Update: This setup is now in production, you are actually reading this blog through a Naxsi protected WordPress ! Update 2: This setup is also in production on GCU-Squad’s Website.
I’m slowly preparing iMil.net migration to a new server. Yeah, it’s a bit confusing to be the CTO of a hosting company and having my personnal website elsewhere, but you know, time and stuff… anyway, it’s coming.
While preparing the migration, I decided to get rid of Apache’s modsecurity and to put naxsi, the WAF plugin for nginx in front of the website. I’ve been working on good rules for Wordpress, as this software sets some strange variables that can confuse any WAF; so here’s my
naxsi.rules, operational for Wordpress 3.5, enjoy.
NB: note that these are rules I am enhancing on my new server as I write, I’ll update this post whenever new invalid blocking is found.