We need your help

Please perform this little feedback survey, 2 minutes of your time, great help for us : https://docs.google.com/spreadsheet/viewform?formkey=dG9UWDFuTEhiWWt4UF9fZEtwWFVJUlE6MQ

News

May 4th : Naxsi 0.46 is out ! New web interface for nx_extract !
Apr 26th 2012 : Take a look at my/naxsi's blog : blog.memze.ro
Apr 18th 2012 : Naxsi 0.45 is out ! new |NAME target, learning daemon can learn from log files, as well as multi target for rules.
Apr 18th 2012 : Naxsi is now into debian/ubuntu repositories
Apr 2nd 2012 : Naxsi is now into debian sid repositories
March 20th 2012 : Naxsi 0.44. New learning daemon, core untouched. Whole new learning daemon: harder, stronger, faster !
March 8th 2012 : Naxsi 0.43-1. This is a fix for application/x-www-form-urlencoded parsing issue.
February 7th 2012 : 0.43 released, based upon current SVN.
January 6th 2012 : What's coming next ? Your call ! YouChooseWeCode
December 29th 2011 : Naxsi integrated into official FreeBSD ports tree ! (http://bit.ly/sQZffP)
December 28th 2011 : HttpConfigPy had an awesome upgrade : multi-site support, and less eye bleeding interface, give it a try (in trunk only)
December 26th 2011 : Naxsi 0.42 is now current testing, please provide feedback ! (you can see changelog in download notes !)
December 20th 2011 : naxsi got a new logo for xmas !
November 7th 2011: Naxsi 0.41 released. Uploaded file names and extensions control
October 25th 2011: Follow us on Twitter: http://twitter.com/#!/NAXSI_WAF
October 6th 2011: New Nginx 1.0.8 Debian stable package featuring Naxsi 0.4-alpha
September 13th 2011: Nginx Debian stable package featuring Naxsi 0.2-alpha
September 2nd 2011: Naxsi is now an official OWASP Project!
July 28th 2011: Naxsi project official launch, 0.1-alpha release

What is Naxsi?

Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the famous web server and reverse-proxy.

Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions.

The difference with most WAF (Web Application Firewalls) out there is that it does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments.

Each kind of unusual character will increase the score of the request. If the request reaches a score considered "too high", the request will be denied, and the user will be redirected to a "forbidden" page. Yes, it works somewhat like a spam system.

Why it is different?

Because it works on a learning mode (read white list). Set the module in learning mode, crawl your site, and it will generate the necessary white lists to avoid false positives! Naxsi doesn't rely upon pre-defined signatures, so it should be capable to defeat complex/unknown/obfuscated attack patterns.

Performance reviews

We need you !