NAXSI Rules

I am working on installing NAXSI as a waf on my nginx server. Did anyone already create a standard yii ruleset that works with naxsi ?

… and are you willing to share that list

This is not the answer to your question but an advice.

I suggest you to consider carefully if you want to enable NAXSI on nginx

It is know that NAXSI have severe problem when http2 is enabled

They say that the problem is with nginx recent versions, but in reality http2 was introduced with 1.9.5 release in 22/09/2015

So the bug is quite old and not resolved yet even if is actively discussed.

Looking at bug discussion is not very clear if they solved it or not, but since the bug is still as warning on the NAXSI github home page I guess not.

Me personally I preferred to have HTTP2 enabled (much better network performance) and prevent sql injection (which is simply achieved by using any php framework nowadays) and XSS are quite easy to manage too