nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Question about module order in nginx config file #441

Closed jaygooby closed 6 years ago

jaygooby commented 6 years ago

In the wiki page on compiling nginx and naxsi you mention:

IMPORTANT

You need to remember this : NGINX will decide the order of modules according the order of the module's directive in nginx's ./configure. So, no matter what (except you really know what you are doing) put naxsi first in your ./configure. If you don't do so, you might run into various problems, from random / unpredictable behaviors to non-effective WAF.

And the example shows the module coming before any other modules and nginx configure directives:

./configure --add-module=../naxsi-x.xx/naxsi_src/ [add/remove your favorite/usual options]

My question is whether it's crucial that naxsi is literally the first option to the configure script (i.e. including all other nginx configure options like --with-debug, --error-log-path) or whether it needs to be the first module before any core nginx modules like --with-http_ssl_module and --with-http_v2_module or whether it just needs to be the first third-party module?

I'm asking, because I'd like to make sure my nginx building project does the right thing.

buixor commented 6 years ago

Hi !

It doesn't have to be before nginx core modules, but ideally before third party modules :)