wargio / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CLOSE_WAIT not released

mrbaiwei opened this issue · comments

After enabling the naxsi module, in certain cases, the communication IP remains in CLOSE_WAIT state without being released. This issue occurs in the new version of nginx, and it is suspected to be a compatibility problem.

netstat -tunp|grep nginx|grep CLOSE_WAIT|wc -l
40108

interesting. how i can reproduce this?

I found the reason for the problem, and the reason is the matching order of the 403 error page.

    location ~* ^/(.*)\.html$) {
        proxy_pass http://127.0.0.1:80;
    }

    location /RequestDenied {
        return 403;
    }
    error_page 403 /x403.html;

    location ~ ^/x403.html$ {
        root /etc/nginx/error;
    }

solve with the following configuration

    location ~ ^/x403.html$ {
        root /etc/nginx/error;
    }

    location ~* ^/(.*)\.html$) {
        proxy_pass http://127.0.0.1:80;
    }

    location /RequestDenied {
        return 403;
    }
    error_page 403 /x403.html;

interesting. so is not a naxsi issue per se, but a configuration issue with nginx.

also i suggest to mark /RequestDenied as internal

also i suggest to mark /RequestDenied as internal

Ok, thank you. This issue has troubled me for a long time, to the point where I have had to restart nginx regularly.

sorry to hear that.