NAXSI

NAXSI, or Nginx Anti XSS & SQL Injection, is designed to protect NGINX fronted web applications from common vulnerabilities such as cross-site scripting (XSS) and SQL injection. This third-party Nginx module operates by default on a set of simple, readable rules that match known patterns involved in website vulnerabilities, such as the presence of characters like <, |, or ' in URIs.

Technically, NAXSI functions as a DROP-by-default firewall, requiring administrators to add specific ACCEPT rules to whitelist legitimate traffic. This approach is distinct from traditional Web Application Firewalls (WAFs) that rely on signature-based detection, making NAXSI less vulnerable to unknown attack patterns. The module supports various formats, including JSON and multipart/form-data, though it has been noted to have vulnerabilities in these areas, such as the lack of null byte checks in JSON parsing. It uses libpcre for regular expression support.

Operationally, NAXSI can be configured in learning mode to automatically generate whitelisting rules based on the website's behavior, reducing the administrative burden of manual rule creation. However, this approach requires careful monitoring to ensure that legitimate traffic is not mistakenly blocked. The module is compatible with various UNIX-like platforms, including NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu, and CentOS.

Despite its effectiveness, NAXSI's development has been halted, and users are advised to transition to the actively maintained repository at https://github.com/wargio/naxsi for continued support and updates.