73c83dbe3e
Commit722b84eafaforgot to update nginx-naxsi resulting in the following build failure: In file included from ../nginx-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834/naxsi_src/naxsi_runtime.c:7: ../nginx-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834/naxsi_src/naxsi.h:147:3: error: unknown type name 'ngx_regex_compile_t' 147 | ngx_regex_compile_t* target_rx; | ^~~~~~~~~~~~~~~~~~~ Fixes:722b84eafa- http://autobuild.buildroot.org/results/87bbcf946ccbd8e3bf1ca9f39464f4bb198c8d42 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
30 lines
1.2 KiB
Plaintext
30 lines
1.2 KiB
Plaintext
config BR2_PACKAGE_NGINX_NAXSI
|
|
bool "nginx-naxsi"
|
|
depends on BR2_PACKAGE_NGINX_HTTP
|
|
# uses pcre2, so nginx needs to be built with pcre2 support
|
|
select BR2_PACKAGE_PCRE2
|
|
help
|
|
NAXSI means Nginx Anti XSS & SQL Injection.
|
|
|
|
Technically, it is a third party nginx module, available as
|
|
a package for many UNIX-like platforms. This module, by
|
|
default, reads a small subset of simple (and readable) rules
|
|
containing 99% of known patterns involved in website
|
|
vulnerabilities. For example, <, | or drop are not supposed
|
|
to be part of a URI.
|
|
|
|
Being very simple, those patterns may match legitimate
|
|
queries, it is the Naxsi's administrator duty to add
|
|
specific rules that will whitelist legitimate
|
|
behaviours. The administrator can either add whitelists
|
|
manually by analyzing nginx's error log, or (recommended)
|
|
start the project with an intensive auto-learning phase that
|
|
will automatically generate whitelisting rules regarding a
|
|
website's behaviour.
|
|
|
|
In short, Naxsi behaves like a DROP-by-default firewall, the
|
|
only task is to add required ACCEPT rules for the target
|
|
website to work properly.
|
|
|
|
https://github.com/nbs-system/naxsi
|