Naxsi Nginx High performance WAF

c0nw0nk nginx-forum at forum.nginx.org
Sun Jan 1 08:45:02 UTC 2017


mex Wrote:
-------------------------------------------------------
> Hi c0nw0nk, 
> 
> mex here, inital creator of http://spike.nginx-goodies.com/rules/
> and maintainer of Doxi-Rules
> https://bitbucket.org/lazy_dogtown/doxi-rules/overview
> (this us where the rules live we create with spike :)
> 
> the doxi-rules in its current state are inspired by emerging threats
> rules,
> and not by the CRS-System because:
> 
> - mod_security can hook into any phase of a request, while naxsi only
> works in access_phase
> - naxsi has a very slim but yet powerfull core-ruleset
> - naxsi doesnt hold state of an actor
> 
> thus, it would not be possible to re-create the CRS onto naxsi,
> instead, we
> have a very slim but very fast core-ruleset that does not change very
> often, 
> and ontop of this, if wanted a wider ruleset that protect against
> common 
> classes of attacks like XXE or generel Object-Injections
> http://spike.nginx-goodies.com/rules/view/42000341
> http://spike.nginx-goodies.com/rules/view/42000343
> 
> i learned from my gurus @emerging threats ti write signatures
> against vulnerabilities, not exploits
> 
> before naxsi i used mod_security with CRS as well and it was 
> more tha just PITA becaause of False Positives and performance-issues
> as well. with naxsdi, learning mode and whitelist-creation
> using a WAF is fun again.
> 
> If you have detailed questions about naxsi, there is a
> naxsi-discuss-mailinglist
> as well
> 
> 
> 
> 
> cheers, 
> 
> 
> mex
> 
> 
> 
> 
> c0nw0nk Wrote:
> -------------------------------------------------------
> > So I recently got hooked on Naxsi and I am loving it to bits <3
> thanks
> > to itpp2012 :)
> > 
> > https://github.com/nbs-system/naxsi
> > 
> > I found the following Rule sets here.
> > 
> > http://spike.nginx-goodies.com/rules/
> > 
> > But I am curious does anyone have Naxsi written rules that would be
> > the same as/on Cloudflare's WAF ?
> > 
> > These to be exact :
> > Package:
> > OWASP ModSecurity Core Rule Set : Covers OWASP Top 10
> vulnerabilities,
> > and more.
> > Package:
> > Cloudflare Rule Set : Contains rules to stop attacks commonly seen
> on
> > Cloudflare's network and attacks against popular applications.
> > 
> > 
> > Love to have a Naxsi version of their WAF rules to add in to the
> > naxsi_core.rules file.


Hey mex thats awesome :) I love your work too with spike. I have a question
about this rule here.

http://spike.nginx-goodies.com/rules/view/42000039

In the site list here http://spike.nginx-goodies.com/rules/ Why is that rule
ID number completely "Greyed" out what does that mean ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271695,271790#msg-271790



More information about the nginx mailing list