Más contenido relacionado
La actualidad más candente (20)
Similar a Nginx+ Naxsi (20)
Nginx+ Naxsi
- 6. naxsi - struktura
● szybki - brak regexpów
● lekki - prosta logika w kodzie
● przewidywalny - brak sygnatur
● naiwny - brak transformacji
- 7. problemy na starcie
● brak paczki z aktualną wersją
● wysoka częstotliwość zmian
● braki w dokumentacji
● whitelist - konieczność konfiguracji
- 11. nginx
http {
include /etc/nginx/mime.types;
include /etc/nginx/naxsi_core.rules;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/nokaut_error.log;
(...)
}
- 12. nginx
location / {
index index.php;
include /etc/nginx/naxsi.rules;
include /etc/nginx/whitelist_naxsi_rules;
(...)
}
location /RequestDenied {
return 500;
}
- 16. naxsi core rules
~ 35 bazowych reguł
MainRule "str:"" "msg:double quote"
"mz:
BODY|URL|ARGS|$HEADERS_VAR:
Cookie" "s:$SQL:8,$XSS:8" id:1001;
- 18. whitelist
########### Optimized Rules Suggestion #
# total_count:17262 (22.06%) | double encoding !
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
# total_count:14332 (18.31%) | mysql keyword (|)
BasicRule wl:1005 "mz:$HEADERS_VAR:cookie";
# total_count:14321 (18.3%) | probable sql/xss
BasicRule wl:1011 "mz:$HEADERS_VAR:cookie";
- 19. nx_intercept / nx_extract
[sql]
# database type
dbtype = sqlite
username = naxsi
password = trivialpassword
hostname = 127.0.0.1
# name of database
dbname = naxsi_sig
# path prefix for db, only needed for SQLite
data_path = /tmp/naxsi-ui/
- 20. nx_intercept / nx_extract
python nx_intercept.py -c naxsi-ui-learning.conf
-l /var/log/nginx/nokaut_error.log
python nx_extract.py -c naxsi-ui-learning.conf