nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

error log field "cscore" lost when blocking "$EVADE" attack #369

Closed lsqworld closed 7 years ago

lsqworld commented 7 years ago

Version: 0.55.1

When I made a "$EVADE" attack , I could not find the "cscore" field in it's blocked log line.

What request I've made: http://10.110.20.19/?a=%U And the blocked log: qq 20170327162435

And the following is a normal "$SQL" attack block log: qq 20170327162724

So is it just a bug or I made some error? Thank you very much!

buixor commented 7 years ago

Hello,

It is because you triggered an internal rule. Those do not set a specific named score, but just set the block flag in the request.

lsqworld commented 7 years ago

I feel so sorry for wasted your time! @buixor

buixor commented 7 years ago

Nah, don't worry, doc is a bit slacky !

buixor commented 7 years ago

Fixed doc : https://github.com/nbs-system/naxsi/wiki/internal-rules