Closed GoogleCodeExporter closed 8 years ago
Also looks other than .asp* and .ph* extension not supported in rule 1500?
I have tried to white listed above by
Editing the core rules :
MainRule "rx:.ph*|.asp*|.json" "msg:asp/php file upload!" "mz:FILE_EXT"
"s:$UPLOAD:8" id:1500;
and on my local rules :
BasicRule wl:1500 "mz:$URL:/attachments/do-upload.json";
but throwing the following error :
Performing sanity check on nginx configuration:
nginx: [emerg] naxsi internal error in wlr_identify. in
/usr/local/etc/nginx/nginx.conf:80
nginx: [emerg] WhiteList Hash building failed in
/usr/local/etc/nginx/nginx.conf:80
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
Original comment by unexplai...@gmail.com
on 30 May 2012 at 9:36
Another examples naxsi generating confusing rules for above NAXSI_FMT :
#1 hits on rule 1310 ([, possible js) on url /attachments/do-upload.json from 1
different peers
#BasicRule wl:1310 "mz:$URL:/attachments/do-upload.json|$BODY_VAR|NAME";
#1 hits on rule 1311 (], possible js) on url /attachments/do-upload.json from 1
different peers
#BasicRule wl:1311 "mz:$URL:/attachments/do-upload.json|$BODY_VAR|NAME";
$BODY_VAR|NAME what are this?, i have tried :
BasicRule wl:1310 "mz:$URL:/attachments/do-upload.json|$BODY_VAR:NAME";
BasicRule wl:1311 "mz:$URL:/attachments/do-upload.json|$BODY_VAR:NAME";
BasicRule wl:1310
"mz:$URL:/attachments/do-upload.json|$BODY_VAR:content_data[thread_id]" ;
BasicRule wl:1311
"mz:$URL:/attachments/do-upload.json|$BODY_VAR:content_data[thread_id]" ;
BasicRule wl:1310
"mz:$URL:/attachments/do-upload.json|$BODY_VAR:content_data[]" ;
BasicRule wl:1311
"mz:$URL:/attachments/do-upload.json|$BODY_VAR:content_data[]" ;
BasicRule wl:1310
"mz:$URL:/attachments/do-upload.json|$ARGS_VAR:content_data[thread_id]" ;
BasicRule wl:1311
"mz:$URL:/attachments/do-upload.json|$ARGS_VAR:content_data[thread_id]" ;
BasicRule wl:1310
"mz:$URL:/attachments/do-upload.json|$ARGS_VAR:content_data[]" ;
BasicRule wl:1311
"mz:$URL:/attachments/do-upload.json|$ARGS_VAR:content_data[]" ;
BasicRule wl:1310 "mz:$URL:/attachments/do-upload.json" ; //Error - Feature
request to disable specific rules on specific uri & filenames
BasicRule wl:1311 "mz:$URL:/attachments/do-upload.json" ; //Error - Feature
request to disable specific rules on specific uri & filenames
None of them works
Original comment by unexplai...@gmail.com
on 31 May 2012 at 7:15
Hi,
There are a few bugs in the whitelist generation function.
I'm rewriting it from scratch, should be done by the end of the week.
Original comment by sephirot...@gmail.com
on 31 May 2012 at 8:32
Hello,
While Seb is rewritting the WL generation, I wanted to look at your error with
rules on FILE_EXT.
The first issue is that your whitelist is not precise enough. Enough when it's
obvious, naxsi need to be told about that :
BasicRule wl:1500 "mz:$URL:/attachments/do-upload.json|FILE_EXT";
Then, this was - anyway - broken, now it's fixed in SVN, please let me know if
it is ok for you !
Original comment by ori...@gmail.com
on 3 Jun 2012 at 5:03
Yes thanks, now it the rules may applied but strange things is the BODY|NAME
still appear :
2012/06/03 19:11:32 [error] 77806#0: *1 NAXSI_FMT:
ip=127.0.0.1&server=domain.com&uri=/attachments/do-upload.json&total_processed=1
&total_blocked=1&zone0=BODY|NAME&id0=1310&var_name0=content_data[thread_id]&zone
1=BODY|NAME&id1=1311&var_name1=content_data[thread_id], client: 127.0.0.1,
server: domain.com, request: "POST
/attachments/do-upload.json?hash=adfe77e3da0ad6e95a288d2fed96acb6&content_type=p
ost HTTP/1.1", host: "domain.com"
I have already applied this rules :
BasicRule wl:1310
"mz:$URL:/attachments/do-upload.json|$BODY_VAR:content_data[thread_id]" ;
BasicRule wl:1311
"mz:$URL:/attachments/do-upload.json|$BODY_VAR:content_data[thread_id]" ;
BasicRule wl:1310
"mz:$URL:/attachments/do-upload.json|$ARGS_VAR:content_data[thread_id]" ;
BasicRule wl:1311
"mz:$URL:/attachments/do-upload.json|$ARGS_VAR:content_data[thread_id]" ;
BasicRule wl:1500 "mz:$URL:/attachments/do-upload.json|FILE_EXT";
And naxsi still complained, does this is also reside on the naxsi core which
currently being work on with seb?
Original comment by unexplai...@gmail.com
on 3 Jun 2012 at 7:15
any news about the new generator?
Original comment by unexplai...@gmail.com
on 9 Jun 2012 at 8:50
Hi, it has been fixed in SVN, can you please give it a try ?
It will be included in 0.48 (which is late :p)
Original comment by ori...@gmail.com
on 16 Jul 2012 at 4:00
I've been bitten by a similar bug (I call this a bug as I simply used naxsi's
Wiki example) and solved it using the following syntax:
BasicRule wl:1000 "mz:URL|$URL:/wp/wp-admin/update-core.php";
Original comment by emile.he...@gmail.com
on 30 Dec 2012 at 11:26
Original comment by ori...@gmail.com
on 13 Mar 2013 at 8:57
Original issue reported on code.google.com by
unexplai...@gmail.com
on 30 May 2012 at 9:10