Welcome! Log In Create A New Profile

Advanced

Web Application Firewall module for NGINX

Thibault Koechlin
August 31, 2011 04:16AM
Hello list,

Just a short mail to announce the release of Naxsi, a WAF (Web
Application Firewall) for NGINX. Web Application Firewalls aims at
protecting web-sites from exploitation of vulnerabilities, such as SQL
injection, Cross Site Scripting and so on.
You can find more details here (wiki, downloads, etc.) :
naxsi.googlecode.com

The project is now in version alpha 0.2 (read : young !), but we've
already performed some tests on it (with various commercial web
vulnerability scanning softwares, performed static analysis on its code
source, and a few manual reviews).

On a side note, and I hope there are security enthusiasts amongst us, we
setup a dedicated testing environment, where nginx+naxsi is acting as
reverse proxy for three "on purpose" vulnerable websites. I hope in this
way people will play and find vulnerabilities in naxsi, ways to bypass
it, or trust it ;) (Those three sites are usually used to test web
vulnerability application scanners) (details here :
http://code.google.com/p/naxsi/wiki/OnlyTrustWhatYouCanTest)


Regards,
PS: Feel free to contact me by mail, or on irc/freenode, nickname bui.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Web Application Firewall module for NGINX

Thibault Koechlin 3156 August 31, 2011 04:16AM

Re: Web Application Firewall module for NGINX

Mr.Hien 2830 August 31, 2011 07:22AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 90
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready