WordPress pingback mitigation

mex nginx-forum at forum.nginx.org
Sun May 21 09:25:42 UTC 2017


pbooth Wrote:
-------------------------------------------------------
> Wow- I really like the sound of naxsi. In the past I've used F5's ASM,
> the WAF built on their big-ip platform. It was powerful though prone
> to false positives. I don't believe there are any real shortcuts that
> allow you to build an effective waf without understanding the details
> of your own website. These simply aren't build, deploy and forget
> devices. It sounds a if the creator of naxsi understands this.
> 


hi, 

naxsi-ssupporter and doxi-rules-maintainer here.

FPs are an issue for any blocking-mechanism. 
what many people dont know: naxsi has an integrated whitelist-generator, 
allowing you to tune your WAF against your own application. for people with
staging/deployment - envoriments you can run anxsi there in learning-mode,
generating all whitelists needed on-the-fly and deploying them during your
regular deployments. 

maybe overdosed for smaller setups, but fitting perfectly into 
bigger setups. 


and yes, naxsi needs more documentation an beginner-based manuals.
maybe thios helps to understand the rules (and needs an update as well:)
https://zero.bs/naxis-rules-manual.html


regards, 


mex

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274339,274358#msg-274358



More information about the nginx mailing list