From dd680975f66ba9e523ccf3ebdf920172e9132e27 Mon Sep 17 00:00:00 2001
From: nginx-aoife <50101789+nginx-aoife@users.noreply.github.com>
Date: Tue, 17 Dec 2024 09:55:19 +0000
Subject: [PATCH] Update security.md

Fixing a broken link to WAFv5 docs.
Making the incompatible link more specific to v4 to avoid confusion.

Signed-off-by: nginx-aoife <50101789+nginx-aoife@users.noreply.github.com>
---
 site/content/configuration/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site/content/configuration/security.md b/site/content/configuration/security.md
index 33104bec7e..5e4c7ea74c 100644
--- a/site/content/configuration/security.md
+++ b/site/content/configuration/security.md
@@ -34,7 +34,7 @@ By default, the ServiceAccount has access to all Secret resources in the cluster
 ### Configure root filesystem as read-only
 
 {{< caution >}}
- This feature is compatible with [NGINX App Protect WAFv5](https://docs.nginx.com/nginx-app-protect-waf-v5/). It is not compatible with [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) or [NGINX App Protect DoS](https://docs.nginx.com/nginx-app-protect-dos/).
+ This feature is compatible with [NGINX App Protect WAFv5](https://docs.nginx.com/nginx-app-protect-waf/v5/). It is not compatible with [NGINX App Protect WAFv4](https://docs.nginx.com/nginx-app-protect-waf/v4/) or [NGINX App Protect DoS](https://docs.nginx.com/nginx-app-protect-dos/).
 {{< /caution >}}
 
 NGINX Ingress Controller is designed to be resilient against attacks in various ways, such as running the service as non-root to avoid changes to files. We recommend setting filesystems on all containers to read-only, this includes `nginx-ingress-controller`, though also includes `waf-enforcer` and `waf-config-mgr` when NGINX App Protect WAFv5 is in use.  This is so that the attack surface is further reduced by limiting changes to binaries and libraries.