Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --add-module=/www/server/naxsi-1.3/naxsi_src/
- export NAXSI_VER=1.3
- rm -rf /www/server/naxsi-1.3
- cd /www/server/
- wget https://github.com/nbs-system/naxsi/archive/$NAXSI_VER.tar.gz -O naxsi_$NAXSI_VER.tar.gz
- tar vxf naxsi_$NAXSI_VER.tar.gz
- rm naxsi_$NAXSI_VER.tar.gz
- cd /www/server/naxsi-$NAXSI_VER/naxsi_src; make
- http {
- include /www/server/naxsi-1.3/naxsi_config/naxsi_core.rules; # load naxsi core rules
- ...
- }
- server {
- ...
- location / { # naxsi is enabled, and in learning mode
- SecRulesEnabled; #enable naxsi
- LearningMode; #enable learning mode
- LibInjectionSql; #enable libinjection support for SQLI
- LibInjectionXss; #enable libinjection support for XSS
- DeniedUrl "/RequestDenied"; #the location where naxsi will redirect the request when it is blocked
- CheckRule "$SQL >= 8" BLOCK; #the action to take when the $SQL score is superior or equal to 8
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 5" BLOCK;
- CheckRule "$UPLOAD >= 5" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- proxy_pass http://127.0.0.1;
- ....
- }
- location /admin { # naxsi is disabled
- SecRulesDisabled; #optional, naxsi is disabled by default
- allow 1.2.3.4;
- deny all;
- proxy_pass http://127.0.0.1;
- ....
- }
- location /vuln_page.php { # naxsi is enabled, and is *not* in learning mode
- SecRulesEnabled;
- proxy_pass http://127.0.0.1;
- }
- location /RequestDenied {
- internal;
- return 403;
- }
- ...
- }
Add Comment
Please, Sign In to add comment