2017-05-16, 12:20 AM
So I'm curious as to what ruleset you are using for MyBB with the NGINX NAXSI WAF. This kind of documentation will be very helpful for security concerned MyBB Forum Owners. Even if you aren't running any known vulnerable code running a WAF will help mitigate some of those risks. That being said should the rules be stricter, less stict? Let me know
Current Config:
Current Config:
Quote:#LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;