kumquat-buildroot/package/nginx-naxsi/Config.in

config BR2_PACKAGE_NGINX_NAXSI
	bool "nginx-naxsi"
	depends on BR2_PACKAGE_NGINX_HTTP
	# uses pcre, so nginx needs to be built with pcre support
	select BR2_PACKAGE_PCRE
	help
	  NAXSI means Nginx Anti XSS & SQL Injection.

	  Technically, it is a third party nginx module, available as
	  a package for many UNIX-like platforms. This module, by
	  default, reads a small subset of simple (and readable) rules
	  containing 99% of known patterns involved in website
	  vulnerabilities. For example, <, | or drop are not supposed
	  to be part of a URI.

	  Being very simple, those patterns may match legitimate
	  queries, it is the Naxsi's administrator duty to add
	  specific rules that will whitelist legitimate
	  behaviours. The administrator can either add whitelists
	  manually by analyzing nginx's error log, or (recommended)
	  start the project with an intensive auto-learning phase that
	  will automatically generate whitelisting rules regarding a
	  website's behaviour.

	  In short, Naxsi behaves like a DROP-by-default firewall, the
	  only task is to add required ACCEPT rules for the target
	  website to work properly.

	  https://github.com/nbs-system/naxsi
nginx-nasxi: new package Naxsi is a third party nginx module reads a small subset of simple rules containing a list of known patterns involved in website vulnerabilities. This module behaves like a DROP-by-default firewall for nginx. Signed-off-by: Adam Duskett <aduskett@codeblue.com> [Thomas: - include Config.in file directly from package/Config.in and not from package/nginx/Config. - improve Config.in help text with more details - rename the package prompt from ngx_http_naxsi_module to nginx-naxsi - remove NGINX_NAXSI_SOURCE, and fix the definition of NGINX_NAXSI_SITE - change license from GPLv3 to GPLv2+ with OpenSSL exception - cange license file from LICENSE to naxsi_src/naxsi_json.c. The LICENSE file exists in the latest Git master of the project, but not in the 0.54 tag that we're packaging.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-07-15 19:45:12 +02:00			`config BR2_PACKAGE_NGINX_NAXSI`
			`bool "nginx-naxsi"`
nginx-naxsi: depends on BR2_PACKAGE_NGINX_HTTP This package adds XSS and SQLi protection to Nginx HTTP server. So, it makes sense iff the HTTP part of nginx is enabled. Fixes: http://autobuild.buildroot.net/results/1df67325f11a6f1c88d0c9cc5f4feab0b57bc2a6/ Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com> [Thomas: fix indentation, add autobuilder reference.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-12-05 15:28:24 +01:00			`depends on BR2_PACKAGE_NGINX_HTTP`
nginx-naxsi: clarify pcre dependency It is not directly obvious why we select pcre but not add it to the .mk file, so add a comment to clarify. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-09-17 12:06:59 +02:00			`# uses pcre, so nginx needs to be built with pcre support`
package/nginx-naxsi: add missing pcre dependency Fixes: http://autobuild.buildroot.net/results/9c7/9c7bad6831b09251af81e2bbfc595a241df87c70/ Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-12 21:23:24 +02:00			`select BR2_PACKAGE_PCRE`
nginx-nasxi: new package Naxsi is a third party nginx module reads a small subset of simple rules containing a list of known patterns involved in website vulnerabilities. This module behaves like a DROP-by-default firewall for nginx. Signed-off-by: Adam Duskett <aduskett@codeblue.com> [Thomas: - include Config.in file directly from package/Config.in and not from package/nginx/Config. - improve Config.in help text with more details - rename the package prompt from ngx_http_naxsi_module to nginx-naxsi - remove NGINX_NAXSI_SOURCE, and fix the definition of NGINX_NAXSI_SITE - change license from GPLv3 to GPLv2+ with OpenSSL exception - cange license file from LICENSE to naxsi_src/naxsi_json.c. The LICENSE file exists in the latest Git master of the project, but not in the 0.54 tag that we're packaging.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-07-15 19:45:12 +02:00			`help`
			`NAXSI means Nginx Anti XSS & SQL Injection.`

			`Technically, it is a third party nginx module, available as`
			`a package for many UNIX-like platforms. This module, by`
			`default, reads a small subset of simple (and readable) rules`
			`containing 99% of known patterns involved in website`
			`vulnerabilities. For example, <, \| or drop are not supposed`
			`to be part of a URI.`

			`Being very simple, those patterns may match legitimate`
			`queries, it is the Naxsi's administrator duty to add`
			`specific rules that will whitelist legitimate`
			`behaviours. The administrator can either add whitelists`
			`manually by analyzing nginx's error log, or (recommended)`
			`start the project with an intensive auto-learning phase that`
			`will automatically generate whitelisting rules regarding a`
			`website's behaviour.`

			`In short, Naxsi behaves like a DROP-by-default firewall, the`
			`only task is to add required ACCEPT rules for the target`
			`website to work properly.`

			`https://github.com/nbs-system/naxsi`