Nginx X-XSS-Protection 0

Discussion in 'Nginx' started by xss, May 9, 2018.

  1. #1
    Hello guys,
    Im new on this Forum I hope you can help me.

    I want to test a easy <script> alert("XSS"); </script> XSS attack on my Webseite.
    I have a nginx/1.13.12 Webserver and I think in the default settings is the X-XSS Protection on.

    So how can I enable X-XSS attacks in the webconfiguration?
    I try this on the screenshot but dont work.
    upload_2018-5-9_11-16-16.png
     
    xss, May 9, 2018 IP
  2. hostechsupport

    hostechsupport Well-Known Member

    Messages:
    413
    Likes Received:
    23
    Best Answers:
    7
    Trophy Points:
    138
    #2
    A 0 value disables the XSS Filter, as seen below.


    x-xss-protection:0;


    A 1 value allows the XSS Filter. If a cross-site scripting attack is recognized, to stop the attack, the browser will clean the page.


    x-xss-protection:1;


    A 1; mode=block value enables the XSS Filter. Instead of sanitizing the page, when an XSS attack is detected, the browser will prevent delivering of the page.


    x-xss-protection:1; mode=block
     
    hostechsupport, May 9, 2018 IP
  3. xss

    xss Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #3
    Thank you for your answer, I try "x-xss-protection:0;" but get a error message from my browser "ERR_CONNECTION_REFUSED"
    I dont know why it dosent work....
     
    xss, May 9, 2018 IP
  4. hostechsupport

    hostechsupport Well-Known Member

    Messages:
    413
    Likes Received:
    23
    Best Answers:
    7
    Trophy Points:
    138
    #4
    >> Can you share your URL to check the errors?
     
    hostechsupport, May 9, 2018 IP