I think it would be very handy if naxsi could also be configured at the server{} or even the http{} context. Currently the main settings (SecRulesEnabled, LearningMode, DeniedUrl, CheckRule) are limited to the location{} context.
It would make it much easier to enable naxsi for a whole vhost/domain including all subdirs and locations, instead of having to alter each location{} block manually. If someone still requires more granular control, for example within the location{} context, nginx's inheritance model is perfectly fine for this job.
I'd assumed that the naxsi_flag_enable and naxsi_flag_learning flags at the server{} level already did this (I realised they didn't after testing), so it would be good to add a note to the wiki.
I think it would be very handy if naxsi could also be configured at the server{} or even the http{} context. Currently the main settings (
SecRulesEnabled
,LearningMode
,DeniedUrl
,CheckRule
) are limited to the location{} context.It would make it much easier to enable naxsi for a whole vhost/domain including all subdirs and locations, instead of having to alter each location{} block manually. If someone still requires more granular control, for example within the location{} context, nginx's inheritance model is perfectly fine for this job.
Thanks