source "package/nginx/Config.in"
if BR2_PACKAGE_NGINX
menu "External nginx modules"
+ source "package/nginx-naxsi/Config.in"
source "package/nginx-upload/Config.in"
endmenu
endif
--- /dev/null
+config BR2_PACKAGE_NGINX_NAXSI
+ bool "nginx-naxsi"
+ help
+ NAXSI means Nginx Anti XSS & SQL Injection.
+
+ Technically, it is a third party nginx module, available as
+ a package for many UNIX-like platforms. This module, by
+ default, reads a small subset of simple (and readable) rules
+ containing 99% of known patterns involved in website
+ vulnerabilities. For example, <, | or drop are not supposed
+ to be part of a URI.
+
+ Being very simple, those patterns may match legitimate
+ queries, it is the Naxsi's administrator duty to add
+ specific rules that will whitelist legitimate
+ behaviours. The administrator can either add whitelists
+ manually by analyzing nginx's error log, or (recommended)
+ start the project with an intensive auto-learning phase that
+ will automatically generate whitelisting rules regarding a
+ website's behaviour.
+
+ In short, Naxsi behaves like a DROP-by-default firewall, the
+ only task is to add required ACCEPT rules for the target
+ website to work properly.
+
+ https://github.com/nbs-system/naxsi
--- /dev/null
+################################################################################
+#
+# nginx-naxsi
+#
+################################################################################
+
+NGINX_NAXSI_VERSION = 0.54
+NGINX_NAXSI_SITE = $(call github,nbs-system,naxsi,$(NGINX_NAXSI_VERSION))
+NGINX_NAXSI_LICENSE = GPLv2+ with OpenSSL exception
+NGINX_NAXSI_LICENSE_FILES = naxsi_src/naxsi_json.c
+
+$(eval $(generic-package))
NGINX_CONF_OPTS += --without-http_gzip_module
endif
+ifeq ($(BR2_PACKAGE_NGINX_NAXSI),y)
+NGINX_DEPENDENCIES += nginx-naxsi
+NGINX_CONF_OPTS += --add-module=$(NGINX_NAXSI_DIR)/naxsi_src
+endif
+
ifeq ($(BR2_PACKAGE_NGINX_HTTP_REWRITE_MODULE),y)
NGINX_DEPENDENCIES += pcre
else
projects / buildroot.git / commitdiff