naxsi

Lazy learning

So you want to use Naxsi but you’re too lazy to analyze your nginx’s error log in order to write your own whitelists, and you’re definitely not brave enough to run a learning mode for a week. Relax, they’ve got something for you too. Rendez-vous in the Downloads area of Naxsi’s website and retrieve latest naxsi-ui archive. Within that tarball, you will only need 2 python scripts, nx_intercept.py and nx_extract.py. The first one will read and record all Naxsi matches from the error log, while the second will generate the whitelist.

Wordpress 3.5 and Naxsi (update 7, now in production)

Update: This setup is now in production, you are actually reading this blog through a Naxsi protected WordPress ! Update 2: This setup is also in production on GCU-Squad’s Website. I’m slowly preparing iMil.net migration to a new server. Yeah, it’s a bit confusing to be the CTO of a hosting company and having my personnal website elsewhere, but you know, time and stuff… anyway, it’s coming. While preparing the migration, I decided to get rid of Apache’s modsecurity and to put naxsi, the WAF plugin for nginx in front of the website.

Ça va pas être possible avec vos baskets

Dans ma boîte, l’équipe sécurité a publié voila quelques mois de cela un module pour nginx: un firewall applicatif du nom de naxsi. Ce module, sous licence GPLv2, je viens de le publier dans pkgsrc current sous la forme d’une option de www/nginx. Je me propose de vous montrer ici comment sécuriser simplement votre serveur web / proxy inverse nginx grâce à naxsi. Premièrement, si comme moi (et comme il se doit) vous utilisez une branche stable de pkgsrc, mettez simplement à jour www/nginx comme ceci: