Skip to content

Releases: nbs-system/naxsi

Compare
Choose a tag to compare

Naxsi:

  • Fixed regression on FILE_EXT confusion
  • Documented id 19 and 20 to rules

Debian/Ubuntu packages usage:

To enable naxsi include the following files in the configuration as follows:

# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;

# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;

# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode

All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf

# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
Compare
Choose a tag to compare

1.2

Naxsi:

  • Fixed IgnoreIP and IgnoreCIDR (#534 and #532)
  • Fixed non-c99 builds
  • Added config=ignore mode to identify non blocked requests
  • Improved core rules (#450)

Special thanks to:

  • kkadosh
  • noahbailey
  • rickygm

Debian/Ubuntu packages usage:

To enable naxsi include the following files in the configuration as follows:

# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;

# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;

# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode

All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf

# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
Compare
Choose a tag to compare

Naxsi:

  • Fixed 3 vulnerabilities related to the WAF. (#525 #527 #529)
  • Fixed build on FreeBSD (#526)

Special thanks to: jltignon

Debian/Ubuntu packages usage:

To enable naxsi include the following files in the configuration as follows:

# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;

# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;

# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode

All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf

# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
d39bcf9
Compare
Choose a tag to compare

1.1

Naxsi:

  • Fixed various compilation issues (#515 #497 #491).
  • Fixed valid JSON blocked by Rule ID 15 (#457).
  • Fixed documentation (#505).
  • Updated libinjection to 3.9.2 (commit: 991433e7 #523)
  • Added Content-type: application/vnd.api+json (#513).
  • Added JSON logging output for events (#488 #522).
  • Implemented Whitelist for IPs and CIDRs and support for IPv4 and IPv6 (#488 #522).

Special thanks to:

  • 0xflotus
  • marcinguy
  • squedgy

Debian/Ubuntu packages usage:

To enable naxsi include the following files in the configuration as follows:

# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;

# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;

# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode

All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf

# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules
e9c3dd7
Compare
Choose a tag to compare

1.0

naxsi:

  • Parse body of PATCH requests
  • Scientific notation in json (Fix #437)
  • Log clarification
  • Fixed country code when geoip library fail to get geolocation or ip is private/local address
  • Fixed issues to setup nxapi on ES5 and added country location on stats and generated whitelists

nxtool:

  • replace prints with proper logging support

Special thanks to:

  • chipitsine
  • fernandomariano
  • Kegeruneku
  • z0r0
  • calve
  • buixor
  • sabban
  • he2ss
  • jvoisin
951123a
Compare
Choose a tag to compare

This release mostly aims at integrating HTTP2 support into naxsi.

  • http2 support (1289e50, 1c8ce05)
  • improvement : Avoid rule collision on virtual-patching (ec4ce3e)
  • fix a potential null-byte issue on form/url-encoded POST payloads
  • added a new internal rule 19 to allow users to only rely on lib-injection (951123a)
  • improved json parsing (this is useful if you're doing CSP) (#420)
  • make naxsi more verbose in case of user-induced errors (#424 #311 )
Compare
Choose a tag to compare
Pre-release

This release mostly aims at integrating HTTP2 support into naxsi.

  • http2 support (1289e50, 1c8ce05)
  • improvement : Avoid rule collision on virtual-patching (ec4ce3e)
  • fix a potential null-byte issue on form/url-encoded POST payloads
Compare
Choose a tag to compare

Version 0.55.3 fixed a bug where two rules in LOG and a DROP could conflict if a request was tagged as DROP but not BLOCK.

Compare
Choose a tag to compare

Version 0.55.2 fixed a bug where when two consecutive virtual patching rules on the same zone are checked, a mismatch of the matchzone on the first one would make the following one fail as well.

Compare
Choose a tag to compare

Version 0.55.1 fixes a build issue when naxsi was used with mod_lua and other modules.