Enhanced nginx Security Module

Directory

1. What is sengworkflow?
2. Why do we need to build a sengworkflow project?
3. What additional functions are provided relative to the standard nginxseng.pdf?

What is sengworkflow?

Sengced is a variant of the reverse proxy and Web server software nginx. SE in sengced is short for Security Enhanced, that is, Security enhancement.

Sengworker adds a Web security module development framework on nginx and develops several Web Security Modules Based on this framework. The main purpose is to enhance the security features of nginx, this makes it easier for users to use these security features. In addition to various self-developed Web security modules, seng.pdf also integrates multiple third-party open-source security modules, including ModSecurity.

Why do we need to build a sengbench project?

Currently, nginx mainly focuses on reverse proxy and Web servers. Web security-related features are lacking, and nginx does not have a complete framework for developing Web security features. Currently, third-party security modules based on nginx, such as ModSecurity, naxsi, and Roboo, are isolated from each other and cannot be centrally scheduled and managed. For example, if both naxsi and ModSecurity are installed, it is difficult to adjust their execution order at will.

Therefore, we have added a development framework in nginx, which provides APIs for developers of third-party modules. We have also developed some Web security features, including the dynamic blacklist mechanism and anti-malicious robot access. In addition, we will also provide some open-source third-party modules, such as naxsi, modSecurity and so on are integrated into this framework.

Sengworker provides a superset of nginx's original features. We perform secondary development based on nginx and synchronize it with the main nginx code. That is to say, all the features of nginx, sengbench, are available, and the functions and usage methods are not changed. Sengworker does not intend to replace nginx, but uses nginx as an excellent basic platform to enhance its security functions. Sengbench provides additional options for users. When users need to use some security functions on nginx, they can choose to add multiple security modules on standard nginx, you can also directly use sengbench to provide multiple security features. We believe that using sengbench is a more convenient method.

Compared with standard nginx, what additional functions does sengbench provide?

Sengidea provides a variety of Web security features. Currently, only the following features are developed and integrated:

Development Framework:

1. Security function development framework
2. Session Mechanism

Security features:

1. Dynamic blacklist based on session mechanism
2. Robot mitigation
3. Integrate third-party naxsi
4. Integrate third-party ModSecurity

Others:

1. Add the if command of the rewrite Module

Http://www.senginx.org/cn/index.php/%E9%A6%96%E9%A1%B5