Jump to content

NGINX настройка NAXSI


Recommended Posts

NGINX настройка NAXSI

Установить пакет opkg install nginx-ssl. Там есть модуль naxsi_core.rules.
Подключаем модуль к nginx. Прописываем в nginx.conf.

http {
    include       /opt/etc/nginx/mime.types;
    include       /opt/etc/nginx/naxsi_core.rules;
    default_type  application/octet-stream;

Создаём файл правил .naxsi_conf.rules с содержимым.

## enable mode naxsi
#LearningMode;
SecRulesEnabled;

## where redirect forbidden requests
DeniedUrl "/errors/403.html";

## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;

## white list
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";

LearningMode - обучение.

SecRulesEnabled - боевой режим

DeniedUrl - страница перенаправления.

С правилами и белым списком. У меня пока одно правило белого списка BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";

Прописываем наш файл правил в nginx.conf.

        location / {
            include    /opt/etc/nginx/naxsi_conf.rules;
            try_files  $uri  $uri/ =404;
        }

Проверяем /opt/etc/init.d/S80nginx test Перезапускаем /opt/etc/init.d/S80nginx restart

Через некоторое время вы увидите в файле журнала nginx успешные предотвращение запроса.

2021/09/26 12:26:21 [error] 614#0: *515 NAXSI_FMT: ip=91.132.58.62&server=000.000.000.000&uri=/remote/fgt_lang&learning=0&vers=0.56&total_processed=89&total_blocked=1&block=1&cscore0=$TRAVERSAL&score0=16&zone0=ARGS&id0=1200&var_name0=lang, client: 91.132.58.62, server: example.com, request: "GET ///remote/fgt_lang?lang=/../../../..//////////dev/ HTTP/1.1", host: "000.000.000.000"
2021/09/26 15:44:05 [error] 614#0: *670 NAXSI_FMT: ip=192.241.201.161&server=000.000.000.000&uri=/owa/auth/logon.aspx&learning=0&vers=0.56&total_processed=95&total_blocked=2&block=1&cscore0=$RFI&score0=8&zone0=ARGS&id0=1101&var_name0=url, client: 192.241.201.161, server: example.com, request: "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1", host: "000.000.000.000"

Как мы видим запрос был предотвращён naxsi. готово.

  • Thanks 1
  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...