Gixy – Tool for analyzing Nginx configuration files

Gixy is a tool used to analyze Nginx configuration files. The main goal of Gixy is to prevent security misconfigurations and automate defect detection.

Gixy Features

• Find out server-side request forgery.
• Verify HTTP splitting.
• Verify referrer/origin issues.
• Verify whether the Response Headers are correctly redefined through the add_header directive.
• Verify whether the requested host header is forged.
• Verify whether valid_referers is empty.
• Verify whether multi-line host header is present.

Gixy installation

Gixy is an application developed in Python. The currently supported Python versions are 2.7 and 3.5.

The installation steps are very simple, just use pip to install:

$ pip install gixy

If your system is older, the Python version that comes with it is lower. You can refer to "Using pyenv to build a python virtual environment" or "How to enable Software Collections (SCL) on CentOS" to upgrade the Python version.

Gixy use

Gixy will check the /etc/nginx/nginx.conf configuration file by default.

$ gixy

You can also specify the location of the NGINX configuration file.

$ gixy /usr/local/nginx/conf/nginx.conf

==================== Results ===================

No issues found.

==================== Summary ===================

Total issues:

Unspecified: 0

Low: 0    Medium: 0

High: 0

Let’s take a look at an example of a problem with the http score configuration. Modify the Nginx configuration:

server {

…

location ~ /v1/((?<action>[^.]*)/.json)?$ {
add_header X-Action $action;
}
…

}

Run Gixy again to check the configuration.

$ gixy /usr/local/nginx/conf/nginx.conf

==================== Results ===================

>> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain “/n” may lead to http injection.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
Reason: At least variable “$action” can contain “/n”
Pseudo config:

server {
server_name localhost mike.hi-linux.com;

location ~ /v1/((?<action>[^.]*)/.json)?$ {
add_header X-Action $action;
}
}

==================== Summary ===================
Total issues:
Unspecified: 0
Low: 0
Medium: 0
High: 1

It can be seen from the results that a problem has been detected, indicating that the problem type is http_splitting. The reason is that the $action variable can contain newlines. This is the HTTP response header splitting vulnerability, which is attacked through CRLFZ injection.

If you want to temporarily ignore certain types of error checking, you can use the --skips parameter:

$ gixy –skips http_splitting /usr/local/nginx/conf/nginx.conf
==================== Results ===================
No issues found.

==================== Summary ===================
Total issues:
Unspecified: 0
Low: 0
Medium: 0
High: 0

For more usage methods, please refer to the gixy --help command.

The above is the detailed content of Gixy – Tool for analyzing Nginx configuration files. For more information, please follow other related articles on the PHP Chinese website!