1config BR2_PACKAGE_NGINX_NAXSI 2 bool "nginx-naxsi" 3 depends on BR2_PACKAGE_NGINX_HTTP 4 # uses pcre, so nginx needs to be built with pcre support 5 select BR2_PACKAGE_PCRE 6 help 7 NAXSI means Nginx Anti XSS & SQL Injection. 8 9 Technically, it is a third party nginx module, available as 10 a package for many UNIX-like platforms. This module, by 11 default, reads a small subset of simple (and readable) rules 12 containing 99% of known patterns involved in website 13 vulnerabilities. For example, <, | or drop are not supposed 14 to be part of a URI. 15 16 Being very simple, those patterns may match legitimate 17 queries, it is the Naxsi's administrator duty to add 18 specific rules that will whitelist legitimate 19 behaviours. The administrator can either add whitelists 20 manually by analyzing nginx's error log, or (recommended) 21 start the project with an intensive auto-learning phase that 22 will automatically generate whitelisting rules regarding a 23 website's behaviour. 24 25 In short, Naxsi behaves like a DROP-by-default firewall, the 26 only task is to add required ACCEPT rules for the target 27 website to work properly. 28 29 https://github.com/nbs-system/naxsi 30