Closed CogumelosMaravilha closed 7 years ago
hi @CogumelosMaravilha :)
Actually, you can do both, by using LearningMode + BLOCK & DROP :
Overall, the idea is often to turn off the learning once you feel confident :) If you use kibana+nxapi, you should see spikes if the last update of your website is triggering exceptions !
Hi,
In my website I need this configuration: SecRulesEnabled; DeniedUrl "/RequestDenied";
BasicRule wl:16; BasicRule wl:1310; BasicRule wl:1311;
CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK;
But the web developers are always made changes to the code. I'm using kibana but if I get spikes I'm losing sales!
Yes, if you are using positive model but have no communication with developpers, it won't be easy to manage :) Best is to have naxsi on your Q&A env, so you can adjust the rules before migrating to production
Rules are adjusted for each site. After changed from LOG to BLOCK and with regular code changes on the website, how to know that Naxsi is not blocking legible traffic? Blocking and logging simultaneously would be awesome.