Wow- I really like the sound of naxsi. In the past I've used F5's ASM, the WAF
built on their big-ip platform. It was powerful though prone to false
positives. I don't believe there are any real shortcuts that allow you to build
an effective waf without understanding the details of your own webs
Hi
can you give an example of using a map instead of the if statement ?
Thanks
On 21 May 2017 at 02:35, c0nw0nk wrote:
> gariac Wrote:
> ---
> > I had run Naxsi with Doxi. Trouble is when it cause problems, it was
> > really hard to figure ou
Well at least in my case, I can ask the application to make an orderly
reconnect. Where if nginx does it it just closes the connection.
The option to do it seems like better than having no option.
Alex
On 20 May 2017 at 21:11, B.R. via nginx wrote:
> ... and you would end up with connections
gariac Wrote:
---
> I had run Naxsi with Doxi. Trouble is when it cause problems, it was
> really hard to figure out what rule was the problem. I suppose if you
> knew what each rule did, Naxsi would be fine.
>
> That said, my websites are so un
I had run Naxsi with Doxi. Trouble is when it cause problems, it was really
hard to figure out what rule was the problem. I suppose if you knew what each
rule did, Naxsi would be fine.
That said, my websites are so unsophisticated that it is far easier for me just
to use maps.
Case in point.
... and you would end up with connections serving different content (as per
different configuration) on the long run, leading potentially to an
increased number of problems.
How would you shut them down, if not gracefully?
If you want to keep long-lived connections open, do not make changes
server
I take it you don't use a WAF of any kind i also think you should add it to
a MAP at least instead of using IF.
The WAF I use for these same rules is found here.
https://github.com/nbs-system/naxsi
The rules for wordpress and other content management systems are found
here.
http://spike.nginx-g
Reading a blog from the person that set up the website for Emmanuel Macron, I
came across this nginx tip. I would return 444 and add it to my user agent map.
But in the simplest form:
-
# Block WordPress Pingback DDoS attacks
if ($http_user_agent ~* "WordPress") {
ret
