Incorrect line MainRule rx (regex)

Question

Incorrect line MainRule rx (regex)

ajgomez23 opened this issue 7 months ago · comments

Hi, I’m encountering an error when I try to start Nginx. The error message indicates that there’s an incorrect line in naxsi_core.rules. Could this be a compatibility issue?

Here’s the error message I’m seeing:

nginx: [emerg] Naxsi-Config : Incorrect line MainRule rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile (/etc/naxsi/naxsi_src//naxsi_skeleton.c/973)... in /etc/nginx/naxsi_core.rules:23

I’m currently using Nginx version 1.22.1.

Giovanni · Answer 1 · Wed Dec 06 2023 09:48:12 GMT+0800 (China Standard Time)

sounds like you are using an old version of naxsi which has whatever patch the distro maintainers implemented to make it compile with pcre.

Did you build it from sources?

ajgomez23 · Answer 2 · Wed Dec 06 2023 20:52:49 GMT+0800 (China Standard Time)

Thanks, yes i was using an old version of naxsi, i will try implement a new naxsi version

Giovanni · Answer 3 · Wed Dec 06 2023 21:06:56 GMT+0800 (China Standard Time)

Thanks, yes i was using an old version of naxsi, i will try implement a new naxsi version

Either use the compiled binaries in the release or just use the release naxsi-x.y-src-with-deps.tar.gz. avoid using the github tarballs/zips because they will not contain all the submodules.

For the latest release, please see: https://github.com/wargio/naxsi/releases

AhsanZahid2001 · Answer 4 · Thu Dec 07 2023 20:25:33 GMT+0800 (China Standard Time)

I'm also facing a similar issue. I am using the mentioned release (naxsi-x.y-src-with-deps.tar.gz), and am running NAXSI version 1.6, and NGINX version 1.24.

I started facing this issue when I tried upgrading from NAXSI 1.4 to 1.6. I already tried using version 1.5 and it's the same error.

This is the error that I'm getting

nginx: [emerg] Naxsi-Config : Incorrect line BasicRule wl:1310,1311 (naxsi_skeleton.c:723)... in /etc/nginx-conf/global/naxsi-wp-whitelist.rules:155

Giovanni · Answer 5 · Thu Dec 07 2023 20:42:32 GMT+0800 (China Standard Time)

Now it is working properly and you have a new error.

From the log, sounds like you have a bad rule in /etc/nginx-conf/global/naxsi-wp-whitelist.rules at line 155

Can you paste here that line?

AhsanZahid2001 · Answer 6 · Fri Dec 08 2023 01:15:20 GMT+0800 (China Standard Time)

    BasicRule wl:1310,1311 
     "mz:$URL_X:^/([\w-]+/)?|$BODY_VAR_X:^some_field_[\w\d-%\[\]]+|NAME";

    BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^some_field_[\w\d-%\[\]]+|NAME";

    BasicRule wl:1310,1311 
    "mz:$URL_X:^/some-path/some-other/[\w-\/]+|$ARGS_VAR_X:^(_)?fields[%5BD\[\d\]]+|NAME";

    BasicRule wl:1310,1311 
     "mz:$URL_X:^/some-path/some-further/[\w-\/]+|$ARGS_VAR_X:^status[%5BD\[\d\]]+|NAME";
 
    BasicRule wl:1310,1311 
    "mz:$URL_X:^/some-path/some-other-path/[\w-\/]+|$ARGS_VAR_X:^some_path[%5BD\[\d\]]+|NAME";

These are the rules which are erroring out.

Giovanni · Answer 7 · Fri Dec 08 2023 11:00:12 GMT+0800 (China Standard Time)

I would strongly suggest to check those regexes on a website like https://regex101.com/
if i have to guess, maybe the % might be problematic, same for not escaping [ and ]