nginx - naxsi

最後更新: 2019-04-24

介紹

nginx-naxsi 是一個 WAF module 來, 功能相當於 mod_security

WAF: web applications firewall (Anti XSS & SQL injection. )

In short, Naxsi behaves like a DROP-by-default firewall,

the only job needed is to add required ACCEPT rules for the target website to work properly.

用到的情況:

closed source web apps fix 唔到 bugs

它會 check 以下 requests

  • GET-requests
  • HTTP headers
  • POST-request

常用的 Rule (Drupal, wordpress)

https://github.com/nbs-system/naxsi-rules


安裝

 

Auto

apt-get install nginx-naxsi

人手 Compile

# OS: U12

# Download Source

cd /usr/src

git clone https://github.com/nbs-system/naxsi.git

# Compile

cd /usr/src/tengine

./configure ... \
    --add-module=/usr/src/naxsi/naxsi_src

# Copy core rules

cp /usr/src/naxsi/naxsi_config/naxsi_core.rules /etc/nginx


使用

 

/etc/nginx/nginx.conf

http {
    ........
    include /etc/nginx/naxsi_core.rules;
}

/etc/nginx/sites-enabled/proxy_www

server {
     ....
     location / {
         ....
         include    /etc/nginx/naxsi.rules;
     }
     location /RequestDenied {
         return 418;
     }
}

naxsi.rules

# Sample rules file for default vhost.
LearningMode;

SecRulesEnabled;
#SecRulesDisabled;

DeniedUrl "/RequestDenied";

## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

 


DOC

 

http://code.google.com/p/naxsi/wiki/Howto