LibInjectionXss
The `LibInjectionXss` directive activates the Anti-XSS and SQL injection mechanisms of the NAXSI module to protect web applications.
Description
The LibInjectionXss directive is a security feature provided by the NAXSI (Nginx Anti XSS & SQL Injection) module, designed to help mitigate cross-site scripting (XSS) and SQL injection attacks. When enabled, this directive activates a series of predefined rules that analyze incoming requests for patterns commonly associated with these types of exploits. The module operates by examining the URI and body of the HTTP request, matching it against known attack signatures such as illegal characters or malformed input. Any requests that are deemed suspicious can be blocked or logged for further analysis.
The directive does not require any additional parameters and is straightforward to use. When included in the http, server, location, or limit_except context, it initiates the anti-XSS and SQL injection mechanisms, effectively setting up a firewall-like behavior that is DROP-by-default, meaning that any potentially harmful requests will be denied unless explicitly whitelisted. This creates a safe environment where normal web application behavior can be preserved while dangerous requests are filtered out.
To achieve optimal results, administrators are encouraged to combine LibInjectionXss with an initial learning phase where legitimate request patterns are identified and added to the whitelist. This proactive approach minimizes false positives and ensures that valid traffic is not unintentionally blocked while still providing robust security against threats.
Config Example
http {
LibInjectionXss;
server {
location / {
# additional configuration
}
}
}Ensure that legitimate requests do not get blocked by analyzing the logs after enabling this directive.
Whitelisting valid patterns is essential; otherwise, it might disrupt normal operations of web applications.