NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
Naxsi:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf
or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
Naxsi:
IgnoreIP
and IgnoreCIDR
(#534 and #532)config=ignore
mode to identify non blocked requestsSpecial thanks to:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf
or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
Naxsi:
Special thanks to: jltignon
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf
or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
Naxsi:
Special thanks to:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf
or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
naxsi:
nxtool:
Special thanks to:
This release mostly aims at integrating HTTP2 support into naxsi.
19
to allow users to only rely on lib-injection (951123a)This release mostly aims at integrating HTTP2 support into naxsi.
form/url-encoded
POST payloadsVersion 0.55.3
fixed a bug where two rules in LOG and a DROP could conflict if a request was tagged as DROP but not BLOCK.
Version 0.55.2
fixed a bug where when two consecutive virtual patching rules on the same zone are checked, a mismatch of the matchzone
on the first one would make the following one fail as well.
Version 0.55.1 fixes a build issue when naxsi was used with mod_lua and other modules.