kumquat-buildroot/package/nginx-naxsi/Config.in
Peter Korsgaard b715991c23 nginx-naxsi: clarify pcre dependency
It is not directly obvious why we select pcre but not add it to the .mk
file, so add a comment to clarify.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-09-17 12:09:31 +02:00

29 lines
1.1 KiB
Plaintext

config BR2_PACKAGE_NGINX_NAXSI
bool "nginx-naxsi"
# uses pcre, so nginx needs to be built with pcre support
select BR2_PACKAGE_PCRE
help
NAXSI means Nginx Anti XSS & SQL Injection.
Technically, it is a third party nginx module, available as
a package for many UNIX-like platforms. This module, by
default, reads a small subset of simple (and readable) rules
containing 99% of known patterns involved in website
vulnerabilities. For example, <, | or drop are not supposed
to be part of a URI.
Being very simple, those patterns may match legitimate
queries, it is the Naxsi's administrator duty to add
specific rules that will whitelist legitimate
behaviours. The administrator can either add whitelists
manually by analyzing nginx's error log, or (recommended)
start the project with an intensive auto-learning phase that
will automatically generate whitelisting rules regarding a
website's behaviour.
In short, Naxsi behaves like a DROP-by-default firewall, the
only task is to add required ACCEPT rules for the target
website to work properly.
https://github.com/nbs-system/naxsi