• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

naxsi_config/H17-Nov-2020-9283

naxsi_src/H03-May-2022-22,45519,151

nxapi/H03-May-2022-2,8162,399

t/H03-May-2022-16,64515,810

.gitattributesH A D17-Nov-202022 21

.gitignoreH A D17-Nov-202026 33

.travis.ymlH A D17-Nov-2020555 4332

LICENSEH A D17-Nov-202034.3 KiB675553

README.mdH A D17-Nov-20204.9 KiB9572

README.md

1![naxsi](https://raw.githubusercontent.com/nbs-system/naxsi/master/logo.png)
2
3[![coverity](https://scan.coverity.com/projects/1883/badge.svg)](https://scan.coverity.com/projects/1883)
4[![travis-ci](https://travis-ci.org/nbs-system/naxsi.svg?branch=master)](https://travis-ci.org/nbs-system/naxsi)
5[![coveralls](https://coveralls.io/repos/github/nbs-system/naxsi/badge.svg?branch=master)](https://coveralls.io/github/nbs-system/naxsi?branch=master)
6[![codecov](http://codecov.io/github/nbs-system/naxsi/coverage.svg?branch=master)](http://codecov.io/github/nbs-system/naxsi?branch=master)
7[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/740/badge)](https://bestpractices.coreinfrastructure.org/projects/740)
8[![Gitter](https://img.shields.io/gitter/room/nwjs/nw.js.svg)](https://gitter.im/nbs-system/naxsi)
9
10### We need your help
11
12[Please fill in this little feedback survey](https://docs.google.com/spreadsheet/viewform?formkey=dG9UWDFuTEhiWWt4UF9fZEtwWFVJUlE6MQ), 2 minutes of your time, great help for us !
13
14
15## What is Naxsi?
16
17NAXSI means [Nginx]( http://nginx.org/ ) Anti [XSS]( https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 ) & [SQL Injection]( https://www.owasp.org/index.php/SQL_injection ).
18
19Technically, it is a third party nginx module, available as a package for
20many UNIX-like platforms. This module, by default, reads a small subset of
21[simple (and readable) rules]( https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_core.rules )
22containing 99% of known patterns involved in
23website vulnerabilities. For example, `<`, `|` or `drop` are not supposed
24to be part of a URI.
25
26Being very simple, those patterns may match legitimate queries, it is
27the Naxsi's administrator duty to add specific rules that will whitelist
28legitimate behaviours. The administrator can either add whitelists manually
29by analyzing nginx's error log, or (recommended) start the project with an
30intensive auto-learning phase that will automatically generate whitelisting
31rules regarding a website's behaviour.
32
33In short, Naxsi behaves like a DROP-by-default firewall, the only task
34is to add required ACCEPT rules for the target website to work properly.
35
36## Why is it different?
37
38Contrary to most Web Application Firewalls, Naxsi doesn't rely on a
39signature base like an antivirus, and thus cannot be circumvented by an
