{"id":13440128,"url":"https://github.com/nbs-system/naxsi","last_synced_at":"2025-10-01T14:31:45.366Z","repository":{"id":37835909,"uuid":"2233185","full_name":"nbs-system/naxsi","owner":"nbs-system","description":"NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX","archived":true,"fork":false,"pushed_at":"2023-11-08T09:27:13.000Z","size":2048,"stargazers_count":4768,"open_issues_count":0,"forks_count":608,"subscribers_count":230,"default_branch":"master","last_synced_at":"2024-03-27T00:49:47.723Z","etag":null,"topics":["c","naxsi","nginx","waf"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nbs-system.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2011-08-19T09:48:20.000Z","updated_at":"2024-03-26T02:56:19.000Z","dependencies_parsed_at":"2024-01-06T22:30:03.401Z","dependency_job_id":"74e4a365-dd3d-47ae-8e46-8d976fb3ec3a","html_url":"https://github.com/nbs-system/naxsi","commit_stats":{"total_commits":704,"total_committers":58,"mean_commits":"12.137931034482758","dds":0.3267045454545454,"last_synced_commit":"d714f1636ea49a9a9f4f06dba14aee003e970834"},"previous_names":[],"tags_count":44,"template":false,"template_full_name":null,"purl":"pkg:github/nbs-system/naxsi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fnaxsi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fnaxsi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fnaxsi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fnaxsi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nbs-system","download_url":"https://codeload.github.com/nbs-system/naxsi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fnaxsi/sbom","scorecard":{"id":677194,"data":{"date":"2025-08-11","repo":{"name":"github.com/nbs-system/naxsi","commit":"a59462b8c2f9c2c0c0fbc3ceb287ee5d60b652c3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Code-Review","score":2,"reason":"Found 6/30 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: debian-bullseye-libnginx-mod-http-naxsi_1.3_amd64.deb.asc: https://github.com/nbs-system/naxsi/releases/tag/1.3","Info: signed release artifact: debian-bullseye-libnginx-mod-http-naxsi_1.2_amd64.deb.asc: https://github.com/nbs-system/naxsi/releases/tag/1.2","Info: signed release artifact: debian-bullseye-libnginx-mod-http-naxsi_1.1a_amd64.deb.asc: https://github.com/nbs-system/naxsi/releases/tag/1.1a","Info: signed release artifact: debian-bullseye-libnginx-mod-http-naxsi_1.1_amd64.deb.asc: https://github.com/nbs-system/naxsi/releases/tag/1.1","Info: signed release artifact: naxsi-1.0.tar.gz.asc: https://github.com/nbs-system/naxsi/releases/tag/1.0","Warn: release artifact 1.3 does not have provenance: https://api.github.com/repos/nbs-system/naxsi/releases/34058774","Warn: release artifact 1.2 does not have provenance: https://api.github.com/repos/nbs-system/naxsi/releases/33077343","Warn: release artifact 1.1a does not have provenance: https://api.github.com/repos/nbs-system/naxsi/releases/31823898","Warn: release artifact 1.1 does not have provenance: https://api.github.com/repos/nbs-system/naxsi/releases/31749431","Warn: release artifact 1.0 does not have provenance: https://api.github.com/repos/nbs-system/naxsi/releases/31055248"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T21:53:36.048Z","repository_id":37835909,"created_at":"2025-08-21T21:53:36.048Z","updated_at":"2025-08-21T21:53:36.048Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277854368,"owners_count":25889063,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-01T02:00:09.286Z","response_time":88,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","naxsi","nginx","waf"],"created_at":"2024-07-31T03:01:20.034Z","updated_at":"2025-10-01T14:31:44.996Z","avatar_url":"https://github.com/nbs-system.png","language":"C","funding_links":[],"categories":["C","Web","\u003ca id=\"0abd611fc3e9a4d9744865ca6e47a6b2\"\u003e\u003c/a\u003e工具","\u003ca id=\"946d766c6a0fb23b480ff59d4029ec71\"\u003e\u003c/a\u003e防护\u0026\u0026Defense","Modules","Third Modules","WAF for NGINX. Protect APIs, applications and microservices","其他_安全与渗透","Application Recommendation"],"sub_categories":["Web Application Firewall","\u003ca id=\"784ea32a3f4edde1cd424b58b17e7269\"\u003e\u003c/a\u003eWAF","C Modules","资源传输下载","🔒 Cybersecurity"],"readme":"![naxsi](https://raw.githubusercontent.com/nbs-system/naxsi/master/logo.png)\n\n# Project Status\n\nThis is a project status update regarding Naxsi.\n\n**As you may have noticed, the development of Naxsi has been stopped and the repository will be archived for historical reasons. This means that no new updates or bug fixes will be released for this version.**\n\nHowever, if you wish to update to newer versions of Naxsi, we recommend that you use the new repository at https://github.com/wargio/naxsi. This repository has been actively maintained and updated with new features and bug fixes.\n\nWe understand that this news may be disappointing for some of our users who have been relying on Naxsi for their web application security needs. We want to assure you that we are committed to providing the best possible solutions for your security needs and encourage you to explore our security products.\n\nThank you for your understanding and continued support.\n\n## What is Naxsi?\n\nNAXSI means [Nginx](http://nginx.org/) Anti [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29) \u0026 [SQL Injection](https://www.owasp.org/index.php/SQL_injection). \n\nTechnically, it is a third party nginx module, available as a package for\nmany UNIX-like platforms. This module, by default, reads a small subset of\n[simple (and readable) rules](https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_core.rules)\ncontaining 99% of known patterns involved in\nwebsite vulnerabilities. For example, `\u003c`, `|` or `drop` are not supposed\nto be part of a URI.\n\nBeing very simple, those patterns may match legitimate queries, it is\nthe Naxsi's administrator duty to add specific rules that will whitelist\nlegitimate behaviours. The administrator can either add whitelists manually\nby analyzing nginx's error log, or (recommended) start the project with an\nintensive auto-learning phase that will automatically generate whitelisting\nrules regarding a website's behaviour.\n\nIn short, Naxsi behaves like a DROP-by-default firewall, the only task\nis to add required ACCEPT rules for the target website to work properly.\n\n## Why is it different?\n\nContrary to most Web Application Firewalls, Naxsi doesn't rely on a\nsignature base like an antivirus, and thus cannot be circumvented by an\n\"unknown\" attack pattern.\nNaxsi is [Free software](https://www.gnu.org/licenses/gpl.html) (as in freedom)\nand free (as in free beer) to use.\n\n## What does it run on?\nNaxsi should be compatible with any nginx version.\n\nIt depends on `libpcre` for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnbs-system%2Fnaxsi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnbs-system%2Fnaxsi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnbs-system%2Fnaxsi/lists"}