security - Security Blog

security

A collection of 3 posts

Install NGINX with ModSecurity on Debian 11 (Bullseye)

Install NGINX with ModSecurity on Debian 11 (Bullseye)

Recently I decided to switch from NAXSI Web Application Firewall to ModSecurity. Not that I was unhappy with NAXSI - in opposite - everything went smooth. But NAXSI receives little support from the open source community. So I decided to go with the quasi standard. With this blog post I

Configuring NAXSI (WAF)

Configuring NAXSI (WAF)

in my previous post [https://www.error.ch/securing-your-webapp-with-nginx-and-naxsi-on-debian-10-buster/] the installation of NGINX and NAXSI was described. After successful installation it is time to start the configuration. as a first step copy core rules, to Nginx config directory. Configring NGINX sudo /src/naxsi-0.56/naxsi_config/naxsi_core.rules /etc/

Securing your WebApp with NGINX and NAXSI on Debian 10 (buster)

Securing your WebApp with NGINX and NAXSI on Debian 10 (buster)

This website is running the free version of Ghost CMS [https://ghost.org/]. To increase the security of the website a NGINX reverse proxy including NAXSI web application firewall (WAF) is used. NAXSI (NGINX Anti XSS & SQL Injection) is a free, third-party NGINX module which complements the webserver with security