September 26, 2016 03:00PM
You might want to check out tinfoilsecurity.com to evaluate Naxsi. Microsoft uses them for azure.  I pass all their tests. 

As I stated a few times, I only serve static pages. I can get away with homebrew hacking detection. But I think you are kidding yourself if you think a stack of WAF rules isn't a CPU burden. ‎ There is no free lunch. 

Someone supporting 500 vhosts probably should segregate the hosts regarding if they use SQL or not. You can use different "servers" in the nginx.conf for the plain and SQL enabled. 

I wouldn't want the task of handling all the false positives Naxsi will generate. I think a site that needs a WAF should just go colo or VPS. 

One of the reasons I see so few hackers is I have built a database of CIDRs to block. I don't get repeat offenders. But you can't have one list for many different users unless they accept your opinion of who to block.  Probably a RBL is better. I only use RBLs for email since they do leak information and slow down response. Slow response isn't a big deal for email, but does matter for web hosting.


  Original Message  
From: c0nw0nk
Sent: Monday, September 26, 2016 9:10 AM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: performance hit in using too many if's

Anoop Alias Wrote:
-------------------------------------------------------
> Ok .. reiterating my original question.
>
> Is the usage of if / map in nginx config more efficient than say
> naxsi (
> or libmodsecurity ) for something like blocking SQL injection ?
>
> For example,
> https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_cor
> e.rules
> rules 1000-1099 - blockes sql injection attempt
>
> So ..do (to a limited extent )
>
> ## Block SQL injections
> set $block_sql_injections 0;
> if ($query_string ~ "union.*select.*\(") {
> set $block_sql_injections 1;
> ............
> .....................
> if ($block_file_injections = 1) {
> return 403;
> }
>
>
>
> From the point of application performance which one is better .. ?
> Performance for a shared hosting server with around 500 vhosts.

I would advise if your application is vulnerable to use Naxsi because it can
intercept post requests the example you provided is "$query_string"
(intercepts the URL) For example : http://*.com/index.php?id=10 UNION SELECT
1,null,null--

I don't think Nginx has a way to read POST data other than the WAF methods
like Naxsi ModSecurity etc.

https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#URL_Encoding

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269808,269857#msg-269857

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

performance hit in using too many if's

Anoop Alias September 24, 2016 05:00AM

Re: performance hit in using too many if's

gariac September 24, 2016 05:32AM

Re: performance hit in using too many if's

Anoop Alias September 24, 2016 05:40AM

Re: performance hit in using too many if's

gariac September 24, 2016 06:04AM

Re: performance hit in using too many if's

Robert Paprocki September 24, 2016 07:42AM

Re: performance hit in using too many if's

gariac September 24, 2016 10:10AM

Re: performance hit in using too many if's

Alt September 26, 2016 04:43AM

Re: performance hit in using too many if's

gariac September 26, 2016 06:10AM

Re: performance hit in using too many if's

Anoop Alias September 26, 2016 07:30AM

Re: performance hit in using too many if's

gariac September 26, 2016 11:18AM

Re: performance hit in using too many if's

c0nw0nk September 26, 2016 12:10PM

Re: performance hit in using too many if's

Robert Paprocki September 26, 2016 01:18PM

Re: performance hit in using too many if's

gariac September 26, 2016 03:00PM

Re: performance hit in using too many if's

Alt September 27, 2016 07:34AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 89
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready