NAXSI

Started by someone, December 23, 2025, 09:47:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 23, 2025, 09:47:02 PM
Can anyone tell me is the WAF NAXSI operating in the os-nginx plugin working, says it was archived.
December 24, 2025, 08:58:49 AM #1
December 24, 2025, 09:14:14 AM #2
@fastboot you posted this 3 times. If I see another one you get a temp ban because this is will be considered spam.


Cheers,
Franco
December 24, 2025, 09:42:00 AM #3 Last Edit: December 24, 2025, 09:52:32 AM by Patrick M. Hausen
Wouldn't it be more productive to temporarily ban users spamming wild completely unsubstantiated claims about how "they" hack into your OPNsense after "hijacking your browser" and similar nonsense?

Imagine a beginner stumbling on these posts and taking the advice for real.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 24, 2025, 09:51:59 AM #4
Hello Franco,

I do understand your point.
Nonetheless... that person is a troll. Floodding the forum with bullshit bingo, which potentially harm others.

It would be appreciated if you can do something against such nonsense posts. Especially as that person is proven wrong many times.
December 24, 2025, 10:04:32 AM #5
The user was warned here

https://forum.opnsense.org/index.php?topic=50200.0

The threads have also been moved to general discussion so the lower frequency of the intrusion detection board cannot be used as personal blog.

Banning right away without a warning is not nice.
Hardware:
DEC740
December 24, 2025, 10:11:23 AM #6
I did not suggest without a warning. 🙂
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 24, 2025, 10:52:06 AM #7 Last Edit: December 24, 2025, 10:53:45 AM by franco
> Nonetheless... that person is a troll. Floodding the forum with bullshit bingo, which potentially harm others.

Yeah, trolling back is not a great plan.

Just report the thread(s) and we'll deal with it.


Cheers,
Franco
Today at 07:12:05 PM #8 Last Edit: Today at 07:57:16 PM by someone
Google quote
Yes, AppArmor logs denied operations, showing
what was blocked (like file opens, writes, or network access), which process (PID, command name), the specific profile, and the resource (file path) it tried to access, visible in kernel logs (dmesg, syslog, journalctl), especially when using aa-logprof for analysis. These logs help you understand and update AppArmor rules to allow legitimate actions while blocking malicious ones

It can be put on opnsense

Connected to three social media servers and browser servers, about 50 attacks per hour via browser, default opnsense stops the others
Blocked commands on the operating system that got past opnsense,  chrome, chrun, crun, balena-etcher, tuxedo, busybox, cam, ping, buildah, brave, ch-checkns, etc. and many fragments
How example
Your browser inserts and deletes files at will, without permission
There is a major media app that will take all your files on the copyright premise, without permission
Again how is they have a connection established, some without coming through the front door, this is one new way of hacking
Used by big business, data brokers, bad guys
 It can be a video, pdf, something in the webpage thats makes the connection
Mine are coming through major servers, sometimes it switches to names that should not be there and I can see them
I mentioned before I got on a popular shopping site and was connected to 32 servers around the world, I think thats changed, I told them
I mentioned the web has changed and we cant use old block lists because they are being used by the new server systems, they needed more IPs
Some of these server systems are inter linked, example money system, photo storage, advertising, third party systems that dont always show up.
These servers are not monitored, for there security yes, not ours, its a pass through system, they cant, to much traffic
There is more on this type of intrusion on the security sites
As far as I know, thats my guess
 I am adding programs to opnsense to stop these from getting past opnsense, opnsense does have the tools
If anyone knows more please let me know

And thanks, I wouldnt be online if it were not for opnsense
Today at 08:08:16 PM #9 Last Edit: Today at 08:32:16 PM by Patrick M. Hausen
Quote from: someone on Today at 07:12:05 PMIt can be put on opnsense

No, it cannot. OPNsense is based on FreeBSD, not Linux.

Quote from: someone on Today at 07:12:05 PMConnected to three social media servers and browser servers, about 50 attacks per hour via browser

What exactly is this supposed to mean? When I go to e.g. bsky.app I do not see any "attacks via browser".
Show these attacks or I still call bullshit.

If you mean your browser is opening dozens of connections when you view a website? Yes, of course. That's how the web works, nowadays. It's loading static assets from some CDN, fonts from google, and finally all those wonderful ads combined with "metrics", i.e. tracking mechanisms.

None of this is an attack.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 09:13:45 PM #10 Last Edit: Today at 09:15:39 PM by someone
Plan is to use nginx to decrypt and send packets to suricata where Ill put in some keyword rules to grab the commands in the payload and log all of it and will find out what IP they are coming from, A lot of TLSv1.1 for me so it shouldnt be to difficult.
Print
Go Up Pages1
User actions