Closed mhf-ir closed 11 months ago
yes, definitely agree with you and it would be cool do this, but keep in mind that this would kill perfs.
Yeas you're right but in some cases needed even the performance affected. Naxi is awesome during our testing but in File uploading need some feature. Even integration with anti maleware. In some cases one of the requirement of Web layer protection.
if your framework is written in php i suggest to try https://github.com/jvoisin/snuffleupagus
No i use nginx as front of other nginx and node.js/golang and might be PHP application. I think about general solution is the point for Naxi as WAF.
if request type is multipart/form-data
=> iterate files
=> get libmagic
=> check with naxi rules
How about using file for detect acctual mime type of file? https://github.com/file/file naxi block extension but if we uload binary exe file with .png extenstion?