WordPress pingback mitigation

mex nginx-forum at forum.nginx.org
Sun May 21 09:25:42 UTC 2017

pbooth Wrote:
> Wow- I really like the sound of naxsi. In the past I've used F5's ASM,
> the WAF built on their big-ip platform. It was powerful though prone
> to false positives. I don't believe there are any real shortcuts that
> allow you to build an effective waf without understanding the details
> of your own website. These simply aren't build, deploy and forget
> devices. It sounds a if the creator of naxsi understands this.


naxsi-ssupporter and doxi-rules-maintainer here.

FPs are an issue for any blocking-mechanism. 
what many people dont know: naxsi has an integrated whitelist-generator, 
allowing you to tune your WAF against your own application. for people with
staging/deployment - envoriments you can run anxsi there in learning-mode,
generating all whitelists needed on-the-fly and deploying them during your
regular deployments. 

maybe overdosed for smaller setups, but fitting perfectly into 
bigger setups. 

and yes, naxsi needs more documentation an beginner-based manuals.
maybe thios helps to understand the rules (and needs an update as well:)



Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274339,274358#msg-274358

More information about the nginx mailing list