naxsi
naxsi copied to clipboard
NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
I have been trying to install nxtool and I found two different versions. Which one is latest/up-to-date and what is the difference between the two. As far I understand both...
Maybe a feature request. You can integrate Fail2Ban with AbuseIPDB. Would it be possible to also integrate NAXSI with AbuseIPDB? So you can report IPs which misbehave instead of additional...
Same as #388 but I've made some modifications to work with current naxsi version.
Hi, I've upgraded to nginx 1.14 with the latest naxsi release and since then the slashes in the EXLOG logs are encoded (%2F) but the slashes in the FMT log...
Hi! I was reading this [slideshare](https://www.slideshare.net/SoroushDalili/a-forgotten-http-invisibility-cloak) and I wanted to try this kind of WAF bypass on NAXSI. I state that I've used the default rules with this scores: ```...
In the ligth of [SA-CORE-2017-002]( https://www.drupal.org/SA-CORE-2017-002 ), it would be great to be able have a *verb* matchzone, to match against `GET`, `POST`, `PATCH`, …
Hi, first of all thanks for the amazing module!! It would be really nice to have a configuration option to set the log_format. Currently we have Nginx running behind [AWS...
- nginx: `1.10.3` - nginx modules: `nginx-echo naxsi` - naxsi: `0.55.3` I tried using openresty [echo-nginx-module](https://github.com/openresty/echo-nginx-module/). Plain `echo` works fine, but `echo_location`, `echo_location_async`, `echo_subrequest`, `echo_subrequest_async` work 50/50: sometimes return required...
It seems that it's [not clear]( https://www.cryptobells.com/exploring-naxsi-a-bit/ ) that naxsi works with a negative signature model (thus being signature-less by default), this should be addressed in the documentation. We should...