nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Regex Whitelisting Rules #400

Closed nadzree closed 7 years ago

nadzree commented 7 years ago

Hi Naxsi,

Ive tried to incorporate a regex in my whitelisting as below:

BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^code\[\]|$URL_X:^\/(pl82|pl183)\/(pl182|pl83)(.*)";

However this produce an error as below: nginx: [emerg] Naxsi-Config : Incorrect line BasicRule wl:1310,1311 (naxsi_skeleton.c/474)... in ext.rules:187

I think that's a correct regex or did I'm missing a configuration? Thanks!

sabban commented 7 years ago

The regexes are correct, but because of some limitation on naxsi processing, the branching "|" character isn't allowed. Maybe you can use sth like ^/pl1?8[23]/pl1?8[23](.*) instead ?

nadzree commented 7 years ago

I see..great tips! or I can always declare a new line for the '|'.. however I'm in the midst of developing a control panel to generate this rules and optimised the rules..

Are you in plan to address this limitation in the future?

sabban commented 7 years ago

Yes, but not in the near future... To solve the problem the rule syntax has to be revamped...

nadzree commented 7 years ago

noted on this sabban.. I'll try to do a work around on the regex verification in the panel..for now we will also restrict '|'

Thank you for your prompt reply

nadzree commented 7 years ago

Another problem that I noticed that BODY_VAR cant have a symbol [] BasicRule wl:1310,1311 "mz:$BODY_VAR:code[]|$URL_X:^\/pl82\/pl182(.*)"; Ive received an error: nginx: [emerg] WhiteList Hash building failed in /etc/nginx/nginx.conf:47 nginx: configuration file /etc/nginx/nginx.conf test failed However with this rules i did not receive any error BasicRule wl:1310,1311 "mz:$BODY_VAR:code[]|$URL:/pl82/pl82_bt_edit_events.php|NAME"; is there any other rules of combination or guide that we can follow?

sabban commented 7 years ago

You can't mixup matchzone with _X and $URL in one rule. https://github.com/nbs-system/naxsi/wiki/matchzones-bnf#regex-vs-string This is an other limitation, which may be lifted one day...

nadzree commented 7 years ago

Learn something today! Thank you sabban..you are very helpfull : )