mirror of
https://github.com/MiyooCFW/buildroot.git
synced 2025-09-27 22:24:19 +03:00
Merge from bittboy/buildroot@db180c0
This commit is contained in:
TriForceX
29
package/nginx-naxsi/Config.in
Normal file
29
package/nginx-naxsi/Config.in
Normal file
@@ -0,0 +1,29 @@
|
||||
config BR2_PACKAGE_NGINX_NAXSI
|
||||
bool "nginx-naxsi"
|
||||
depends on BR2_PACKAGE_NGINX_HTTP
|
||||
# uses pcre, so nginx needs to be built with pcre support
|
||||
select BR2_PACKAGE_PCRE
|
||||
help
|
||||
NAXSI means Nginx Anti XSS & SQL Injection.
|
||||
|
||||
Technically, it is a third party nginx module, available as
|
||||
a package for many UNIX-like platforms. This module, by
|
||||
default, reads a small subset of simple (and readable) rules
|
||||
containing 99% of known patterns involved in website
|
||||
vulnerabilities. For example, <, | or drop are not supposed
|
||||
to be part of a URI.
|
||||
|
||||
Being very simple, those patterns may match legitimate
|
||||
queries, it is the Naxsi's administrator duty to add
|
||||
specific rules that will whitelist legitimate
|
||||
behaviours. The administrator can either add whitelists
|
||||
manually by analyzing nginx's error log, or (recommended)
|
||||
start the project with an intensive auto-learning phase that
|
||||
will automatically generate whitelisting rules regarding a
|
||||
website's behaviour.
|
||||
|
||||
In short, Naxsi behaves like a DROP-by-default firewall, the
|
||||
only task is to add required ACCEPT rules for the target
|
||||
website to work properly.
|
||||
|
||||
https://github.com/nbs-system/naxsi
|
||||
Reference in New Issue
Block a user