Jump to content

Recommended Posts

Posted

NGINX настройка NAXSI

Установить пакет opkg install nginx-ssl. Там есть модуль naxsi_core.rules.
Подключаем модуль к nginx. Прописываем в nginx.conf.

http {
    include       /opt/etc/nginx/mime.types;
    include       /opt/etc/nginx/naxsi_core.rules;
    default_type  application/octet-stream;

Создаём файл правил .naxsi_conf.rules с содержимым.

## enable mode naxsi
#LearningMode;
SecRulesEnabled;

## where redirect forbidden requests
DeniedUrl "/errors/403.html";

## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;

## white list
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";

LearningMode - обучение.

SecRulesEnabled - боевой режим

DeniedUrl - страница перенаправления.

С правилами и белым списком. У меня пока одно правило белого списка BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";

Прописываем наш файл правил в nginx.conf.

        location / {
            include    /opt/etc/nginx/naxsi_conf.rules;
            try_files  $uri  $uri/ =404;
        }

Проверяем /opt/etc/init.d/S80nginx test Перезапускаем /opt/etc/init.d/S80nginx restart

Через некоторое время вы увидите в файле журнала nginx успешные предотвращение запроса.

2021/09/26 12:26:21 [error] 614#0: *515 NAXSI_FMT: ip=91.132.58.62&server=000.000.000.000&uri=/remote/fgt_lang&learning=0&vers=0.56&total_processed=89&total_blocked=1&block=1&cscore0=$TRAVERSAL&score0=16&zone0=ARGS&id0=1200&var_name0=lang, client: 91.132.58.62, server: example.com, request: "GET ///remote/fgt_lang?lang=/../../../..//////////dev/ HTTP/1.1", host: "000.000.000.000"
2021/09/26 15:44:05 [error] 614#0: *670 NAXSI_FMT: ip=192.241.201.161&server=000.000.000.000&uri=/owa/auth/logon.aspx&learning=0&vers=0.56&total_processed=95&total_blocked=2&block=1&cscore0=$RFI&score0=8&zone0=ARGS&id0=1101&var_name0=url, client: 192.241.201.161, server: example.com, request: "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1", host: "000.000.000.000"

Как мы видим запрос был предотвращён naxsi. готово.

  • Thanks 1
  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

This site uses cookies. By clicking "I accept" or continuing to browse the site, you authorize their use in accordance with the Privacy Policy.