Naxsi Nginx High performance WAF

Robert Paprocki rpaprocki at fearnothingproductions.net
Sat Dec 24 05:47:45 UTC 2016


Naxsi and ModSecurity are... very different. They have distinct (and largely incomparable) backgrounds, philosophies, goals, implementation details, and, most importantly for this context, vastly different DSLs that support their operations. A 1-1 translation of the OWASP CRS (particularly v3, just recently released) from ModSecurity's rule language to Naxsi rule syntax just isn't possible. ModSecurity provides a number of features that are either unsupported or impossible in Naxsi, and given that the CRS was written explicitly for ModSec, taking advantage of some implantation-specific features... well, good luck ;) (and at this point you might as well use libmodsecurity or an openresty alternative like lua-resty-waf, as Naxsi is probably never going to support the operators and feature sets needed for the CRS). 

As for CFs rules, I'm not 100% sure,  but that essentially sounds like asking for access to CFs internal data pipeline. I doubt you'll find a published version of this, as it's data that powers their commercial WAF. 

> On Dec 23, 2016, at 16:26, c0nw0nk <nginx-forum at forum.nginx.org> wrote:
> 
> So I recently got hooked on Naxsi and I am loving it to bits <3 thanks to
> itpp2012 :)
> 
> https://github.com/nbs-system/naxsi
> 
> I found the following Rule sets here.
> 
> http://spike.nginx-goodies.com/rules/
> 
> But I am curious does anyone have Naxsi written rules that would be the same
> as/on Cloudflare's WAF ?
> 
> These to be exact :
> Package:
> OWASP ModSecurity Core Rule Set : Covers OWASP Top 10 vulnerabilities, and
> more.
> Package:
> Cloudflare Rule Set : Contains rules to stop attacks commonly seen on
> Cloudflare's network and attacks against popular applications.
> 
> 
> Love to have a Naxsi version of their WAF rules to add in to the
> naxsi_core.rules file.
> 
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271695,271695#msg-271695
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list