English Forums > Web Proxy Filtering and Caching

WAF nginx - add rules naxsi

(1/2) > >>

RamSense:
Hi,
I have a own hosted wordpress site behind opnsense / nginx reverse proxy with naxsi waf enabled.
I found this site ( https://miketabor.com/a-few-steps-to-secure-a-wordpress-site/ ) with some Cloudflare WAF instructions. I wonder how I can translate them to being added to the nginx naxsi waf rules.

Who can help me step by step how to add those rules to what fields in Naxsi/nginx?


--- Code: ---(http.request.full_uri contains "wp-config.") or
(http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php") or
(http.request.uri.path contains "phpmyadmin") or
(http.request.uri.path contains "/xmlrpc.php") or
(http.request.full_uri contains "passwd") or
(http.request.uri.query contains "author_name=") or
(http.request.uri.query contains "author=" and not http.request.uri.path contains "/wp-admin/export.php") or
(http.request.uri contains "/wp-json/wp/v2/users/") or
(http.request.full_uri contains "../") or
(http.request.full_uri contains "..%2F") or
(http.request.full_uri contains "vuln.") or
(http.request.uri.query contains "base64") or
(http.request.uri.query contains "<script") or
(http.request.uri.query contains "%3Cscript") or
(http.request.uri.query contains "$_GLOBALS[") or
(http.request.uri.query contains "$_REQUEST[") or
(http.request.uri.query contains "$_POST[") or
(http.request.uri contains "<?php") or 
(http.request.uri contains ".sql") or
(http.request.uri contains ".bak") or
(http.request.uri contains ".cfg") or
(http.request.uri contains ".env") or
(http.request.uri contains ".ini") or
(http.request.uri contains ".log") or
(http.request.full_uri contains "/license.txt") or
(http.request.full_uri contains "/readme.html")
--- End code ---

many thanks in advance!

fabian:
Convert every rule to a main rule (some are likely already there if you import the standard ruleset) and assign them.

Some of those rules are totally nonsense for a default WP installation like blocking phpmyadmin since it is not there unless you install it or blocking file extensions that should not exist in a WP installation.

RamSense:
thanks for your reply and info and do I understand it correctly that for instance, for the rule: (http.request.full_uri contains "/license.txt") it is as simple as;

add Naxsi rule:
Description: block /license.txt
Message: block /license.txt
ID: 99999 (some non existing high number? or leave empty?)
Rule Type: Main rule
Use Regular Expressions: <checked>
Match Value: /license.txt
Match Type: Blacklist
Search in Filename: <checked>
Score: 8

and the rule for getting a block while looking for the /license.txt file is being added? Or is there something to be added?

thanks for your help

fabian:
Id just needs to be unique. It should not be < 1000 since that are the internal rules. The rest is up to you.

RamSense:
Thank you for explaining. I did just made my own and first Naxsi rule id 2000 for blocking getting: /license.txt

And Opnsense gave the "Request Denied For Security Reasons" :-)

Navigation

[0] Message Index

[#] Next page

Go to full version