Web Application Firewall module for NGINX

Hien P phanquochien at gmail.com
Wed Aug 31 11:20:03 UTC 2011


Hello,
I've waited this long ago. Finally, WAF for nginx has been released.
Thank for your great works.


On Wed, Aug 31, 2011 at 3:21 PM, Thibault Koechlin <
thibault.koechlin at nbs-system.com> wrote:

> Hello list,
>
> Just a short mail to announce the release of Naxsi, a WAF (Web
> Application Firewall) for NGINX. Web Application Firewalls aims at
> protecting web-sites from exploitation of vulnerabilities, such as SQL
> injection, Cross Site Scripting and so on.
> You can find more details here (wiki, downloads, etc.) :
> naxsi.googlecode.com
>
> The project is now in version alpha 0.2 (read : young !), but we've
> already performed some tests on it (with various commercial web
> vulnerability scanning softwares, performed static analysis on its code
> source, and a few manual reviews).
>
> On a side note, and I hope there are security enthusiasts amongst us, we
> setup a dedicated testing environment, where nginx+naxsi is acting as
> reverse proxy for three "on purpose" vulnerable websites. I hope in this
> way people will play and find vulnerabilities in naxsi, ways to bypass
> it, or trust it ;) (Those three sites are usually used to test web
> vulnerability application scanners) (details here :
> http://code.google.com/p/naxsi/wiki/OnlyTrustWhatYouCanTest)
>
>
> Regards,
> PS: Feel free to contact me by mail, or on irc/freenode, nickname bui.
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>


-- 
Best regards,
Mr.Hien

<http://www.mrhien.info>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20110831/4ee35616/attachment.html>


More information about the nginx-devel mailing list