Wrong Port
IsmaelMagro21 opened this issue · comments
Good afternoon,
I set up NAXSI on port 80 and a vulnerable web application on port 3000 (Reverse proxy). Whenever I try an sql injection on port 80 it is being blocked successfully, however when done on port 3000, it is not. Which configuration needs to be changed please in order for it to work on either 2 ports simultaneously or only port 3000.
Naxsi is an NGINX only module. if the process that owns port 3000 is not an NGINX server, then you cannot run naxsi on port 3000. instead if you configure your web application to run on port 5000 and say to nginx to listen on port 80 and 3000 and forward the traffic to port 5000, then yes you can also have both protected, but not port 5000.
Hello,
It is an NGINX server which is running a reverse proxy of another IP. Malicious requests are only being blocked on the NGINX default page and not the reverse proxy. What needs to be done please?
can you share here the configuration?
Yes sure, as mentioned before, it is not working on my application page (which is reverse proxied through nginx and accessed through DNS as juiceshop2.com), it is only working on the nginx page (192.168.0.41). please note screen shots of the code and the screens below.
Page after inputting malicious code
default page (where code is working)
proof of code working
kindly note the web application ip is 192.168.0.42 and the nginx ip is 192.168.0.41
and please find my nginx.conf, nginx/sites-enabled/default and nginx/sites-enabled/reverse-proxy files
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*conf;
load_module /etc/nginx/ngx_http_naxsi_module.so;
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/nginx/conf.d/*conf;
include /etc/nginx/sites-enabled/*;
include /etc/nginx/naxsi_core.rules;
sendfile on;
types_hash_max_size 2048;
keepalive_timeout ;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_preferp_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
}
default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
include /etc/nginx/naxsi.rules;
}
}
Reverse-proxy
server {
listen 80;
server_name juiceshop2.com;
location / {
include /etc/nginx/naxsi.rules;
proxy_pass http://192.168.0.42:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Kind reminder please
you need to enable it.
server {
listen 80;
server_name juiceshop2.com;
set $naxsi_json_log 1;
include /etc/nginx/naxsi.rules;
location / {
include /etc/nginx/naxsi.rules;
proxy_pass http://192.168.0.42:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
SecRulesEnabled; #enable naxsi
LibInjectionSql; #enable libinjection support for SQLI
LibInjectionXss; #enable libinjection support for XSS
# internal denied request.
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 5" BLOCK;
CheckRule "$UPLOAD >= 5" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
CheckRule "$UWA >= 8" BLOCK;
CheckRule "$EVADE >= 8" BLOCK;
CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
}
location /RequestDenied {
internal;
return 403;
}
}
THANK U SO MUCH, it took me so long to try and fix this. Thank you very much and happy weekend