{"id":15064675,"url":"https://github.com/cloudrhinoltd/nginx-ingress","last_synced_at":"2026-03-01T04:36:40.200Z","repository":{"id":254666348,"uuid":"847189189","full_name":"cloudrhinoltd/nginx-ingress","owner":"cloudrhinoltd","description":"An advanced NGINX WAF module for robust web security","archived":false,"fork":false,"pushed_at":"2024-08-29T03:21:47.000Z","size":97004,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-05-30T03:37:21.841Z","etag":null,"topics":["cloudrhino","ingress-controller","kubernetes","nginx","security","security-automation","waf"],"latest_commit_sha":null,"homepage":"https://cloudrhino.netlify.app/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudrhinoltd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-25T05:29:19.000Z","updated_at":"2024-08-28T20:21:46.000Z","dependencies_parsed_at":"2024-08-25T07:50:02.108Z","dependency_job_id":"24fab149-44d8-4fd4-93ac-a373061b37f4","html_url":"https://github.com/cloudrhinoltd/nginx-ingress","commit_stats":null,"previous_names":["cloudrhinoltd/nginx-ingress"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/cloudrhinoltd/nginx-ingress","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudrhinoltd%2Fnginx-ingress","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudrhinoltd%2Fnginx-ingress/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudrhinoltd%2Fnginx-ingress/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudrhinoltd%2Fnginx-ingress/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudrhinoltd","download_url":"https://codeload.github.com/cloudrhinoltd/nginx-ingress/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudrhinoltd%2Fnginx-ingress/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29960253,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T01:47:18.291Z","status":"online","status_checked_at":"2026-03-01T02:00:07.437Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudrhino","ingress-controller","kubernetes","nginx","security","security-automation","waf"],"created_at":"2024-09-25T00:24:17.639Z","updated_at":"2026-03-01T04:36:40.181Z","avatar_url":"https://github.com/cloudrhinoltd.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# ngx-waf-ingress-controller\n\n`ngx-waf-ingress-controller` is a custom NGINX-based ingress controller with an integrated Web Application Firewall (WAF) for Kubernetes clusters. Built on the latest Ubuntu 24.04 base, this ingress controller provides enhanced security, modern features, and robust protection against a wide range of web-based threats. It is designed to meet the demands of secure and scalable Kubernetes environments.\n\n## Status\n\nThis project is production-ready.\n\n## Table of Contents\n\n- [Synopsis](#synopsis)\n- [Description](#description)\n- [Directives](#directives)\n  - [`enable_protocol_attack`](#enable_protocol_attack)\n  - [`enable_sql_injection`](#enable_sql_injection)\n  - [`enable_xss`](#enable_xss)\n  - [`enable_rce_php_node`](#enable_rce_php_node)\n  - [`enable_session_rules`](#enable_session_rules)\n  - [`enable_general_rules`](#enable_general_rules)\n- [Installation](#installation)\n  - [Building as a Static Module](#building-as-a-static-module)\n  - [Building as a Dynamic Module](#building-as-a-dynamic-module)\n- [Enhanced Security with Latest Ubuntu 24.04 and SSL3 Libraries](#enhanced-security-with-latest-ubuntu-2404-and-ssl3-libraries)\n- [Requirements](#requirements)\n- [Building](#building)\n- [Licensing and Copyright](#licensing-and-copyright)\n- [Source Repository](#source-repository)\n- [Author](#author)\n- [See Also](#see-also)\n\n## Synopsis\n\n```nginx\nhttp {\n    server {\n        listen 80;\n        server_name localhost;\n\n        location / {\n            clrh_waf_handler;\n\n            enable_protocol_attack on;\n            enable_general_rules off;\n            enable_sql_injection off;\n            enable_xss off;\n            enable_rce_php_node off;\n            enable_session_rules off;\n        }\n\n        error_page 500 502 503 504 /50x.html;\n        location = /50x.html {\n            root html;\n        }\n    }\n}\n```\n\n## Description\n\n`ngx-waf-ingress-controller` is a powerful and flexible NGINX-based ingress controller designed to protect your Kubernetes clusters with an advanced Web Application Firewall (WAF). This controller not only manages traffic ingress but also defends against common web-based threats such as SQL Injection, Cross-Site Scripting (XSS), Remote Command Execution (RCE), and more.\n\n### Key Features\n\n- **Advanced Threat Protection:** Integrated WAF with customizable rules to protect against a variety of web-based attacks.\n- **Modern Security:** Built on the latest Ubuntu 24.04 with the latest SSL3 libraries, ensuring up-to-date security features and compliance.\n- **High Performance:** Optimized for performance in cloud-native environments with support for modern web technologies.\n- **Scalable Architecture:** Easily scales to meet the demands of growing Kubernetes environments.\n\n## Directives\n\n### `enable_protocol_attack`\n- **Syntax:** `enable_protocol_attack on | off;`\n- **Default:** `off`\n- **Context:** `http, server, location`\n- **Description:** Enables or disables protocol attack protection.\n\n### `enable_sql_injection`\n- **Syntax:** `enable_sql_injection on | off;`\n- **Default:** `off`\n- **Context:** `http, server, location`\n- **Description:** Enables or disables SQL injection protection.