Menu
ls111's Cybersecurity Blog
  • Home
  • Contact
ls111's Cybersecurity Blog

OPNSense – Web Application Firewall (WAF) configuration using NAXSI

Posted on October 14, 2022September 19, 2023 by wp_writer

In this video I am going to show you how to configure your OPNSense firewall as a Web Application Firewall or WAF. We will discuss the main benefits of a WAF and how it can be used to help protect your web app from common injection type attacks. OPNSense has many great plugins to enhance its abilities and in this case we are going to use the NGINX plugin to benefit from the NGINX Anti XSS & SQL Injection module also known as NAXSI. So what are you waiting for, jump straight into the video and in less than 20mins you can have a fully functional WAF using your favorite OPNSense firewall.

P.S. – Also, please don’t forget to like and subscribe!

Links used in video:

https://www.w3schools.com/sql/sql_injection.asp

https://docs.opnsense.org/manual/how-tos/nginx_waf.html

https://github.com/digininja/DVWA

https://github.com/nbs-system/naxsi

https://owasp.org/

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Welcome to my blog! I discuss and showcase various cybersecurity topics. If you prefer to learn through watching video, please check out my YouTube channel, most of the content here also has a video version.

YouTube Channel
GitHub

Search by Category

  • Active Directory
  • Blue Team/Defensive
  • Cyber Security Lab Building Series
  • datadog
  • docker
  • Elasticsearch
  • General Cybersecurity
  • Kibana
  • Logstash
  • Network Security
  • OPNSense Firewall
  • Red Team/Pen Testing
  • SASE
  • Security Compliance
  • SIEM
  • Splunk Enterprise
  • TryHackMe Labs
  • Ubuntu Linux
  • Virtualization
  • Wazuh SIEM & XDR
  • Zenarmor NGFW

Search by Date

  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • December 2022
  • October 2022
  • September 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021

Recent Posts

  • Threat hunting made easy using the Community ID Network Flow Hashing capabilities built into Zenarmor and ELK (Elasticsearch, Logstash, and Kibana)
  • Considering migrating from pfSense to OPNsense? A guide to making your decision process easier
  • Integrating Zenarmor with Datadog – An MSSP and Business User Guide
  • How to integrate Zenarmor with Splunk Enterprise using Splunk Connect for Syslog (SC4S)
  • Integrating Zenarmor with your ELK stack (Elasticsearch, Logstash, and Kibana)

DISCLAIMER: All information, techniques and tools showcased on this website are for educational and ethical penetration testing purposes ONLY. NEVER attempt to use this information to gain unauthorized access to systems without the EXCPLICIT consent of its owners. This is a punishable offence by law in most countries.

©2025 ls111's Cybersecurity Blog | Powered by Superb Themes