Comments (7)
depends on the requests, you can try to check what logs generates and dump also the request parameters
from naxsi.
Thanks For you reply.
I want to block WPS to scan User and author from my wordpress
this is the access log from nginx.
and what are the exact rules of blocking naxsi based on WPS User Agent?
Thanks..
from naxsi.
First i would suggest to use these rules: https://github.com/wargio/naxsi/tree/main/naxsi_rules/blocking (and if you are not yet, please use my repository for naxsi since this one is abandoned.. i'm the only active developer)
second i guess i haven't yet added wpscan UA in the scanner list rule (i will make a MR after writing this here) but depending on what is in the request you should probably create custom rules, also because wp plugins are many so is kinda hard to keep track of all of them.
Anyway the rule for blocking the wpscan UA is simply MainRule id:1234567 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:wpscan in user-agent";
Another suggestion is to have more data in the logs like request parameters in the post request, etc.. but you need to setup custom logs on nginx for that.
On my setup where i do use naxsi i have configured nginx to output json logs and send them to logstash which parses them and then logstash logs are sent to elastic search + kibana where i have a nice graph with details, etc..
Then what i do is look to the traffic and check what parameters looks suspicious and i create rules.
Most of the "bad traffic" can be simply blocked by adding bad user-agents rules in naxsi
from naxsi.
thanks for your response
i have used your repository and tried naxsi rules to block wps UA and set custom log in nginx.
The result in the error log nginx successfully blocked WPScan, I tried to enumerate author/user on wordpress even after WPScan UA was successfully blocked in the nginx log, user/author can still be found. what are the proper rules to block wpscan from enumerating author/user? then whether naxsi can block the IP address?
Thanks
from naxsi.
i do not think there is much you can do there, if those apis are intended to be used by the blog.
If they are not, then you can just ban the api call with a rule.
from naxsi.
any suggestion or tutorial how to do that?
from naxsi.
MainRule id:123456789 "s:$UWA:8" "str:author" "mz:ARGS|NAME" "msg:block author enumeration";
could be something like that. these are well explained in the wiki:
- https://github.com/nbs-system/naxsi/wiki/rules-bnf
- https://github.com/nbs-system/naxsi/wiki/matchzones-bnf
from naxsi.
Related Issues (20)
- mainRule bad utf8 check error HOT 3
- Feature request: Expose Prometheus metrics for naxsi HOT 2
- Why have recent merges been reverted? HOT 1
- Configuration File nginx.conf test failed HOT 3
- WordPress Fruitful 3.8 Cross Site Scripting HOT 1
- The audit log ID HOT 4
- How to whitelist the internal rule 20 HOT 5
- how to explan rule of 20th? should I put it in the whitelist? HOT 1
- PCRE2 constants and check errors from regexp compile HOT 1
- reserved identifier violation HOT 1
- error getting at make command HOT 1
- Nginx with naxsi enabled does not finish standard request processing under some configs HOT 7
- New release with nginx 1.24 compatibility? HOT 2
- Move to new repository HOT 1
- how can i do test using naxsi HOT 5
- Release a new version HOT 2
- Error binary compatible nginx HOT 5
- Syntax error when using regular expression rules HOT 1
- Building Naxsi on Kali Purple HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from naxsi.