Skip to content

dtomcej/docker-naxsi-waf-with-ui

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

docker-naxsi-waf-with-ui

#About Ubuntu based Naxsi web application firewall.

NAXSI means Nginx Anti Xss & Sql Injection. It's a Web Application Firewall who allows only whitelisted requests, is open-source, with high performance and low rules maintenance.

In short, Naxsi behaves like a DROP-by-default firewall, the only job needed is to add required ACCEPT rules for the target website to work properly. This whitelist can be automatically generated by naxsi-ui.

This Docker container work as a Nginx proxy, use it in front of your WebApps in order to allow only authorized requests.

Naxsi UI is avaliable in port 8081, with user naxsi_web and password test. This password can be changed by passing the environment variable NAXSI_UI_PASSWORD to docker.

#Sources

Usage example

First, lauch naxsi in learning mode, who's allowed all the requests and add them to the rules. If you want later to disable LearningMode, use ``-e LEARNING_MODE=no` when running docker.

You can specify your redirect IP in the Dockerfile ENV PROXY_REDIRECT_IP or pass it to docker at runtime.

Your redirect IP should be your http frontend

Learning mode

You want to run your WAF proxy behind your 10.0.0.1. Naxi-UI is in the host on port 8081, and naxsi will not block anything (learning mode):

docker run --env PROXY_REDIRECT_IP=10.0.0.1 \
           --env NAXSI_UI_PASSWORD="your_secret_pass" \
           -p 80:80 \
           -p 8081:8081 \
           -d scollazo/naxsi-waf-with-ui

Get rules from naxsi ui

Browse to http://your_host_ip:8081/ -> Get Whitelist , and save the content local directory.

You can test your whitelists attaching them to the container:

docker run --env PROXY_REDIRECT_IP=10.0.0.1 \
           --env NAXSI_UI_PASSWORD="your_secret_pass" \
           -v <local whitelist dir>:/etc/nginx/local-config/ \
           -p 80:80 \
           -p 8081:8081 \
           -d scollazo/naxsi-waf-with-ui

Block attacks

Once you are confident with your whitelist, you can disable learning mode, and start blocking attacks with:

docker run --env PROXY_REDIRECT_IP=10.0.0.1 \
           --env NAXSI_UI_PASSWORD="your_secret_pass" \
           --env LEARNING_MODE=no \
           -v <logs dir>:/var/log/nginx/ \
           -v <local whitelist dir>:/etc/nginx/local-config/ \
          -p 80:80 \
          -p 8081:8081 \
          -d scollazo/naxsi-waf-with-ui

Your frontend website will be protected by naxsi using the whitelists you created, and log attack attempts or false positives in the naxsi ui.

Have in mind that an incomplete whitelist can render your site unusable, and a too permisive one leave it still vulnerable.

About

Ubuntu based naxsi web application firewall

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 37.4%
  • Nginx 34.6%
  • Shell 28.0%