Anoop Alias Wrote:
-------------------------------------------------------
> Ok .. reiterating my original question.
>
> Is the usage of if / map in nginx config more efficient than say
> naxsi (
> or libmodsecurity ) for something like blocking SQL injection ?
>
> For example,
> https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_cor
> e.rules
> rules 1000-1099 - blockes sql injection attempt
>
> So ..do (to a limited extent )
>
> ## Block SQL injections
> set $block_sql_injections 0;
> if ($query_string ~ "union.*select.*\(") {
> set $block_sql_injections 1;
> ............
> .....................
> if ($block_file_injections = 1) {
> return 403;
> }
>
>
>
> From the point of application performance which one is better .. ?
> Performance for a shared hosting server with around 500 vhosts.
I would advise if your application is vulnerable to use Naxsi because it can intercept post requests the example you provided is "$query_string" (intercepts the URL) For example : http://*.com/index.php?id=10 UNION SELECT 1,null,null--
I don't think Nginx has a way to read POST data other than the WAF methods like Naxsi ModSecurity etc.
https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#URL_Encoding
http://www.networkflare.com/