MyBB Community Forums

MyBB Community Forums > 1.8 Support > Security Management and Support > Proper rules for MyBB and NAXSI WAF
Full Version: Proper rules for MyBB and NAXSI WAF
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Lunorian

2017-05-16, 12:20 AM
So I'm curious as to what ruleset you are using for MyBB with the NGINX NAXSI WAF. This kind of documentation will be very helpful for security concerned MyBB Forum Owners. Even if you aren't running any known vulnerable code running a WAF will help mitigate some of those risks. That being said should the rules be stricter, less stict? Let me know Smile

Current Config:

Quote:#LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied";

## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
MyBB Community Forums > 1.8 Support > Security Management and Support > Proper rules for MyBB and NAXSI WAF