Yii Framework Forum: NAXSI Rules - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

NAXSI Rules WAF Framework

#1 User is offline   robov 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 149
  • Joined: 15-December 15

Posted 14 January 2018 - 04:10 AM

I am working on installing NAXSI as a waf on my nginx server. Did anyone already create a standard yii ruleset that works with naxsi ?
.. and are you willing to share that list
0

#2 User is offline   Roberto Braga 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 216
  • Joined: 18-February 13
  • Location:Roma, Italy

Posted 16 January 2018 - 03:52 AM

This is not the answer to your question but an advice.
I suggest you to consider carefully if you want to enable NAXSI on nginx
It is know that NAXSI have severe problem when http2 is enabled

They say that the problem is with nginx recent versions, but in reality http2 was introduced with 1.9.5 release in 22/09/2015
So the bug is quite old and not resolved yet even if is actively discussed.
Looking at bug discussion is not very clear if they solved it or not, but since the bug is still as warning on the NAXSI github home page I guess not.

Me personally I preferred to have HTTP2 enabled (much better network performance) and prevent sql injection (which is simply achieved by using any php framework nowadays) and XSS are quite easy to manage too
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users