40"unknown" attack pattern.
41Naxsi is [Free software]( https://www.gnu.org/licenses/gpl.html ) (as in freedom)
42and free (as in free beer) to use.
43
44## What does it run on?
45Naxsi should be compatible with any nginx version.
46
47It depends on `libpcre` for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS.
48
49### Getting started
50
51- The [documentation](https://github.com/nbs-system/naxsi/wiki)
52- Some [rules]( https://github.com/nbs-system/naxsi-rules ) for mainstream software
53- The [nxapi/nxtool]( https://github.com/nbs-system/naxsi/tree/master/nxapi ) to generate rules
54
55
56<img alt="nxapi-dashboard logo" src="https://raw.githubusercontent.com/wiki/nbs-system/naxsi/Images/kibana.png" align="center"/>
57
58## Security issues
59
60
61If you find a security issue, please send us a mail to the security user, on nbs-system.com, using the gpg key 498C46FF087EDC36E7EAF9D445414A82A9B22D78:
62
63```
64-----BEGIN PGP PUBLIC KEY BLOCK-----
65
66mQENBFnKHhoBCADaOa0MKEqRy0h2ohIzczblzkMQCbU9oD1HwJ1VkYnn7TGW2iKi
67NISxisExIXpy2Bn/pA27GiV0V/Do3NL6D9r0oOCrGR27muGM0N/dk9UMv7MWw8zv
68K8cO+Sa28s0cAv7r2ogUJj5YOo8D4wHEpE8424TE89V9+Qg/SaFCxKoELFP0c7wu
69mtsm0PnL65piZ1EB7lQo2gxg+8AV45MD1Y2rREMKUoZE23X+nXKsmEh9BFEPaU5M
707WQp0NasqeMNoGhwfw9ttVAeLhkEkaTjW1PkNRIb7vrtV9KVb5uKucflfbOnDlzu
71tQ9U3tYto0mcSCRchAClfEmoSi/0mKyb5N6ZABEBAAG0NVNlY3VyaXR5IHRlYW0g
72b2YgTkJTIFN5c3RlbSA8c2VjdXJpdHlAbmJzLXN5c3RlbS5jb20+iQE3BBMBCAAh
73BQJZyh4aAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEEVBSoKpsi14jy0H
74/1/XB9THhvmG0ow81sld2Zx8qhnNed8VvYDS6mEjpDWNVPxENwDbnakEjisq1Hrb
752UQPYCyQ5dekPNFVwQHIGXkX0eb1Ank+4esBJuEpQ2985tgNhJy5ZX+Imb5C8nZC
7690uYSN1UUg559nUsFeElOXSEH6tIXK/TvjsvMYoi2Ukl6lb7PbIU2fjLY9Iqv3QY
7732p8/Bl1fVKWbXOk0HDgJ6zA3Kr56QhZOLBkxjOa2XAnnIE76jZxUJ9qPCwWd1vW
78GFxtx1Y+eZriqHiC9CPe6aBWcIHaTXSu1WBbXrFu8/eCWw243Rxm8l9wgA/a7VWq
79WBfO45IhJUwh95naRpw8/4a5AQ0EWcoeGgEIAJtzSyyzfn2RX+BsyoRFANUpIgrV
80/9eohYQVNqK3AFthmq7Kjmt4+hszF5+0wCFmWwYqGnqk1/dsWmqpkXsJldEn6oPJ
81Bng+Dc67Yki2dR3TroAf95UmI08fhyM7TMXp8m46BPRRMzPNwalEeEm49Oclmfxb
82JsWWCChWVLWGz2xgPEAv3fPHqus7Rwz/WIl53l/qy1Wf0ewmjRpVEfnEMKBExtBK
834kRxQ40LzUZ1SfpyGc3nMbswhevT7/klqrdJdCnlu67Y/IfRGxGZuNj1n1Dib3Hx
84zTBHo3Y2R3BB93Ix8dkbLaxLqFbOYVdijCgJklqUWhx7btpQ2xnZyzyCMuUAEQEA
85AYkBHwQYAQgACQUCWcoeGgIbDAAKCRBFQUqCqbIteFRvB/9u3Mae8n8ELrJKOn+P
86PEbWjutObIuTplvY4QcbnNb9dsgsKryamp4CFJsA5XuitPpC31GDMXBZO5/LLOuH
87HoMaXFJdic0NToL/3REhu+aZkNIU6S/iaPRNVhkSV4lwQsvncz+nBaiDUJjyfJm2
88kEjVcRTM8yqzcNo/9Gn0ts+XCUqRj7+S1M4Bj3NySoO/w2n+7OLbIAj+wQZcj3Gf
895QhBYaY4YaFxrJE0IZxyXGHw8xhKR6AN+u4TO7LRCW+cWV/sHWir1MXieJoEG8+R
90W/BhrB0Rz5uxOXMoGCCD2TUiHq7zpuHGnYFVmAnHQZaaQxXve4VrcmznxgpV8lpW
91mZug
92=+eIv
93-----END PGP PUBLIC KEY BLOCK-----
94```
95