nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

virtual-patching matchzone confusion #375

Closed buixor closed 7 years ago

buixor commented 7 years ago

If a virtual patching basic rule targets something like :

BasicRule "str:pattern" "mz:BODY|NAME" ...

A mismatch can happen where a body containing pattern in the body content (rather than var name) would wrongly match.