Nginx Plugin :: WAF

Started by ccesario, November 23, 2018, 04:04:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 23, 2018, 04:04:52 PM
Hi folks,

   Could someone guide me with Nginx + WAF plugin!!?
   Is it mandatory specify the Custom Security Policy in Location config when using Enable Security Rules option? (WAF).  Im asking because the WAF rules only works when I specified Custom Security Policy, according attached image.

Best regards
Carlos
November 23, 2018, 06:44:01 PM #1
This are the rules which are enabled. If you don't add any rules, there is nothing to match except the findings libinjection (configured above) which I would not rely on. OPNsense has no internal rules except those which come via libinjection which have their own setting.

The reason for the name is that You can define this security policies by yourself (but they are commonly imported from GitHub).
November 23, 2018, 07:00:47 PM #2
Hi @Fabian,

Thank you by your explanation. I thought that thi it was optional .. as a plus rules... I thought  that OPNsense had built in rules.

Thank you
Carlos
November 23, 2018, 08:05:49 PM #3
No that would create some unexpected behaviour (blocked requests for unexpected reasons).
Print
Go Up Pages1
User actions