\n\n### `enable_xss`\n- **Syntax:** `enable_xss on | off;`\n- **Default:** `off`\n- **Context:** `http, server, location`\n- **Description:** Enables or disables Cross-Site Scripting (XSS) protection.\n\n### `enable_rce_php_node`\n- **Syntax:** `enable_rce_php_node on | off;`\n- **Default:** `off`\n- **Context:** `http, server, location`\n- **Description:** Enables or disables Remote Command Execution (RCE) protection for PHP and Node.js environments.\n\n### `enable_session_rules`\n- **Syntax:** `enable_session_rules on | off;`\n- **Default:** `off`\n- **Context:** `http, server, location`\n- **Description:** Enables or disables session management rules.\n\n### `enable_general_rules`\n- **Syntax:** `enable_general_rules on | off;`\n- **Default:** `on`\n- **Context:** `http, server, location`\n- **Description:** Enables or disables general security rules.\n\n## License\n\nThis project is licensed under the Apache License 2.0. Note that the `ngx-waf-protect` module contains specific directives that are dual-licensed:\n\n- **Apache License 2.0:** Applies to the following directives:\n  - `enable_protocol_attack`\n  - `enable_general_rules`\n- **Enterprise License:** Required for the following directives:\n  - `enable_sql_injection`\n  - `enable_xss`\n  - `enable_rce_php_node`\n  - `enable_session_rules`\n\n## Installation\n\n### Building as a Static Module\n\nTo build `ngx-waf-ingress-controller` as part of a custom NGINX build:\n\n1. Clone the repository:\n   ```bash\n   git clone https://github.com/cloudrhinoltd/ngx-waf-protect.git\n   cd ngx-waf-protect\n   ```\n\n2. Download and extract the NGINX source code:\n   ```bash\n   wget 'http://nginx.org/download/nginx-1.27.1.tar.gz'\n   tar -xzvf nginx-1.27.1.tar.gz\n   cd nginx-1.27.1\n   ```\n\n3. Configure and build NGINX with the `ngx-waf-ingress-controller` module:\n   ```bash\n   ./configure --prefix=/opt/nginx                --with-http_ssl_module                --add-module=/path/to/ngx-waf-protect\n   make -j$(nproc)\n   make install\n   ```\n\n### Building as a Dynamic Module\n\nStarting with NGINX 1.9.11, `ngx-waf-ingress-controller` can also be built as a dynamic module:\n\n1. Follow steps 1 and 2 above.\n\n2. Configure NGINX with `--add-dynamic-module`:\n   ```bash\n   ./configure --prefix=/opt/nginx                --with-http_ssl_module                --add-dynamic-module=/path/to/ngx-waf-protect\n   make -j$(nproc)\n   make install\n   ```\n\n3. Load the module in `nginx.conf`:\n   ```nginx\n   load_module /path/to/modules/ngx_waf_protect.so;\n   ```\n\n## Enhanced Security with Latest Ubuntu 24.04 and SSL3 Libraries\n\nThe NGINX Ingress Controller image is built on the latest Ubuntu 24.04 base, ensuring that it leverages the most up-to-date and secure operating system environment. This modern foundation is particularly beneficial for security-sensitive applications, as it includes the most recent security patches and performance improvements.\n\nFurthermore, the image utilizes the latest SSL3 libraries, which are part of OpenSSL 3.0, offering enhanced security features and better protection against vulnerabilities compared to older versions. OpenSSL 3.0 introduces a more modular design, improved cryptographic algorithms, and stricter compliance with modern security standards, making it an excellent choice for environments where secure communication is paramount.\n\nBy adopting the latest Ubuntu release and SSL3 libraries, the NGINX Ingress Controller image is well-equipped to handle current and emerging security challenges, providing robust and reliable protection for your web applications.\n\n## Requirements\n\nTo build `ngx-waf-ingress-controller`, you need the following:\n\n- **C++ Compiler:** Ensure that gcc or clang is installed.\n- **NGINX Source Code:** Download from nginx.org.\n- **Build Tools:** `make`, `autoconf`, and `libtool`.\n- **OpenSSL:** Required for SSL support in NGINX.\n- **PCRE:** Required for regex support in NGINX.\n\n## Building\n\nTo build `ngx-waf-ingress-controller`, use the provided build script:\n\n```bash\n./scripts/build.sh\n```\n\nThis script will download and compile all necessary dependencies and build the custom NGINX with the `ngx-waf-ingress-controller` module integrated.\n\n## Licensing and Copyright\n\n```text\nCopyright (C) 2024 Cloud Rhino Pty Ltd\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\nThis project contains parts under a dual-license:\nOnly the 'enable_protocol_attack' and 'enable_general_rules' features are\ncovered by the Apache 2.0 License, other features require a commercial license.\n\nGitHub Repo: https://github.com/cloudrhinoltd/ngx-waf-protect\nContact Email: cloudrhinoltd@gmail.com\n```\n\n## Source Repository\n\nAvailable on GitHub at [cloudrhinoltd/ngx-waf-protect](https://github.com/cloudrhinoltd/ngx-waf-protect).\n\n## Author\n\nCloud Rhino Pty Ltd  \n[cloudrhinoltd@gmail.com](mailto:cloudrhinoltd@gmail.com)\n\n## See Also\n\n- [NGINX](https://nginx.org/)\n- [OpenSSL](https://www.openssl.org/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudrhinoltd%2Fnginx-ingress","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudrhinoltd%2Fnginx-ingress","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudrhinoltd%2Fnginx-ingress/lists"}