Naxsi是一个开放源代码、高效、低维护规则的Nginx web应用防火墙模块。Naxsi的主要目标是帮助人们加固他们的web应用程序,以抵御SQL注入、跨站脚本、跨域伪造请求、本地和远程文件包含漏洞。
目前,Naxsi更新至0.41版,主要改变如下:
* Feature: added support for FILE_EXT. We can now control file uploads names/extensions as well.
* Added a rule for FILE_EXT into naxsi_core.rules
* Added unit testing for FILE_EXT feature
* Fixed erroneous log messages
* Fixed an error on whitelist of types $URL:xxx|URL
工具下载:http://code.google.com/p/naxsi/downloads/list