nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

help , naxsi does not work #391

Closed f2ex closed 7 years ago

f2ex commented 7 years ago

compiling nginx( 1.10.1 )+naxsi ( 0.55.3 ) :

configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-ipv6 --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-openssl=../openssl-1.0.2h --with-pcre=../pcre-8.38 --with-pcre-jit --with-ld-opt=-ljemalloc --add-module=../naxsi-0.55.3/naxsi_src/

nginx/naxsi configuration :

    http {  
include mime.types;
include naxsi_core.rules;
......
server {
listen 80 default;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/www/default;
index index.html index.htm index.php;
location / {
    SecRulesEnabled;
    #LearningMode;     
    DeniedUrl "/RequestDenied";
    CheckRule "$SQL >= 8" BLOCK;
    CheckRule "$RFI >= 8" BLOCK;
    CheckRule "$TRAVERSAL >= 4" BLOCK;
    CheckRule "$EVADE >= 4" BLOCK;
    CheckRule "$XSS >= 8" BLOCK;    
    error_log /data/wwwlogs/foo.log; 
}
location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;              
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
}
location /RequestDenied {
    return 418;
}    
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
    expires 30d;
    access_log off;
    }
location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
    }
}
}

check :

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

but , naxsi does not work . XSS attack test is not blocked , foo.log nothing at all .

Where is the problem ? thanks :)

buixor commented 7 years ago

Hello,

Can you provide example request ? As well, it seems you didn't include naxsi in php location, which is probably where you need it !

f2ex commented 7 years ago

@buixor thanks for the reply :)

new nginx.conf

server {
listen 80 default;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/default;
index index.html index.htm index.php;
location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;   
    SecRulesEnabled;
    #LearningMode;     
    DeniedUrl "/RequestDenied";
    CheckRule "$SQL >= 8" BLOCK;
    CheckRule "$RFI >= 8" BLOCK;
    CheckRule "$TRAVERSAL >= 4" BLOCK;
    CheckRule "$EVADE >= 4" BLOCK;
    CheckRule "$XSS >= 8" BLOCK;    
    error_log /data/wwwlogs/foo.log;            
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
    }
location /RequestDenied {
    return 418;
}    
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
    expires 30d;
    access_log off;
    }
location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
    }
}

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

service nginx restart

not block foo.log is empty .

f2ex commented 7 years ago

@buixor I think I found the problem , there was a little mistake , now solved . Thanks :P

ghost commented 7 years ago

@f2ex what was the "mistake"? I am having the same issue...

f2ex commented 7 years ago

@kpirnie The problem is here :

location /RequestDenied {
    return 418;
}

HTTP Status Code 418 is not supported .

Change into :

location /RequestDenied {
    return 403;  #Or a supported status code
}