NAXSI is a Web Application Firewall (WAF). Naxsi doesn't rely on a signature base like an antivirus, and thus cannot be circumvented by an "unknown" attack pattern. Here are some notes on how to compile, install and configure NAXSI:

Download

The latest version of NAXSI can be found at: https://github.com/wargio/naxsi

git clone --recurse-submodules https://github.com/wargio/naxsi.git

Identify your version of NGINX:

sudo -y yum install nginx

sudo nginx -v
nginx version: nginx/1.20.1

Use this to download the matching NGINX source code:

wget --no-clobber -O nginx.tar.gz "https://nginx.org/download/nginx-1.20.1.tar.gz"
mkdir nginx-source
tar -C nginx-source -xzf nginx.tar.gz --strip-components=1
cd nginx-source

We must compile nginx with the same arguments as you had previously configured Nginx with, to do that use -V attribute to get the list.

nginx -V
[jeff@nginx nginx-source]$ nginx -V
nginx version: nginx/1.20.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44.0.3) (GCC) 
built with OpenSSL 1.1.1k  FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx ...

Compile

Configure the make files using the above arguments:

CFLAGS="-Wno-error" ./configure --add-dynamic-module=../naxsi/naxsi_src [configure arguments]
make
sudo make install

Install

Modify /etc/nginx.conf

At the top of the file, add:

load_module /usr/lib64/nginx/modules/ngx_http_naxsi_module.so;

Inside the http bracket (config), include the 'naxsi_core.rules' that comes with NAXSI.

Also create your own custom whitelist set of rules. (More on this below.)

http {

include /etc/nginx/naxsi_core.rules;
include /etc/nginx/naxsi_whitelist.rules;

In your server config, include some naxsi.rules:

        location / {
          include /etc/nginx/naxsi.rules;

The naxsi.rules should look like this:

#LearningMode;
SecRulesEnabled;
DeniedUrl "/404.html";

## Check Naxsi rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

Enable LearningMode to discover which rules you would like to add to your 'naxsi_whitelist.rules'.

LearningMode will log the errors, but enforce the rule. By testing the website, you can eventually 'learn' which rules need to be whitelisted.

Look in the NGINX error_log: /var/log/nginx/error.log

Here's an example of naxsi_whitelist.rules: https://github.com/nbs-system/naxsi/wiki/whitelists-examples

BasicRule wl:1001 "mz:HEADERS";
BasicRule wl:1000 "mz:$URL:/select|ARGS";
BasicRule wl:1315 "mz:URL";
BasicRule wl:12   "mz:ARGS";
BasicRule wl:16   "mz:BODY";

Errors

Missing Libraries

Here are some solutions to common errors I encounter:

#You may need to enable the EPEL repository

sudo dnf group install -y "Development Tools"
sudo dnf -y install pcre-devel
sudo dnf -y install openssl-devel
sudo dnf -y install libxslt-devel
sudo dnf -y install gd-devel
sudo dnf -y install perl-ExtUtils-Embed
sudo dnf -y install google-perftools-devel
sudo dnf -y install libnsl2-devel

Disable Warnings as Errors

cc1: all warnings being treated as errors

Place the CFLAGS option in front of the configure command:

CFLAGS=-Wno-error ./configure --add-dynamic-module=../naxsi/naxsi_src [configure arguments]

Undefined Symbol 'libinjection_xss'

This one drove me up the wall.

[root@xwiki nginx]# nginx -t

nginx: [emerg] dlopen() "/usr/lib64/nginx/modules/ngx_http_naxsi_module.so" failed (/usr/lib64/nginx/modules/ngx_http_naxsi_module.so: undefined symbol: libinjection_xss) in /etc/nginx/nginx.conf:13

nginx: configuration file /etc/nginx/nginx.conf test failed

Do not install the system packages 'libinjection' and 'libinjection-devel'.

sudo dnf remove libinjection libinjection-devel

NAXSI comes with libinjection as a git submodule. It will use that instead when compiling.