Floren
Well-known member
I finished a week ago the new nginx packages for CentOS/Redhat that support naxsi. This is a very sweet addition to nginx, I have no idea how I missed that product. So far, only Axivo offers the firewall packages for CentOS/Redhat.
Example of XenForo naxsi log output errors on one of my dev servers (with default firewall rules):
I hope more people will adopt naxsi. It is a good product, regardless the little coding errors they have in their source. The only naxsi version I managed to compile into Nginx 1.2.0 was 0.46-1, while disabling the "warnings as errors" cflag.
It is a learning curve for me and if you use nginx on Debian or FreeBSD, you should be aware of it. I'm trying to let the CentOS users taste the added security into nginx, so please share your experiences here. As usual, the Axivo RPM's will be provided for free to everyone using CentOS/Redhat 5/6.
Edit: Is official, the Axivo RPM's are now released to public:
http://www.axivo.com/go/naxsi
Enjoy.
Right now, I have 4 packages created:# yum --enablerepo=axivodev list nginx*
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirror.ubiquityservers.com
* extras: mirror.science.uottawa.ca
* updates: yum.singlehop.com
Installed Packages
nginx-common.x86_64 1.2.0-1.el5 installed
nginx-naxsi.x86_64 1.2.0-1.el5 installed
Available Packages
nginx.x86_64 1.2.0-1.el5 axivodev
nginx-debug.x86_64 1.2.0-1.el5 axivodev
- nginx-common.x86_64 - nginx common config files, logs, init scripts, etc.
- nginx.x86_64 - nginx binary with all modules enabled
- nginx-debug.x86_64 - nginx binary with all modules enabled + debug mode
- nginx-naxsi.x86_64 - nginx binary with all modules enabled + naxsi firewall
I did not released them to public as I'm still testing everything internally. So far, I'm using the basic firewall rules provided by naxsi team. I'm also in the process of writing the missing CentOS 5 packages needed for the sweet naxsi UI. Once everything is tested, I will post a nice tutorial.# yum --enablerepo=axivodev remove nginx-naxsi
# yum --enablerepo=axivodev install nginx
Example of XenForo naxsi log output errors on one of my dev servers (with default firewall rules):
Code:
2012/05/31 00:37:19 [error] 16094#0: *1 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/&total_processed=1&total_blocked=1&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET / HTTP/1.1", host: "hermes.axivo.com"
2012/05/31 00:37:24 [error] 16094#0: *1 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/forums/announcements.4/&total_processed=2&total_blocked=2&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET /forums/announcements.4/ HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/"
2012/05/31 00:37:25 [error] 16094#0: *1 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/&total_processed=3&total_blocked=3&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET / HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/forums/announcements.4/"
2012/05/31 00:37:32 [error] 16094#0: *1 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/forums/general-discussions.12/&total_processed=4&total_blocked=4&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET /forums/general-discussions.12/ HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/"
2012/05/31 00:37:34 [error] 16094#0: *1 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/&total_processed=5&total_blocked=5&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET / HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/forums/general-discussions.12/"
2012/05/31 01:10:35 [error] 16094#0: *18 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/forums/pre-sale-inquiries.5/&total_processed=6&total_blocked=6&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET /forums/pre-sale-inquiries.5/ HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/"
2012/05/31 01:10:36 [error] 16094#0: *18 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/threads/optimization-services.134/&total_processed=7&total_blocked=7&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET /threads/optimization-services.134/ HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/forums/pre-sale-inquiries.5/"
2012/05/31 01:10:41 [error] 16094#0: *18 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/&total_processed=8&total_blocked=8&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET / HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/threads/optimization-services.134/"
2012/05/31 01:10:42 [error] 16094#0: *18 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/forums/feedback.6/&total_processed=9&total_blocked=9&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET /forums/feedback.6/ HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/"
2012/05/31 01:10:45 [error] 16094#0: *18 NAXSI_FMT: ip=192.168.1.1&server=hermes.axivo.com&uri=/&total_processed=10&total_blocked=10&zone0=HEADERS&id0=1005&var_name0=cookie&zone1=HEADERS&id1=1010&var_name1=cookie&zone2=HEADERS&id2=1011&var_name2=cookie&zone3=HEADERS&id3=1315&var_name3=cookie, client: 192.168.1.1, server: hermes.axivo.com, request: "GET / HTTP/1.1", host: "hermes.axivo.com", referrer: "http://hermes.axivo.com/forums/feedback.6/"
It is a learning curve for me and if you use nginx on Debian or FreeBSD, you should be aware of it. I'm trying to let the CentOS users taste the added security into nginx, so please share your experiences here. As usual, the Axivo RPM's will be provided for free to everyone using CentOS/Redhat 5/6.
Edit: Is official, the Axivo RPM's are now released to public:
http://www.axivo.com/go/naxsi
Enjoy.