Releases: nbs-system/naxsi
1.3
Naxsi:
- Fixed regression on FILE_EXT confusion
- Documented id 19 and 20 to rules
Debian/Ubuntu packages usage:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules1.2
Naxsi:
- Fixed
IgnoreIPandIgnoreCIDR(#534 and #532) - Fixed non-c99 builds
- Added
config=ignoremode to identify non blocked requests - Improved core rules (#450)
Special thanks to:
- kkadosh
- noahbailey
- rickygm
Debian/Ubuntu packages usage:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules1.1a (security update)
Naxsi:
Special thanks to: jltignon
Debian/Ubuntu packages usage:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules1.1
Naxsi:
- Fixed various compilation issues (#515 #497 #491).
- Fixed valid JSON blocked by Rule ID 15 (#457).
- Fixed documentation (#505).
- Updated libinjection to 3.9.2 (commit: 991433e7 #523)
- Added Content-type: application/vnd.api+json (#513).
- Added JSON logging output for events (#488 #522).
- Implemented Whitelist for IPs and CIDRs and support for IPv4 and IPv6 (#488 #522).
Special thanks to:
- 0xflotus
- marcinguy
- squedgy
Debian/Ubuntu packages usage:
To enable naxsi include the following files in the configuration as follows:
# add inside http {}
include /usr/share/naxsi/naxsi_core.rules;
# add inside server {}
include /usr/share/naxsi/naxsi_denied_url.conf;
# add inside location /my/path {}
# you can't use both. choose one of the 2 modes.
include /usr/share/naxsi/naxsi_block_mode.conf; # use this to enable blocking mode
include /usr/share/naxsi/naxsi_learning_mode.conf; # use this to enable learning mode
All the BasicRules are available below and shall be added after naxsi_block_mode.conf or after naxsi_learning_mode.conf
# to use them just include them within `location /my/path {}`
/usr/share/naxsi/rules/iris.rules
/usr/share/naxsi/rules/rutorrent.rules
/usr/share/naxsi/rules/wordpress.rules
/usr/share/naxsi/rules/dokuwiki.rules
/usr/share/naxsi/rules/drupal.rules
/usr/share/naxsi/rules/etherpad-lite.rules
/usr/share/naxsi/rules/zerobin.rules1.0
naxsi:
- Parse body of PATCH requests
- Scientific notation in json (Fix #437)
- Log clarification
- Fixed country code when geoip library fail to get geolocation or ip is private/local address
- Fixed issues to setup nxapi on ES5 and added country location on stats and generated whitelists
nxtool:
- replace prints with proper logging support
Special thanks to:
- chipitsine
- fernandomariano
- Kegeruneku
- z0r0
- calve
- buixor
- sabban
- he2ss
- jvoisin
0.56
This release mostly aims at integrating HTTP2 support into naxsi.
- http2 support (1289e50, 1c8ce05)
- improvement : Avoid rule collision on virtual-patching (ec4ce3e)
- fix a potential null-byte issue on form/url-encoded POST payloads
- added a new internal rule
19to allow users to only rely on lib-injection (951123a) - improved json parsing (this is useful if you're doing CSP) (#420)
- make naxsi more verbose in case of user-induced errors (#424 #311 )
0.56rc1: Collision reduce (#401)
0.55.3
makefile, not war
Version 0.55.2 fixed a bug where when two consecutive virtual patching rules on the same zone are checked, a mismatch of the matchzone on the first one would make the following one fail as well.
makefile, not war
Version 0.55.1 fixes a build issue when naxsi was used with mod_lua and other modules.