Whitelist rule not respected (ARGS_VAR)?
Napsty opened this issue · comments
Probably more a question (once again) and probably not a bug. But I have this whitelist entry, covering multiple rules on a certain URI:
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|BODY";
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|BODY|NAME";
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|ARGS|NAME";
Yet there were still some blocks happening, here's the nx_util output:
# total_count:4 (12.9%), peer_count:1 (50.0%) | sql keywords
BasicRule wl:1000 "mz:$URL:/secure/AssignIssue!default.jspa|$ARGS_VAR:returnurl";
I thought that $ARGS_VAR is covered by ARGS|NAME? Or am I mistken?
it does, but is the equivalent of ARGS not ARGS|NAME
https://github.com/nbs-system/naxsi/wiki/matchzones-bnf#match-zone
So in this case I need to create an additional rule?
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|BODY";
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|BODY|NAME";
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|ARGS"; <-- new
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|ARGS|NAME";
I thought the rule would match both, as discussed in #44 (comment) ? Or is it the other way around?
just combine BODY|ARGS and avoid an additional line
Also 1008-1011 is an illegal identifier. https://github.com/nbs-system/naxsi/wiki/whitelists-bnf#whitelisted-id-wl
just combine BODY|ARGS and avoid an additional line
will do, thanks again
Also
1008-1011is illegal
Thanks for the hint! Config check didn't complain so I assumed this would work. ;-)
i think it took only 1008 as id.
Using the new "ANY" match zone, could the following snippet:
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|BODY";
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|BODY|NAME";
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|ARGS"; <-- new
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|ARGS|NAME";
therefore be replaced with:
BasicRule wl:1000,1008-1011,1200,1205 "mz:$URL:/secure/AssignIssue!default.jspa|ANY";
?
yes., but as said before 1008-1011 is illegal.