removed 4th level header

dkleinF5 · dkleinF5 · commit 630f9ea1f0fc · 2025-12-03T14:00:55.000Z
diff --git a/content/waf/configure/nginx-features.md b/content/waf/configure/nginx-features.md
@@ -28,114 +28,12 @@ F5 WAF for NGINX inspects direct client-facing requests, but does not inspect in
 
 Examples of subrequest-based modules:
 
-* njs 
-* Client authorization 
 * Slice 
+* Client authorization 
 * Mirror 
+* njs 
 
-### Example
-
-{{< tabs name="subrequest-example" >}}
-
-{{% tab name="nginx.conf" %}}
-
-```nginx
-user nginx;
-worker_processes  auto;
-
-events {
-    worker_connections  1024;
-}
-
-load_module modules/ngx_http_app_protect_module.so;
-load_module modules/ngx_http_js_module.so;
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-    sendfile        on;
-    keepalive_timeout  65;
-    js_import main from example.js;
-
-    server {
-        listen       80;
-        server_name  localhost;
-        proxy_http_version 1.1;
-        app_protect_enable on;
-
-        location / {
-            proxy_pass        http://127.0.0.1:8080/foo/$request_uri;
-        }
-    }
-    server {
-        listen       127.0.0.1:8080;
-        server_name  localhost;
-        proxy_http_version 1.1;
-
-        location /foo {
-            js_content main.fetch_subrequest;
-        }
-
-        location / {
-            internal;
-            return 200  "Hello! I got your URI request - $request_uri\n";
-        }
-    }
-}
-```
-
-{{% /tab %}}
-
-{{% tab name="example.js" %}}
-
-```js
-async function fetch_subrequest(r) {
-    let reply = await r.subrequest('/<script>');
-    let response = {
-        uri: reply.uri,
-        code: reply.status,
-        body: reply.responseText,
-    };
-    r.return(200, JSON.stringify(response));
-}
-
-export default {join};
-```
-
-{{% /tab %}}
-
-{{< /tabs >}}
-
-If the njs handler triggers an internal subrequest to `/<script>`, it is not inspected by F5 WAF for NGINX and succeeds: 
-
-```shell
-curl "localhost/"  
-```
-
-```text
-{"uri":"/<script>","code":200,"body":"Hello! I got your URI request - /foo//\n"}
-
-```
-
-However, if a direct, client-facing request attempts to trigger the same URL, it is inspected by F5 WAF for NGINX and is blocked according to the security policy.
-
-```shell
-curl "localhost/<script>"
-```
-
-```text
-<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.
-
-Your support ID is: 123456789
-
-<a href='javascript:history.back();'>[Go Back]</a></body></html>
-```
-
-### Additional subrequest-based examples
-
-These examples show other subrequest-based modules. In each case, internal subrequests are not inspected by WAF.
-
-#### Slice
+### Slice module example
 
 ```nginx
 load_module modules/ngx_http_app_protect_module.so;
@@ -164,7 +62,7 @@ http {
 }
 ```
 
-#### Mirror
+### Mirror module example
 
 ```nginx
 load_module modules/ngx_http_app_protect_module.so;
@@ -189,7 +87,38 @@ http {
 }
 ```
 
-#### njs
+### Client authorization module example
+
+```nginx
+load_module modules/ngx_http_app_protect_module.so;
+
+http {
+    server {
+        listen       127.0.0.1:8080;
+        server_name  localhost;
+
+        location / {
+            auth_request /scan;
+            proxy_pass        http://localhost:8888;
+        }
+        location /scan {
+            proxy_pass        http://localhost:8081$request_uri;
+       }
+    }
+
+    server {
+        listen       127.0.0.1:8081;
+        server_name  localhost;
+
+        location /scan {
+            app_protect_enable on;
+            proxy_pass        http://localhost:8888;
+        }
+    }
+}
+```
+
+### njs module example
 
 ```nginx
 load_module modules/ngx_http_app_protect_module.so;
@@ -219,37 +148,104 @@ http {
 }
 ```
 
-#### Client authorization
+### General example (njs subrequest-based module)
+
+{{< tabs name="subrequest-example" >}}
+
+{{% tab name="nginx.conf" %}}
 
 ```nginx
+user nginx;
+worker_processes  auto;
+
+events {
+    worker_connections  1024;
+}
+
 load_module modules/ngx_http_app_protect_module.so;
+load_module modules/ngx_http_js_module.so;
 
 http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+    js_import main from example.js;
+
     server {
-        listen       127.0.0.1:8080;
+        listen       80;
         server_name  localhost;
+        proxy_http_version 1.1;
+        app_protect_enable on;
 
         location / {
-            auth_request /scan;
-            proxy_pass        http://localhost:8888;
+            proxy_pass        http://127.0.0.1:8080/foo/$request_uri;
         }
-        location /scan {
-            proxy_pass        http://localhost:8081$request_uri;
-       }
     }
-
     server {
-        listen       127.0.0.1:8081;
+        listen       127.0.0.1:8080;
         server_name  localhost;
+        proxy_http_version 1.1;
 
-        location /scan {
-            app_protect_enable on;
-            proxy_pass        http://localhost:8888;
+        location /foo {
+            js_content main.fetch_subrequest;
+        }
+
+        location / {
+            internal;
+            return 200  "Hello! I got your URI request - $request_uri\n";
         }
     }
 }
 ```
 
+{{% /tab %}}
+
+{{% tab name="example.js" %}}
+
+```js
+async function fetch_subrequest(r) {
+    let reply = await r.subrequest('/<script>');
+    let response = {
+        uri: reply.uri,
+        code: reply.status,
+        body: reply.responseText,
+    };
+    r.return(200, JSON.stringify(response));
+}
+
+export default {join};
+```
+
+{{% /tab %}}
+
+{{< /tabs >}}
+
+If the njs handler triggers an internal subrequest to `/<script>`, it is not inspected by F5 WAF for NGINX and succeeds: 
+
+```shell
+curl "localhost/"  
+```
+
+```text
+{"uri":"/<script>","code":200,"body":"Hello! I got your URI request - /foo//\n"}
+
+```
+
+However, if a direct, client-facing request attempts to trigger the same URL, it is inspected by F5 WAF for NGINX and is blocked according to the security policy.
+
+```shell
+curl "localhost/<script>"
+```
+
+```text
+<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.
+
+Your support ID is: 123456789
+
+<a href='javascript:history.back();'>[Go Back]</a></body></html>
+```
+
 ## Range header–dependent modules
 
 Features that add or depend on the HTTP Range header are unsupported in the same scope as __app_protect_enable__ on. Place Range-dependent logic in a separate scope that does not enable F5 WAF for NGINX, and have the F5 WAF for NGINX enable frontend proxy to that backend.
@@ -259,9 +255,7 @@ Examples of Range-dependent features:
 - Static location
 - Range
 
-### Additional range-based examples
-
-#### Static location
+### Static location example
 
 ```nginx
 load_module modules/ngx_http_app_protect_module.so;
@@ -284,7 +278,7 @@ http {
 }
 ```
 
-#### Range
+### Range example
 
 ```nginx
 load_module modules/ngx_http_app_protect_module.so;
