Hi can you give an example of using a map instead of the if statement ?
Thanks On 21 May 2017 at 02:35, c0nw0nk <nginx-fo...@forum.nginx.org> wrote: > gariac Wrote: > ------------------------------------------------------- > > I had run Naxsi with Doxi. Trouble is when it cause problems, it was > > really hard to figure out what rule was the problem. I suppose if you > > knew what each rule did, Naxsi would be fine. > > > > That said, my websites are so unsophisticated that it is far easier > > for me just to use maps. > > > > Case in point. When all this adobe struts hacking started, I noticed > > lots of 404s with the word "action" in the url request. I just added > > "action" to the map map and 444 them. > > > > If you have an url containing any word used in SQL, Naxsi/Doxi goes in > > blocking mode. I recall it was flagging on the word "update". I had a > > updates.html and Nasxi/Doxi was having a fit. > > > > In the end, it was far easier just to use maps. Other than a few > > modern constructs like "object-fit contain", my sites have a 1990s > > look. Keeping things simple reduces the attack surface. > > > > I think even with Naxsi, you would need to set up a map to block bad > > referrers. I'm amazed at the nasty websites that link to me for no > > apparent reason. Case in point, I had a referral from the al Aqsa > > Martyrs Brigade. Terrorists! And numerous porn sites, all > > irrelevant. So Naxsi alone isn't sufficient. > > > > Original Message > > From: c0nw0nk > > Sent: Saturday, May 20, 2017 3:36 AM > > To: nginx@nginx.org > > Reply To: nginx@nginx.org > > Subject: Re: WordPress pingback mitigation > > > > I take it you don't use a WAF of any kind i also think you should add > > it to > > a MAP at least instead of using IF. > > > > The WAF I use for these same rules is found here. > > > > https://github.com/nbs-system/naxsi > > > > The rules for wordpress and other content management systems are found > > here. > > > > http://spike.nginx-goodies.com/rules/ ( a downloadable list they use > > https://bitbucket.org/lazy_dogtown/doxi-rules ) > > > > > > Naxsi is the best soloution I have found against problems like this > > especialy with their XSS and SQL extensions enabled. > > > > LibInjectionXss; > > CheckRule "$LIBINJECTION_XSS >= 8" BLOCK; > > LibInjectionSql; > > CheckRule "$LIBINJECTION_SQL >= 8" BLOCK; > > > > > > Blocks allot of zero day exploits and unknown exploits / penetration > > testing > > techniques. > > > > If you want to protect your sites it is definitely worth the look and > > use. > > > > Posted at Nginx Forum: > > https://forum.nginx.org/read.php?2,274339,274341#msg-274341 > > > > _______________________________________________ > > nginx mailing list > > nginx@nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > > nginx mailing list > > nginx@nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > It is not actually that hard to read the rules when you understand it. > > The error.log file tells you. > > As I helped someone before read and understand their error log output to > tell them what naxsi was telling them so they could learn understand and > identify what rule is the culprit to their problem. > > Here is the prime example : > https://github.com/nbs-system/naxsi/issues/351#issuecomment-281710763 > > If you read that and see their error.log output from naxsi and view the log > it shows you in the log if it was for example "ARGS" or "HEAD" or "POST" > etc > and the rule ID number responsible. So you can either null it out or create > a whitelist for that method. > > I am not trying to shove it down your neck or anything like that just > trying > to help and show a decent alternative that once you understand can do so > much more with. Like Nginx and Lua it pushes the boundaries to what can be > accomplished. I used to be very stuck in my ways and ignorant to these > features but once i start using them never looked back they are truly > fantastic. > > As long as you fixed your problem that is all that matters :) > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?2,274339,274345#msg-274345 > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx