@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
              =@@@@
              @@@@
             @@@@
            @@@@              @@@@
           @@@@                @@@@@
          @@@@@                 @@@@@
         @@@@@                   @@@@@
        :@@@@                     *@@@@
        @@@@     :@@@@@@@@@@@@@@@@@@@@@@
  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  @@@@@@@@@@@@@@@@=                   @@@@
                                       @`

              [deroad's  blog]
                   [home]

# 2020-09-24 | Naxsi 1.1 and 1.1a security update
{}

  Well after almost 2 years i decided to take under my arm naxsi and give it a bit of 
  love.

  Before everything, a big thank you to 0xflotus marcinguy and squedgy for their PRs.

  I have re-formatted the code and added some checks where needed.

  The repository have received multiple PRs that needed/wanted to add some cool new
  features.

  I fixed several issues related to memory leaks, wrong encoding, etc.., i also have
  updated the version of libinjection to 3.9.2 (commit: 991433e7).

  I have also released the deb packages of the following distros:

  - debian: bullseye, buster, sid, stretch
  - ubuntu: bionic, focal

  You can use these packages in a configuration that can look like this:


  http {
    access_log /tmp/logs_access.log;
    error_log  /tmp/logs_error.log;
  
    default_type      text/plain;
    keepalive_timeout 68;
  
    # include naxsi_core.rules
    include /usr/share/naxsi/naxsi_core.rules;
  
    server {
      listen               1984;
      server_name          'localhost';
      client_max_body_size 30M;
  
      location / {
        # include learning/blocking mode
        include /usr/share/naxsi/naxsi_learning_mode.conf;
  
        # adding extra naxsi rules here:
        include /usr/share/naxsi/rules/wordpress.rules;
  
        root /var/www/html/;
        index index.html index.htm;
      }
  
      # include where naxsi should send a blocked request.
      include /usr/share/naxsi/naxsi_denied_url.conf;
      # End server config.
    }
  }


  One last point regarding version 1.1a (security update).

  I have patched some security vulnerabilities reported by Synacktiv which impacts Naxsi.
  These vulnerabilities are quite simple to exploit and can impact the security of the
  web application that you might want to secure via Naxsi.

  You can find below a link to the full report that explains all the vulnerabilities and
  how to exploit them.
{}

# References:
  NBS-System Naxsi - version 1.1a (security update)
  https://github.com/nbs-system/naxsi/releases/tag/1.1a
  https://www.synacktiv.com/publications/bypassing-naxsi-filtering-engine.html

  NBS-System Naxsi - version 1.1 (ignore this version)
  https://github.com/nbs-system/naxsi/releases/tag/1.1