Web Application Firewall

Web Application Firewall: NAXSI (means Nginx Anti XSS & SQL Injection)

Technically, it is a module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example <, | or drop are not supposed to be part of a URI.

Enable WAF:

To enable this WAF function, please edit the waf.conf file:

1. Edit the waf.conf file:

nano /vddos/conf.d/waf.conf

############################ WAF NAXSI

#### Enable of Disable:
SecRulesEnabled;
DeniedUrl "/444.html";

#### Ban after:
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

2. Restart vDDoS and check request like this:
http://your-domain.com ==> ACCEPT 200 Status!
http://your-domain.com/?a=%3C ==> DROP 444 Status!

NOTE: Get more Naxsi Rules for /vddos/naxsi_core.rules file from https://github.com/nbs-system/naxsi-rules

Block Badbots:

1. Block User-Agent Badbots & Spam Referer:

nano /vddos/conf.d/waf.conf

############################ Ban Bad Client:
if ($http_user_agent ~* "PHP|curl|Wget|HTTrack|Nmap|Verifying|PingBack|Pingdom|Joomla|Wordpress") { return 444; }
if ($http_user_agent = "") { return 444; }
if ($http_user_agent = " ") { return 444; }
if ($http_user_agent = "-") { return 444; }
if ($http_user_agent ~* "\b(proxy|hide|sock|free|check|trans|ping)\b") { return 444; }
if ($http_referer ~* "\b(hide|sock|free|check|trans|ping|speed|test)\b") { return 444; }

2. Restart vDDoS and check request like this:

[root@vDDoS ~]# curl -L http://your-domain.com

curl: (52) Empty reply from server