nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Allowing the configuration of naxsi within the server{} context #422

Closed d307473 closed 11 months ago

d307473 commented 6 years ago

I think it would be very handy if naxsi could also be configured at the server{} or even the http{} context. Currently the main settings (SecRulesEnabled, LearningMode, DeniedUrl, CheckRule) are limited to the location{} context.

It would make it much easier to enable naxsi for a whole vhost/domain including all subdirs and locations, instead of having to alter each location{} block manually. If someone still requires more granular control, for example within the location{} context, nginx's inheritance model is perfectly fine for this job.

Thanks

jaygooby commented 6 years ago

I'd assumed that the naxsi_flag_enable and naxsi_flag_learning flags at the server{} level already did this (I realised they didn't after testing), so it would be good to add a note to the wiki.

RekGRpth commented 3 years ago

https://github.com/nbs-system/naxsi/issues/560