I need to disable all rules only for url "/remote/errorHandler.php".
Disabling all rules with "wl:0" without specifying match zone works as expected.
What steps will reproduce the problem?
1. curl -v --data "asdfasd=OR 1=1'"
http://gate.development/remote/errorHandler.php
What is the expected output? What do you see instead?
expected: no naxsi errors
actual:
2013/08/08 12:31:55 [error] 18417#0: *2 NAXSI_FMT:
ip=192.168.100.23&server=gate.development&uri=/remote/errorHandler.php&learning=
0&total_processed=2&total_blocked=2&zone0=BODY&id0=1009&var_name0=asdfasd&zone1=
BODY&id1=1013&var_name1=asdfasd&zone2=BODY&id2=1306&var_name2=asdfasd, client:
192.168.100.23, server: gate.development, request: "POST
/remote/errorHandler.php HTTP/1.1", host: "gate.development"
What version of the product are you using? On what operating system?
- Ubuntu Server LTS 12.04 x64
- nginx-common 1.4.1-1ppa1~precise
- nginx-naxsi 1.4.1-1ppa1~precise
Please provide your nginx configuration any additional information below.
-----------------------
SecRulesEnabled;
DeniedUrl "/505.html";
BasicRule wl:0 "mz:BODY|$URL:/remote/errorHandler.php";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
-----------------------
Original issue reported on code.google.com by ser...@galkin.me on 8 Aug 2013 at 8:42
Original issue reported on code.google.com by
ser...@galkin.meon 8 Aug 2013 at 8:42