DandyDandy Posted October 30, 2013 Report Share Posted October 30, 2013 Hi,With modern day computing now going to the extremes having peace of mind and strong security in place is critical not only having Firewalls, Virus Scanners, Malware Scanners but you also need at least a basic WAF/IDS system in place since Blesta come's complete with "PHPIDS" I want to focus my time getting Blesta to work nicely with Naxsi as it stands I haven't try using them both yet but it'll be good to see just how they play and moving forward using them together along with other pieces of software to have a complete "performance protection suite" which covers you from more angles than a basic Firewall.Taken from OWASP I would like to quote this text: A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified. NAXSI means Nginx Anti Xss & Sql Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known patterns involved in websites vulnerabilities. For example, '<', '|' or 'drop' are not supposed to be part of a URI. Being very simple, those patterns may match legitimate queries, it is Naxsi's administrator duty to add specific rules that will whitelist those legitimate behaviours. The administrator can either add whitelists manually by analyzing nginx's error log, or (recommended) start the project by an intensive auto-learning phase that will automatically generate whitelisting rules regarding website's behaviour. In short, Naxsi behaves like a DROP-by-default firewall, the only job needed is to add required ACCEPT rules for the target website to work properly. Before I move further and hopefully get Blesta + Naxsi running together as everyone else tried running them both? P.S I already have Blesta + Nginx running smooth which is half of the setup already completed but here is a nice article detailing the setup and installation in more details for anyone interested: https://www.axivo.com/community/threads/nginx-naxsi-firewall-setup-on-centos.206/ Quote Link to comment Share on other sites More sharing options...
Paul Posted October 31, 2013 Report Share Posted October 31, 2013 I haven't heard of Naxis before, but curious where this goes. Will you be publishing a recommended rule set? Quote Link to comment Share on other sites More sharing options...
DandyDandy Posted November 1, 2013 Author Report Share Posted November 1, 2013 I haven't heard of Naxis before, but curious where this goes. Will you be publishing a recommended rule set? Just be using the default rule set which will likely need editing for everything to play nice. Maybe if a couple of others on these boards take to using it between us all we could bring up some kind of recommended rule set which this thread or something. Debian now have Nginx + Naxsi package so it's becoming popular. Quote Link to comment Share on other sites More sharing options...
cloudrck Posted November 6, 2013 Report Share Posted November 6, 2013 Yeah I've been looking into this as well. Been meaning to setup a dev area. Quote Link to comment Share on other sites More sharing options...
L3Y Posted October 27, 2014 Report Share Posted October 27, 2014 Hi, I know this is an old question, but... ..here is a new answer In order to use NAXSI with Blesta : 1) restric your server to your own ip - important while you are in learning mode2) enable NAXSI in Learning mode3) run this to create your whitelist rules : mv /var/log/nginx/error.log /var/log/nginx/error.log-bak touch /var/log/nginx/error.log mv /var/log/nginx/access.log /var/log/nginx/access.log-bak touch /var/log/nginx/access.log wget https://naxsi.googlecode.com/files/nx_util-1.0.tgz tar -zxf nx_util-1.0.tgz cd nx_util-1.0/nx_util NOW : BROWSE YOUR BLESTA EVERYWHERE! Go in the admin, and submit all the forms. Do the same in the client area. Try every features.You will generate some logs, in /var/log/nginx/error.log and /var/log/nginx/access.log.We will use these logs to create our whitelist rules : python nx_util.py -c nx_util.conf -l /var/log/nginx/*.log -o You'll get some rules created based on your logs. I suggest to review them first, and then only whitelist the ones you really need. Now add them to your whitelist file, and you are done. Note : Don't forget to comment the line LearningMode; in the file /etc/nginx/naxsi.rules ...and to restart nginx Cheers Quote Link to comment Share on other sites More sharing options...
L3Y Posted October 27, 2014 Report Share Posted October 27, 2014 Oh! don't forget if you exclude something, sometimes it can means the script is vulnerable. Care should be taken ...and NEVER disable a rule by commenting. Only add whitelists. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.