocks requests that trigger the violation. | | ||
| | Blocking response page | A blocking response page is displayed to a client when a request from that client has been blocked. Also called blocking page and response page. | | ||
| | Enforcement mode | Security policies can be in one of two enforcement modes:<ul><li>**Transparent mode** In Transparent mode, Blocking is disabled for the security policy. Traffic is not blocked even if a violation is triggered with block flag enabled. You can use this mode when you first put a security policy into effect to make sure that no false positives occur that would stop legitimate traffic.</li><li>**Blocking mode** In Blocking mode, Blocking is enabled for the security policy, and you can enable or disable the Block setting for individual violations. Traffic is blocked when a violation occurs if you configure the system to block that type of violation. You can use this mode when you are ready to enforce the security policy. You can change the enforcement mode for a security policy in the security policy JSON file.</li></ul> | | ||
| | Entities | The elements of a security policy, such as HTTP methods, as well as file types, URLs, and/or parameters, which have attributes such as byte length. Also refers to elements of a security policy for which enforcement can be turned on or off, such as an attack signature. | | ||
| | False positive | An instance when F5 WAF for NGINX treats a legitimate request as a violation. | | ||
| | File types | Examples of file types are .php, .asp, .gif, and .txt. They are the extensions for many objects that make up a web application. File Types are one type of entity a F5 WAF for NGINX policy contains. | | ||
| | Illegal request | A request which violates a security policy | | ||
| | Legal request | A request which has not violated the security policy. | | ||
| | Loosening | The process of adapting a security policy to allow specific entities such as File Types, URLs, and Parameters. The term also applies to attack signatures, which can be manually disabled — effectively removing the signature from triggering any violations. | | ||
| | Parameters | Parameters consist of "name=value" pairs, such as OrderID=10. The parameters appear in the query string and/or POST data of an HTTP request. Consequently, they are of particular interest to F5 WAF for NGINX because they represent inputs to the web application. | | ||
| | TPS/RPS | Transactions per second (TPS)/requests per second (RPS). In F5 WAF for NGINX, these terms are used interchangeably. | | ||
| | Tuning | Making manual changes to an existing security policy to reduce false positives and increase the policy's security level. | | ||
| | URI/URL | The Uniform Resource Identifier (URI) specifies the name of a web object in a request. A Uniform Resource Locator (URL) specifies the location of an object on the Internet. For example, in the web address, `http://www.siterequest.com/index.html`, index.html is the URI, and the URL is `http://www.siterequest.com/index.html`. In F5 WAF for NGINX, the terms URI and URL are used interchangeably. | | ||
| | Violation | Violations occur when some aspect of a request or response does not comply with the security policy. You can configure the blocking settings for any violation in a security policy. When a violation occurs, the system can Alarm or Block a request (blocking is only available when the enforcement mode is set to Blocking). | | ||
|
|
||
| {{</table>}} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@travisamartin , I like @ChisomUma 's idea to set this up in a separate card for the NGINX doc index page. But I'm OK if you disagree.