Viewing posts tagged waf

Nginx with ModSecurity

In one of my previous notes I wrote about firewalling web applications using NAXSI WAF. In this post I'll write small howto on getting ModSecurity module to work with Nginx webserver.

Firewalling web applications using NAXSI WAF

Any web application can have a security bug, which exploited, may allow the attacker to gain unauthorized access to crucial application components, and, unfortunately, lead to a leakage of a sensitive data. One of the common ways to defend the zero days is to use WAF (Web Application Firewall). In this tutorial I'll put some light on a dedicated Nginx WAF external module called NAXSI (Nginx Anti XSS & SQL Injection), the ModSecurity equivalent for Apachers, by the way...