Comments (5)
blotus
commented on May 18, 2024
From [email protected] on August 31, 2011 08:17:24
Hello,
Actually, I don't think putting a naxsi in learning mode, in production on a site with a "high" traffic is a good idea because of the overhead of learning mode (even I never tried). The learning mode should be done "before".
But, you have various way to do so, mainly relying on nginx's power :
- Make a netfilter rule that will direct users from specific IP(s) to a different nginx server (within nginx context), where learning mode would be enabled, and disable it for the other servers. (I think that's the most efficient - in terms of performances). For example, set up to identical nginx server directives, one with learning mode, the other one with no learning, on different ports, and redirect trusted IPs to the learning one ?
- Use nginx's access_module ( http://wiki.nginx.org/HttpAccessModule ) to limit valid IPs for the naxsi's "learning" location. But doing so, there will still be the "double request" induced by naxsi's learning mode.
- Use nginx's GeoIP module to redirect the user according to its IP, to a different location (one with learning enabled, another without learning mode)
- Issue a patch for http_config.py to add an option to filter "by source IP" (as this data is already passed with the request to http_config.py) (But this is quite "inefficient" in terms of performances)
If this is still an issue, I might as well issue a patch to make naxsi support "restricted" source IP for learning mode, but I feel like it's rewriting something already existent in NGINX.
Thanks, and let me know if it satisfies you !
from naxsi.
blotus
commented on May 18, 2024
From [email protected] on August 31, 2011 10:17:51
Actually, putting a configuration like the following one for your DeniedUrl seems to work well and limit the potential overhead induced by double requests, as it will internally stay to nginx :
location / RequestDenied {
allow x.x.x.x;
deny all;
proxy_pass http://127.0.0.1:4242/;
}
from naxsi.
blotus
commented on May 18, 2024
From [email protected] on September 23, 2011 07:38:59
is this a valid fix for you ?
Status: Done
from naxsi.
blotus
commented on May 18, 2024
From [email protected] on September 23, 2011 09:40:47
I think add trusted IP can keep naxsi learning "clean" traffic .
And yes, deploy two nginx instance will fix it, but I think if naxsi support trusted IP,
it will save a lot of time to setup two nginx for many people.
This is what computer is invented for.
from naxsi.
blotus
commented on May 18, 2024
From [email protected] on October 04, 2011 01:31:00
Hello,
I think you misunderstood my answer.
I was not saying that deploying two nginx is a solution, but that you should use the nginx's allow directive in your / RequestDenied location.
In this way, only "trusted" IP will be in learning mode, while others will just get your denied page.
from naxsi.
Related Issues (20)
- mainRule bad utf8 check error HOT 3
- Feature request: Expose Prometheus metrics for naxsi HOT 2
- Why have recent merges been reverted? HOT 1
- Configuration File nginx.conf test failed HOT 3
- Brute Force Using WPScan HOT 7
- WordPress Fruitful 3.8 Cross Site Scripting HOT 1
- The audit log ID HOT 4
- How to whitelist the internal rule 20 HOT 5
- how to explan rule of 20th? should I put it in the whitelist? HOT 1
- PCRE2 constants and check errors from regexp compile HOT 1
- reserved identifier violation HOT 1
- error getting at make command HOT 1
- Nginx with naxsi enabled does not finish standard request processing under some configs HOT 7
- New release with nginx 1.24 compatibility? HOT 2
- Move to new repository HOT 1
- how can i do test using naxsi HOT 5
- Release a new version HOT 2
- Error binary compatible nginx HOT 5
- Syntax error when using regular expression rules HOT 1
- Building Naxsi on Kali Purple HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from naxsi.