NAXSI - High performance, low rules maintenance WAF for NGINX

  •        360

NAXSI means Nginx Anti XSS & SQL Injection. NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI.

Contrary to most Web Application Firewalls, Naxsi doesn't rely on a signature base like an antivirus, and thus cannot be circumvented by an "unknown" attack pattern.

https://github.com/nbs-system/naxsi

Tags
Implementation
License
Platform

   




Related Projects

ModSecurity - Cross platform Web Application Firewall (WAF)

  •    C

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

VeryNginx - A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards

  •    Lua

VeryNginx is a very powerful and friendly nginx . VeryNginx is based on lua_nginx_module(openrestry). It implements advanced firewall(waf), access statistics and some other features. It strengthens the Nginx's functions, and provides a friendly Web interface.

WhatWaf - Detect and bypass web application firewalls and protection systems

  •    Python

WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.

janusec - Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing

  •    Go

Janusec Application Gateway, an application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Detailed documentation is available at Janusec Application Gateway Documentation.

shadowd - The Shadow Daemon web application firewall server

  •    C++

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. This is the main component that handles the analysis and storage of requests.


ModSecurity-nginx - ModSecurity v3 Nginx Connector

  •    C

The ModSecurity-nginx connector is the connection point between Nginx and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between Nginx and libmodsecurity. This connector is required to use LibModSecurity with Nginx. The ModSecurity-nginx connector takes the form of an Nginx module. The module simply serves as a layer of communication between Nginx and ModSecurity.

nginx-upsync-module - For http protocol

  •    C

nginx-upsync-module - Nginx C module, sync upstreams from consul or others, dynamically modify backend-servers attribute(weight, max_fails,...), needn't reload nginx. It may not always be convenient to modify configuration files and restart NGINX. For example, if you are experiencing large amounts of traffic and high load, restarting NGINX and reloading the configuration at that point further increases load on the system and can temporarily degrade performance.

lua-resty-waf - High-performance WAF built on the OpenResty stack

  •    Perl

lua-resty-waf is currently in active development. New bugs and questions opened in the issue tracker will be answered within a day or two, and performance impacting / security related issues will be patched with high priority. Larger feature sets and enhancements will be added when development resources are available (see the Roadmap section for an outline of planned features). lua-resty-waf is compatible with the master branch of lua-resty-core. The bundled version of lua-resty-core available in recent releases of OpenResty (>= 1.9.7.4) is compatible with lua-resty-waf; versions bundled with older OpenResty bundles are not, so users wanting to leverage resty.core will either need to replace the local version with the one available from the GitHub project, or patch the module based off this commit.

jxwaf - JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙

  •    C

JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙

OpenResty - Turning Nginx into a Full-Fledged Scriptable Web Platform

  •    C

OpenResty is a full-fledged web platform that integrates the standard Nginx core, LuaJIT, many carefully written Lua libraries, lots of high quality 3rd-party Nginx modules, and most of their external dependencies. It is designed to help developers easily build scalable web applications, web services, and dynamic web gateways.

Endian Firewall Community

  •    Groovy

Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering f

WebCastellum

  •    Java

Java-based Open Source WAF (Web Application Firewall) to include inside a web application in order to protect it against attacks like SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Parameter Manipulation and many more.

waf - 使用Nginx+Lua实现的WAF

  •    Lua

使用Nginx+Lua实现的WAF

pfsense - Main repository for pfSense

  •    PHP

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more. pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.

ngx-fancyindex - Fancy indexes module for the Nginx web server

  •    C

This module is designed to work with Nginx, a high performance open source web server written by Igor Sysoev. For users of the official stable Nginx repository, extra packages repository with dynamic modules is available and fancyindex is included.

uwsgi-nginx-flask-docker - Docker image with uWSGI and Nginx for Flask applications in Python running in a single container

  •    Shell

Docker image with uWSGI and Nginx for Flask web applications in Python 3.6, Python 3.5 and Python 2.7 running in a single container. Optionally using Alpine Linux. This Docker image allows you to create Flask web applications in Python that run with uWSGI and Nginx in a single container.

ngx_devel_kit - Nginx Development Kit - an Nginx module that adds additional generic tools that module developers can use in their own modules

  •    C

The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. It has functions and macros to deal with generic tasks that don't currently have generic code as part of the core distribution. The NDK itself adds few features that are seen from a user's point of view - it's just designed to help reduce the code that Nginx module developers need to write.

nchan - Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE), powered by Nginx

  •    C

Nchan is a scalable, flexible pub/sub server for the modern web, built as a module for the Nginx web server. It can be configured as a standalone server, or as a shim between your application and hundreds, thousands, or millions of live subscribers. It can buffer messages in memory, on-disk, or via Redis. All connections are handled asynchronously and distributed among any number of worker processes. It can also scale to many Nginx servers with Redis. Messages are published to channels with HTTP POST requests or Websocket, and subscribed also through Websocket, long-polling, EventSource (SSE), old-fashioned interval polling, and more.

Netnice Module for Firewall Builder

  •    C++

We have just released a new set of files. This project will consist of a module for Firewall Builder. This module will be an add-on to Firewall Builder that will allow a user to create, compile, and apply firewall rules to a machine with Netnice Packe

tengine - A distribution of Nginx with some advanced features

  •    C

Tengine is a web server originated by Taobao, the largest e-commerce website in Asia. It is based on the Nginx HTTP server and has many advanced features. Tengine has proven to be very stable and efficient on some of the top 100 websites in the world, including taobao.com and tmall.com.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.