• WordPress
  • cPanel
  • Softaculous
  • KVM Virtualization
  • Vmware Virtualization
  • Proxmox
Monday, May 12, 2025
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
No Result
View All Result
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux

How to Install and Configure NAXSI on Rocky Linux

in Rocky Linux
How to Install and Configure NAXSI on Rocky Linux

As web applications become more sophisticated, they are also becoming more susceptible to various types of cyberattacks. This is where NAXSI (Nginx Anti XSS & SQL Injection) comes into play. NAXSI is a powerful open-source web application firewall (WAF) for Nginx that helps protect your applications from common web threats, such as cross-site scripting (XSS) and SQL injection attacks. In this tutorial, we will walk you through the steps of how to install and configure NAXSI on Rocky Linux.

Table of Contents

  1. Prerequisites
  2. Install Nginx
  3. Install and Configure NAXSI
  4. Configure Nginx with NAXSI
  5. Testing NAXSI
  6. Allowlisting Rules
  7. Conclusion

How to Install and Configure NAXSI on Rocky Linux

Prerequisites

Before you begin, make sure you have the following:

  • A Rocky Linux system with root access or a user with sudo privileges
  • Nginx installed on Rocky Linux
  • Basic knowledge of Nginx configuration

Install Nginx on Rocky Linux

If you haven’t already, install Nginx by following the steps in our Nginx installation guide for Rocky Linux.

Install and Configure NAXSI on Rocky Linux

First, we need to install the NAXSI module for Nginx. It’s available from the EPEL repository, so we’ll install the EPEL repository first:

sudo dnf install epel-release -y

Next, install the NAXSI module:

sudo dnf install nginx-module-naxsi -y

Now that NAXSI is installed, we need to enable the module in the Nginx configuration. Open the /etc/nginx/nginx.conf file using your favorite text editor:

sudo nano /etc/nginx/nginx.conf

Add the following line at the beginning of the file:

load_module modules/ngx_http_naxsi_module.so;

Save and close the file.

Configure Nginx with NAXSI on Rocky Linux

To configure Nginx with NAXSI, we need to create a new Nginx configuration file:

sudo nano /etc/nginx/conf.d/naxsi.conf

Add the following lines to the file:

# Basic NAXSI rules
include /usr/share/nginx/modules/naxsi_core.rules;

# Nginx server configuration
server {
    listen       80;
    server_name  your_domain.com;
    root         /usr/share/nginx/html;

    # NAXSI configuration
    include /etc/nginx/naxsi.rules;

    location / {
        try_files $uri $uri/ =404;
    }

    error_page  418 = @naxsi_rules;
    location @naxsi_rules {
        return 403;
    }
}

Replace your_domain.com with your domain name. Save and close the file.

Create the NAXSI rules file:

sudo nano /etc/nginx/naxsi_core.rules

Configure NAXSI for your domain

Now that NAXSI is installed, we need to configure it for your domain. Edit the Nginx configuration file for your domain:

sudo nano /etc/nginx/conf.d/your_domain.com.conf

Add the following lines within the server block to enable NAXSI:

include /etc/nginx/naxsi_core.rules;

location /RequestDenied {
  return 403;
}

error_log /var/log/nginx/naxsi_error.log;

location / {
  SecRulesEnabled;
  DeniedUrl "/RequestDenied";
  include /etc/nginx/naxsi_whitelist.rules;
}

Save and close the file. Test the Nginx configuration for any errors:

sudo nginx -t

If the configuration is correct, restart Nginx:

sudo systemctl restart nginx

Monitor and adjust NAXSI rules

NAXSI logs blocked requests in the /var/log/nginx/naxsi_error.log file. Regularly monitor this file to identify any false positives and adjust the NAXSI rules accordingly:

sudo tail -f /var/log/nginx/naxsi_error.log

Create custom Allowlist

In some cases, you might need to create custom Allowlists for specific applications or parts of your website. You can do this by creating a separate Allowlist file for each application or section:

sudo nano /etc/nginx/naxsi_whitelist_app1.rules

Add your custom rules to the file, save, and close it. Then, include this file in your Nginx configuration:

location /app1 {
  SecRulesEnabled;
  DeniedUrl "/RequestDenied";
  include /etc/nginx/naxsi_whitelist.rules;
  include /etc/nginx/naxsi_whitelist_app1.rules;
}

Remember to test and restart Nginx after making any changes.

Conclusion

In this guide, we’ve covered how to install and configure NAXSI on Rocky Linux. By following these steps, you can significantly improve the security of your web applications against various web attacks. Don’t forget to monitor and adjust your NAXSI rules regularly to ensure optimal protection.

For more useful guides on how to secure and optimize your Rocky Linux server, check out our articles on how to install and configure Fail2Ban, how to set up a RabbitMQ server, and how to install and configure Logrotate.

ShareTweet
Previous Post

How to Install and Configure ModSecurity on Rocky Linux

Next Post

How to Install and Configure FreeIPA on Rocky Linux

Related Posts

How to Install and Configure OpenVAS on Rocky Linux

How to Install and Configure OpenVAS on Rocky Linux

How to Install and Configure Nikto on Rocky Linux

How to Install and Configure Nikto on Rocky Linux

Set up FreeIPA on Rocky Linux

How to Install and Configure FreeIPA on Rocky Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Golden Host VPS
  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.

  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.