Naxsi internal error with empty POST request

[GoogleCodeExporter]

Hello. 

With enabled naxsi I recieve http 405 in empty (no POST params) POST request. 
GET request and non-empty POST request gives correct expected output.

What steps will reproduce the problem?

root@development:/etc/nginx/sites-enabled# curl --data "" -v 
http://gate2.development
* About to connect() to gate2.development port 80 (#0)
*   Trying 192.168.100.4... connected
> POST / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 
zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: gate2.development
> Accept: */*
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
> 
< HTTP/1.1 405 Not Allowed
< Server: nginx/1.2.7
< Date: Thu, 04 Apr 2013 11:42:54 GMT
< Content-Type: text/html
< Content-Length: 172
< Connection: keep-alive
* HTTP error before end of send, stop sending
< 
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.2.7</center>
</body>
</html>
* Closing connection #0

What is the expected output? What do you see instead?

expected: http 403 forbidden (disabling naxsi in vhost gives expected output)
actual: http 405 

What version of the product are you using? On what operating system?

1) Ubuntu 12.04 LTS
2) Nginx 1.2.7 with naxsi (http://ppa.launchpad.net/nginx/stable/ubuntu precise 
main)

Please provide your nginx configuration any additional information below.

nginx.conf:

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/naxsi_core.rules;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

vhost:

server {
        listen 80;
        server_name gate2.development;
        root /var/www/projects/gate/www;

        access_log  /var/log/nginx/gate.development.access.log;
        error_log  /var/log/nginx/gate.development.error.log;

        location / {
               include    /etc/nginx/naxsi.rules;
        }
}

With best regards,
Sergey Galkin

Original issue reported on code.google.com by ser...@galkin.me on 4 Apr 2013 at 11:52

[GoogleCodeExporter]

Nginx error log entry is following:

2013/04/04 15:36:11 [error] 29763#0: *32 NAXSI_FMT: 
ip=192.168.100.23&server=gate2.development&uri=/&total_processed=17&total_blocke
d=4&zone0=BODY&id0=11&var_name0=, client: 192.168.100.23, server: 
gate2.development, request: "POST /?object=Session&action=getSalt HTTP/1.1", 
host: "gate2.development"

I haven't found what id0=11 mean.

Original comment by ser...@galkin.me on 4 Apr 2013 at 12:12

[GoogleCodeExporter]

Hello,

Rules with IDs lower than 1000 are naxsi internal rules.
You can find them in your naxsi_core.rules :
#@MainRule "msg:weird/incorrect request" id:1;
#@MainRule "msg:big request, unparsed" id:2;
#@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10;
#@MainRule "msg:uncommon/empty content-type in POST" id:11;
#@MainRule "msg:uncommon/malformed URL" id:12;

Here, it it because your POST has apparently no content, which sounds weird to 
naxsi, triggering an internal rule. You can whitelist it as any other rule.

Original comment by ori...@gmail.com on 6 Apr 2013 at 12:54

• Changed state: Invalid