项目作者: OpusVL

项目描述 :
Nginx with NAXSI module
高级语言: C
项目地址: git://github.com/OpusVL/naxsi.git
创建时间: 2021-02-23T19:49:17Z
项目社区:https://github.com/OpusVL/naxsi

开源协议:GNU Affero General Public License v3.0

下载


NAXSI Logo

Nginx with NAXSI Module

This container set provides a custom built Nginx with NAXSI Web Application Firewall module.

See https://github.com/nbs-system/naxsi

Originally I built this from the ground up using alpine:3.11 I got it running, but then ran into a problem when I wanted to shrink the image using a multi-stage build approach. Using a single build stage I ended up with a docker image size of 406MB. After rethinking and rebuilding using nginx:alpine I was able to get a multi-stage build and the image size shrank to a more palatable 128MB.

The problem with using nginx:alpine is that it does not support python2. The NAXSI version available for download requires python2 to build.

To resolve the python version issue i had to download the 1.3 version of NAXSI from their repo and edit a few of the files to make them syntactically correct for python3. This wasn’t too difficult. There were plenty of print statements to be changed to print() statements and one literal comparison of is not to change to !=. Whilst syntactically correct it now builds and works, but not being a python expert, or familiar with the NAXSI project coding, this may cause issues later.

Testing

The rules in the default.conf location:

  1. SecRulesEnabled; # enable naxsi
  2. # LearningMode; # enable learning mode
  3. LibInjectionSql; # enable libinjection support for SQLI
  4. LibInjectionXss; # enable libinjection support for XSS
  5. DeniedUrl "/denied.html"; # the location where naxsi will redirect the request when it is blocked
  6. CheckRule "$SQL >= 8" BLOCK; # the action to take when the $SQL score is superior or equal to 8
  7. CheckRule "$RFI >= 8" BLOCK;
  8. CheckRule "$TRAVERSAL >= 5" BLOCK;
  9. CheckRule "$UPLOAD >= 5" BLOCK;
  10. CheckRule "$XSS >= 8" BLOCK;

When triggered will cause a redirect to /denied.html.

To trigger it to prove this you can use an SQL injection attack in your URL, eg.

http://localhost:8080/index.html?table=—delete%20from%20table%20where%201=1;

Usage

Replace the default.conf file by mounting your own on top of it.