Web Application Firewall module for NGINX
phanquochien at gmail.com
Wed Aug 31 11:20:03 UTC 2011
I've waited this long ago. Finally, WAF for nginx has been released.
Thank for your great works.
On Wed, Aug 31, 2011 at 3:21 PM, Thibault Koechlin <
thibault.koechlin at nbs-system.com> wrote:
> Hello list,
> Just a short mail to announce the release of Naxsi, a WAF (Web
> Application Firewall) for NGINX. Web Application Firewalls aims at
> protecting web-sites from exploitation of vulnerabilities, such as SQL
> injection, Cross Site Scripting and so on.
> You can find more details here (wiki, downloads, etc.) :
> The project is now in version alpha 0.2 (read : young !), but we've
> already performed some tests on it (with various commercial web
> vulnerability scanning softwares, performed static analysis on its code
> source, and a few manual reviews).
> On a side note, and I hope there are security enthusiasts amongst us, we
> setup a dedicated testing environment, where nginx+naxsi is acting as
> reverse proxy for three "on purpose" vulnerable websites. I hope in this
> way people will play and find vulnerabilities in naxsi, ways to bypass
> it, or trust it ;) (Those three sites are usually used to test web
> vulnerability application scanners) (details here :
> PS: Feel free to contact me by mail, or on irc/freenode, nickname bui.
> nginx-devel mailing list
> nginx-devel at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel