Closed C0nw0nk closed 6 years ago
Can you give an example of what you want to allow and what you want to disallow ?
Well if the IPv4 or IPv6 addresses provided in the header contain the characters what makes them a valid IP.
I know they use characters from A-Z 0-9 . : and , to separate for multiple IP's.
But maybe like md5 checks with php regex
function isValidMd5($md5 ='')
{
return preg_match('/^[a-f0-9]{32}$/', $md5);
}
echo isValidMd5('5d41402abc4b2a76b9719d911017c592');
IPv6 addresses can be more strict with the regex to check if certain parts should have a character length etc I don't know the algorithm for how the addresses should be calculated though maybe someone can shed light onto such things.
Ipv4
192 . 168 . 0 . 1
4 parts total each part containing 0-3 chars each char can be from 0-9 each separator for the 4 parts is a full stop.
If I understood you correctly, you want to allow a single IPv4 or IPv6 adress ? Validating this properly with a regex sounds a dangerous idea, but you might end up with something like this (untested ofc):
BasicRule "rx:^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$|^[a-f0-9:]+$" "mz:$HEADERS_VAR:x-forwarded-for" "s:...";
However, please take my word and considerate this a bad idea, a quick google search will lead you to the fact that validating ipv6 (or even ipv4) addresses with regex is closer to rocket jump than anything else :)
I do not want to validate it as such but just check that the characters and the order of things look correct and for it to work for both ipv4 and ipv6 just to ensure that header stays clean from anything nasty like.
X-Forwarded-For: I-am-not-containing anything to do with-ipv4-or-ipv6 just another malicious request
As you can see that is not a ip address in the header at all.
Nginx server header
HTTP_X_FORWARDED_FOR
for Naxsi to check and allow only a single IPv4 or IPv6 address.Just want naxsi to check that header to keep it clean and allow only a single not multiple IPV4 or IPV6 address.
Dunno what the regex should be for IPv6/v4 in Naxsi to achieve it.