Closed GoogleCodeExporter closed 8 years ago
Seams that problem is in how the nginx handle the requests but not the naxsi
itself.
My nginx configuration looks like that
server {
listen 80;
server_name test.com;
rewrite ^(.*) http://www.test.com$1 permanent;
}
server {
listen 80;
server_name ~.*test.com;
location / {
root /srv/test.com/www;
include /etc/nginx/nbs.rules;
index index.php;
try_files $uri $uri/ /index.php?page=$uri&$args;
}
location ~ \.php${
include /etc/nginx/nbs.rules;
root /srv/test.com/www;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location /RequestDenied {
proxy_pass http://127.0.0.1:4242;
}
}
If i send a request like
http://www.test.com/a.php?artist=1%0BAND%28SELECT%0B1%20FROM%20mysql.x%29
I got a row into error log and the exception was learned http_config.py
2012/03/29 16:01:50 [error] 20236#0: *777 NAXSI_FMT:
ip=89.25.32.29&server=www.test.com&uri=/a.php&total_processed=170&total_blocked=
8&zone0=ARGS&id0=1000&var_name0=artist&zone1=ARGS&id1=1010&var_name1=artist&zone
2=ARGS&id2=1011&var_name2=artist&zone3=ARGS&id3=1020&var_name3=artist&zone4=ARGS
&id4=1308&var_name4=artist&zone5=ARGS&id5=1309&var_name5=artist, client:
xxx.xxx.xxx.xxx, server: ~.*test.com, request: "GET
/a.php?artist=1%0BAND(SELECT%0B1%20FROM%20mysql.x) HTTP/1.1", host:
"www.test.com
But if i send
http://www.test.com/?artist=1%0BAND%28SELECT%0B1%20FROM%20mysql.x%29
I got a row into error log but request is not forwarded to http_config.py
2012/03/29 16:05:35 [error] 20236#0: *853 NAXSI_FMT:
ip=89.25.32.29&server=www.test.com&uri=/&total_processed=1408&total_blocked=23&z
one0=ARGS&id0=1000&var_name0=artist&zone1=ARGS&id1=1010&var_name1=artist&zone2=A
RGS&id2=1011&var_name2=artist&zone3=ARGS&id3=1020&var_name3=artist&zone4=ARGS&id
4=1308&var_name4=artist&zone5=ARGS&id5=1309&var_name5=artist, client:
89.25.32.29, server: ~.*test.com, request: "GET
/?artist=1%0BAND(SELECT%0B1%20FROM%20mysql.x) HTTP/1.1", host: "www.test.com"
Original comment by veselin....@gmail.com
on 29 Mar 2012 at 1:08
Hello,
Any progress on this issue on your side ?
Best regards,
Original comment by ori...@gmail.com
on 11 Apr 2012 at 9:21
Original comment by ori...@gmail.com
on 19 Apr 2012 at 9:02
Hello, Last days i made lots of test and i can reproduce the problem all the
time . Here is a test configuration :
server {
listen 1984;
server_name 'localhost';
client_max_body_size 30M;
location / {
try_files $uri $uri/ /index.php?page=$uri&$args;
root /usr/local/src/nginx-1.2.0/naxsi-0.45/t/servroot/html/;
LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
index index.php;
}
location /RequestDenied {
proxy_pass http://127.0.0.1:8000;
}
location ~ \.php$ {
}
}
Test URL:
http://127.0.0.1:1984/?artist=0+div+1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0
A1%2C2%2Ccurrent_user
Original comment by veselin....@gmail.com
on 26 Apr 2012 at 10:43
Attachments:
Original issue reported on code.google.com by
veselin....@gmail.com
on 26 Mar 2012 at 11:55