I am working on installing NAXSI as a waf on my nginx server. Did anyone already create a standard yii ruleset that works with naxsi ?
… and are you willing to share that list
I am working on installing NAXSI as a waf on my nginx server. Did anyone already create a standard yii ruleset that works with naxsi ?
… and are you willing to share that list
This is not the answer to your question but an advice.
I suggest you to consider carefully if you want to enable NAXSI on nginx
It is know that NAXSI have severe problem when http2 is enabled
They say that the problem is with nginx recent versions, but in reality http2 was introduced with 1.9.5 release in 22/09/2015
So the bug is quite old and not resolved yet even if is actively discussed.
Looking at bug discussion is not very clear if they solved it or not, but since the bug is still as warning on the NAXSI github home page I guess not.
Me personally I preferred to have HTTP2 enabled (much better network performance) and prevent sql injection (which is simply achieved by using any php framework nowadays) and XSS are quite easy to manage too