Proper rules for MyBB and NAXSI WAF
#1
So I'm curious as to what ruleset you are using for MyBB with the NGINX NAXSI WAF. This kind of documentation will be very helpful for security concerned MyBB Forum Owners. Even if you aren't running any known vulnerable code running a WAF will help mitigate some of those risks. That being said should the rules be stricter, less stict? Let me know Smile

Current Config:

Quote:#LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied";

## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
Software Engineer specializing in C# Program Development
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)