nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

white list rule #366

Closed dcalixto closed 7 years ago

dcalixto commented 7 years ago

Instead of the white list the session for tommy i would like to white list for all users, below a code example. BasicRule wl:1000 "mz:$URL:/sessions/tommy|$BODY_VAR:_method";

So, how can i white list the session for all users?

snottycrustacean commented 7 years ago

You should use $URL_X:regexp

aarvee11 commented 7 years ago

PCRE Regex works. So generate a regex for all your usernames. http://regexr.com/ is your friend

dcalixto commented 7 years ago

so, should be? BasicRule wl:1000 "mz:$URL_X:regexp:/|$BODY_VAR:_method";

buixor commented 7 years ago

Hello,

if you use regex-style expression, the whole match-zone must be in regex, see : https://github.com/nbs-system/naxsi/wiki/matchzones-bnf

dcalixto commented 7 years ago

Hello @buixor so that's is the properly way? BasicRule wl:1000 "mz:$URL_X:regexp:/|$BODY_VAR:regex:_method";

buixor commented 7 years ago

Hello,

BasicRule wl:1000 "mz:$URL_X:regexp:/|$BODY_VAR_X:regex";

Would be the way :)