Question
What is the best web server firewall for nginx?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×I’d enjoy finding a solution to this as well.. at the very least an alternative to modsecurity that plays well with nginx. I remember reading that modsecurity was (or is now) compatible with nginx? Not sure though as it seems one would need to have both apache and nginx to have this as a solution… in the meantime I have gone the money route by installing Dome9.
If anyone has a direction to point on this matter… how wonderful that would be!
mod_secuirty is now available for Nginx, but it requires recompiling Nginx from source. Naxsi is another option, but again it requires recompiling Nginx.
Speaking about open-source solutions, you should definitely look at naxsi (NAXSI means Nginx Anti Xss & Sql Injection). This is short desc from official site:
Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known patterns involved in websites vulnerabilities. For example, ’<’, ’|’ or ‘drop’ are not supposed to be part of a URI.
In practice, you still need support it and keep rules up-to-date for your applications (but with help of built-in learning modules). If you’re a looking for more efficient and easy-to-use solution, give a chance to Wallarm. It is built on NGINX, learns from traffic to craft blocking rules, has awesome interface and even vulnerability scanner built-in — but, unfortunately, it is not free.