OPNSense - Web Application Firewall (WAF) configuration using NAXSI

I thought NAXSI was a whitelist based WAF, why would you need to download rules if it just blocks every request by default?

What does the NAT Port Forward rule look like? Currently my webapp requires a NAT port forward rule with redirect IP and then that auto-creates a WAN interface rule to allow ingress to internal IP of webapp server.
Specifically, what would I change on my NAT Port Forward rule for the Redirect IP when incorporating the nginx WAF protections. I changed the destination to 'this firewall', but for the redirect IP I do not have a 'this firewall' value and I'd like to verify if this should be the internal IP of the webapp or the WAN int IP address for nginx to pickup?

Works great except the server behind the waf is only logging the waf IP and not the actual IPs.

HI friend, I found your channel and I am fascinated, but I have a problem, I am doing a test laboratory like yours. I downloaded the DVWA ISO from VulnDB, connected it to my Vmware via DMZ, performed the same steps as you did in the video, but NAXSI does not detect attempted SQLi attacks. What could be wrong? Could you make a video explaining how to configure DVWA to integrate it with NAXSI.

i have a question

How do I install DVWA on the Nginx server?

Thank you!

How you did that from the same machine I didn't get the point, I tried this but set the opnsense in one VM and then I ran another VM as an attacker and I stuck here, I opened the vulnerable web by the first VM ip address which I wrote in the upstream server, I enabled the rules but still it didn't prevent the attack like this!

Very interesting. Since you're running this on 80/443 ports, how would you use this alongside internal reverse proxy to serve public domains?

𝙥𝙧𝙤𝙢𝙤𝙨𝙢

Usefull demo: will test it quite soon. Thx for sharing your knowledge ;)

Now I understand what a WAF is and how it works :)

First, and watching this 100% ..