Welcome! Log In Create A New Profile

Re: Naxsi Nginx High performance WAF

Forum List Message List New Topic Print View

mex

December 24, 2016 03:09AM

Registered: 11 years ago
Posts: 169

Hi c0nw0nk,

mex here, inital creator of http://spike.nginx-goodies.com/rules/
and maintainer of Doxi-Rules https://bitbucket.org/lazy_dogtown/doxi-rules/overview
(this us where the rules live we create with spike :)

the doxi-rules in its current state are inspired by emerging threats rules,
and not by the CRS-System because:

- mod_security can hook into any phase of a request, while naxsi only works in access_phase
- naxsi has a very slim but yet powerfull core-ruleset
- naxsi doesnt hold state of an actor

thus, it would not be possible to re-create the CRS onto naxsi, instead, we
have a very slim but very fast core-ruleset that does not change very often,
and ontop of this, if wanted a wider ruleset that protect against common
classes of attacks like XXE or generel Object-Injections
http://spike.nginx-goodies.com/rules/view/42000341
http://spike.nginx-goodies.com/rules/view/42000343

i learned from my gurus @emerging threats ti write signatures
against vulnerabilities, not exploits

before naxsi i used mod_security with CRS as well and it was
more tha just PITA becaause of False Positives and performance-issues
as well. with naxsdi, learning mode and whitelist-creation
using a WAF is fun again.

If you have detailed questions about naxsi, there is a naxsi-discuss-mailinglist
as well

cheers,

mex

c0nw0nk Wrote:
-------------------------------------------------------
> So I recently got hooked on Naxsi and I am loving it to bits <3 thanks
> to itpp2012 :)
>
> https://github.com/nbs-system/naxsi
>
> I found the following Rule sets here.
>
> http://spike.nginx-goodies.com/rules/
>
> But I am curious does anyone have Naxsi written rules that would be
> the same as/on Cloudflare's WAF ?
>
> These to be exact :
> Package:
> OWASP ModSecurity Core Rule Set : Covers OWASP Top 10 vulnerabilities,
> and more.
> Package:
> Cloudflare Rule Set : Contains rules to stop attacks commonly seen on
> Cloudflare's network and attacks against popular applications.
>
>
> Love to have a Naxsi version of their WAF rules to add in to the
> naxsi_core.rules file.

Reply Quote

RSS

Subject	Author	Posted
Naxsi Nginx High performance WAF	c0nw0nk	December 23, 2016 07:26PM
Re: Naxsi Nginx High performance WAF	Robert Paprocki	December 24, 2016 12:50AM
Re: Naxsi Nginx High performance WAF	mex	December 24, 2016 03:09AM
Re: Naxsi Nginx High performance WAF	c0nw0nk	January 01, 2017 03:45AM
Re: Naxsi Nginx High performance WAF	mex	January 06, 2017 04:11AM
Re: Naxsi Nginx High performance WAF	c0nw0nk	January 06, 2017 04:29AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 211

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018