It's how they make money, but it is sad from an OSS developer perspective. At least they didn't offer it and then remove it like TypeSafe did with their Slick/MSSQL driver.
>The name stands simply for NGINX ANTI XSS & SQL INJECTION
>Some reported us that the pronounciation is complicated and can lead to a misleading sound of “Nazi”. Of course, it’s definitely not our intent.
>Our company is based in France and pronouncing “XS” is easy for us since we have some words like this. Russians as well doesn’t have any issue with this since they have complicated sounds.
>But English & American people doesn’t have any sound like this and are hesitant in the way to pronounce it. Is it a X, is it a S and if they pronounce only the S, it then sound like nasi, not good… We didn’t saw this forcoming and are a bit sorry about that. We may change the name to NAXI to make more clear, and, of course, remove the SQL injection protections. (kidding)
9 comments
[ 4.5 ms ] story [ 32.5 ms ] threadAlthough, it's sad that Nginx chose the unreleased v3 of ModSecurity [0] [1] for their commercial offering instead.
[0]: https://www.modsecurity.org/
[1]: https://github.com/SpiderLabs/ModSecurity-nginx
I've written a thing about this kind of business model: http://penguindreams.org/blog/the-philosophy-of-open-source-...
> https://github.com/nbs-system/naxsi/issues/227
http://blog.memze.ro/?p=39
>Why the name “NAXSI” ?
>The name stands simply for NGINX ANTI XSS & SQL INJECTION
>Some reported us that the pronounciation is complicated and can lead to a misleading sound of “Nazi”. Of course, it’s definitely not our intent.
>Our company is based in France and pronouncing “XS” is easy for us since we have some words like this. Russians as well doesn’t have any issue with this since they have complicated sounds.
>But English & American people doesn’t have any sound like this and are hesitant in the way to pronounce it. Is it a X, is it a S and if they pronounce only the S, it then sound like nasi, not good… We didn’t saw this forcoming and are a bit sorry about that. We may change the name to NAXI to make more clear, and, of course, remove the SQL injection protections. (kidding)
Seems like an obvious choice to stay within the native NGINX community and just use NGINX Plus. What would be some advantages to using NAXSI?
NGINX Plus is actually not that expensive, especially since you can purchase an AMI and pay per month using AWS.