1

I'm looking for software that will monitor all https request coming through our proxy server.

We currently use nginx that proxies to our application servers.

Ideally, the solution will sit between nginx and the application servers.

More importantly, we're looking for the software to be able to whitelist query parameters, stripping any extra parameters from request and ordering parameters so requests can be cache more effectively.

Some other things it'd be nice to do would be to detect and reject sql injection, malicious urls, handle custom block rules, rate limiting POST requests would be nice, etc--http request sanitizer and security tool.

vangheem
  • 149
  • 1
  • 4
  • You did not tell us where you are terminating the HTTPS connection (at nginx or at application server). If you are termination HTTPS connection at application sever, I don't think you can do much of this on nginx, because you will see only encrypted data. – Khaled Apr 28 '12 at 10:59
  • Nginx will be decrypting all https traffic before it gets to the application servers. – vangheem Apr 28 '12 at 15:25

1 Answers1

1

You might want to take a look at modsecurity.

Oliver
  • 5,973
  • 24
  • 33
  • Do you know if modsecurity inspect query parameters, orders them and allows you to setup a whitelist for them? – vangheem Apr 28 '12 at 15:43
  • modsecurity is basically a layer 7 firewall. It has full access to all HTTP-related parameters (also query parameters) and should be exactly what you are looking for. – Oliver Apr 28 '12 at 18:38
  • So I'd be running another server with apache that nginx would proxy to? It seems if I were to go that route, I'd be better off with https://www.owasp.org/index.php/OWASP_NAXSI_Project -- I don't see any information from either project on query parameter normalization though and the documentation for modsecurity is pretty bad so I can't easily understand how I'd implement it myself. – vangheem Apr 28 '12 at 19:14