Denied request score withing log files

GoogleCodeExporter commented 8 years ago

It would be nice to have the global Naxsi score when a request is being denied, 
for example:

2012/06/27 16:39:53 [error] 1573#0: *110052 NAXSI_FMT: 
ip=118.175.21.38&server=x.y.w.z&uri=/w00tw00t.at.blackhats.romanian.anti-sec:)&t
otal_processed=6339&total_blocked=4&zone0=URL&id0=1011&var_name0=&zone1=URL&id1=
1309&var_name1=, client: 118.175.21.38, server: www.myserver.net, request: "GET 
/w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1", host: "x.y.w.z"

Would be: (look for request_score)

2012/06/27 16:39:53 [error] 1573#0: *110052 NAXSI_FMT: 
ip=118.175.21.38&server=x.y.w.z&uri=/w00tw00t.at.blackhats.romanian.anti-sec:)&t
otal_processed=6339&total_blocked=4&request_score=XX&zone0=URL&id0=1011&var_name
0=&zone1=URL&id1=1309&var_name1=, client: 118.175.21.38, server: 
www.myserver.net, request: "GET /w00tw00t.at.blackhats.romanian.anti-sec:) 
HTTP/1.1", host: "x.y.w.z"

Original issue reported on code.google.com by didier.c...@googlemail.com on 27 Jun 2012 at 2:45

GoogleCodeExporter commented 8 years ago

Thanks for the suggestion :)

Original comment by ori...@gmail.com on 27 Jun 2012 at 2:47

GoogleCodeExporter commented 8 years ago

After a bit of reflection, this is actually not possible, as naxsi will drop 
(redirect the request) as soon as it reaches limit score, so score will be 
XSS=8 or SQL=8 etc. 99% of the time.

Original comment by ori...@gmail.com on 27 Jun 2012 at 6:08

Changed state: Invalid

ReJeCtAll / naxsi

Denied request score withing log files #38