Whitelists don't work

Question

Whitelists don't work

Bit-Warrior-X opened this issue 3 months ago · comments

Hi, there

I tried to test naxsi with below command.
curl 'http://127.0.0.1:8080/?a=<>'

Then I could see logs in the log file.
2024/03/20 14:18:39 [error] 29706#0: *1 NAXSI_FMT: ip=127.0.0.1&server=127.0.0.1&uri=/&config=block&rid=c65265b0abb646c1cd1264c4ec1c43db&cscore0=$XSS&score0=8&zone0=ARGS&id0=1302&var_name0=a, client: 127.0.0.1, server: , request: "GET /?a=<> HTTP/1.1", host: "127.0.0.1:8080"

To ignore rule 1032, 1033, I added whitelist rule in nginx.conf file.

After restarting nginx, I expcted to see no error logs whilte using same command curl 'http://127.0.0.1:8080/?a=<>'

But there was still same error logs.

If I did something wrong, please tell me.

Thanks.

Giovanni · Answer 1 · Wed Mar 20 2024 22:25:20 GMT+0800 (China Standard Time)

you whitelisted 1032 and 1033 but it gets blocked by 1302

NAXSI_FMT: ip=127.0.0.1
server=127.0.0.1
uri=/
config=block
rid=c65265b0abb646c1cd1264c4ec1c43db
cscore0=$XSS
score0=8
zone0=ARGS
id0=1302
var_name0=a

Giovanni · Answer 2 · Wed Mar 20 2024 22:27:00 GMT+0800 (China Standard Time)

i strongly suggest to switch to the json output. enable it via set $naxsi_json_log 1; within the server{} context.

Bit-Warrior-X · Answer 3 · Wed Mar 20 2024 22:28:51 GMT+0800 (China Standard Time)

Yeah, that's right. Current request is blocked by 1032. How can I disable 1032 using whitelist rule ?

Giovanni · Answer 4 · Wed Mar 20 2024 22:29:45 GMT+0800 (China Standard Time)

Whitelist what actually gets blocked. in your example you need to whitelist 1302 not 1032

Bit-Warrior-X · Answer 5 · Wed Mar 20 2024 22:31:07 GMT+0800 (China Standard Time)

Oh, shame. I am sorry. It works correctly now.
Thanks.