pbooth Wrote: ------------------------------------------------------- > Wow- I really like the sound of naxsi. In the past I've used F5's ASM, > the WAF built on their big-ip platform. It was powerful though prone > to false positives. I don't believe there are any real shortcuts that > allow you to build an effective waf without understanding the details > of your own website. These simply aren't build, deploy and forget > devices. It sounds a if the creator of naxsi understands this. >
hi, naxsi-ssupporter and doxi-rules-maintainer here. FPs are an issue for any blocking-mechanism. what many people dont know: naxsi has an integrated whitelist-generator, allowing you to tune your WAF against your own application. for people with staging/deployment - envoriments you can run anxsi there in learning-mode, generating all whitelists needed on-the-fly and deploying them during your regular deployments. maybe overdosed for smaller setups, but fitting perfectly into bigger setups. and yes, naxsi needs more documentation an beginner-based manuals. maybe thios helps to understand the rules (and needs an update as well:) https://zero.bs/naxis-rules-manual.html regards, mex Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274339,274358#msg-274358 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx