Nginx WAF should log all activity

[acozine]

User story

As an engineer, I want to know what traffic is being blocked by the WAF and why. This will help us understand why turning the WAF on by default caused #5561 and help investigate the WAF more generally.

Acceptance criteria

Starting with the Dev load balancer, enable and configure WAF logging.

• Our Dev Nginxplus servers log WAF activity to a particular log
• I can turn the WAF on for a staging site, create blocked traffic, and see information about that traffic in the log
• The WAF itself and WAF logging are separately configurable for the Dev and Prod load balancers
• Add documentation about the WAF and WAF logging

Related to #5562.

Implementation notes, if any

Resources:

• Docs on security log configuration
• Overview of WAF logging
• Possibly relevant KB article

[hackartisan]

It would be so useful to have a page in the pul-it-handbook about "The WAF". Here are some questions it could answer:

• what is a WAF?
• what is "The WAF"?
• why do we have a WAF?
• what software powers it?
• where can I find the documentation for that software?
• what is the link to the logs we have?
• what kinds of things / processes might make me want to look at the logs?
• what should I do when I get to the logs / how do I navigate them?