OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: ccesario on November 23, 2018, 04:04:52 pm

Title: Nginx Plugin :: WAF
Post by: ccesario on November 23, 2018, 04:04:52 pm

Hi folks,

   Could someone guide me with Nginx + WAF plugin!!?
   Is it mandatory specify the Custom Security Policy in Location config when using Enable Security Rules option? (WAF).  Im asking because the WAF rules only works when I specified Custom Security Policy, according attached image.

Best regards
Carlos

Title: Re: Nginx Plugin :: WAF
Post by: fabian on November 23, 2018, 06:44:01 pm

This are the rules which are enabled. If you don't add any rules, there is nothing to match except the findings libinjection (configured above) which I would not rely on. OPNsense has no internal rules except those which come via libinjection which have their own setting.

The reason for the name is that You can define this security policies by yourself (but they are commonly imported from GitHub).

Title: Re: Nginx Plugin :: WAF
Post by: ccesario on November 23, 2018, 07:00:47 pm

Hi @Fabian,

Thank you by your explanation. I thought that thi it was optional .. as a plus rules... I thought  that OPNsense had built in rules.

Thank you
Carlos

Title: Re: Nginx Plugin :: WAF
Post by: fabian on November 23, 2018, 08:05:49 pm

No that would create some unexpected behaviour (blocked requests for unexpected reasons).