OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: ccesario on November 23, 2018, 04:04:52 pm
-
Hi folks,
Could someone guide me with Nginx + WAF plugin!!?
Is it mandatory specify the Custom Security Policy in Location config when using Enable Security Rules option? (WAF). Im asking because the WAF rules only works when I specified Custom Security Policy, according attached image.
Best regards
Carlos
-
This are the rules which are enabled. If you don't add any rules, there is nothing to match except the findings libinjection (configured above) which I would not rely on. OPNsense has no internal rules except those which come via libinjection which have their own setting.
The reason for the name is that You can define this security policies by yourself (but they are commonly imported from GitHub).
-
Hi @Fabian,
Thank you by your explanation. I thought that thi it was optional .. as a plus rules... I thought that OPNsense had built in rules.
Thank you
Carlos
-
No that would create some unexpected behaviour (blocked requests for unexpected reasons).