You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.
We are looking for people to test it and provide feedback on it.
Usage :
By default, Libinjection (sql/xss) is disabled, it needs to be enabled at location level using one of these directives : LibInjectionSql / LibInjectionXss (or libinjection_sql / libinjection_xss in nginx style).
It can as well be dynamically enabled / disabled using :
set $naxsi_libinjection_xss 0|1;
set $naxsi_libinjection_sql 0|1;
When triggered, libinjection sql/xss will trigger internal rules :
libinjection_sql, with internal ID of 17, will increase $LIBINJECTION_SQL of 8
libinjection_xss, with internal ID of 18, will increase $LIBINJECTION_XSS of 8
If you want to add action uppon trigger, write your CheckRules on those scores ;) (as for other rules, LOG/BLOCK/DROP is allowed!)