nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Need help #404

Closed chancarlo closed 6 years ago

chancarlo commented 6 years ago

I can't make Naxsi work. Please help. I keep getting this error when issuing "nginx -t"

nginx: [emerg] Naxsi-Config : Incorrect line CheckRule “$SQL (/usr/local/src/naxsi/naxsi_src/naxsi_skeleton.c/629)... in /etc/nginx/naxsi.rules:8 nginx: configuration file /etc/nginx/nginx.conf test failed

Command "nginx -V": nginx version: nginx/1.13.6 built by gcc 6.3.0 20170516 (Debian 6.3.0-18) built with OpenSSL 1.1.0g 2 Nov 2017 TLS SNI support enabled configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=/usr/local/src/naxsi/naxsi_src --user=www-data --group=www-data --prefix=/etc/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --sbin-path=/usr/sbin/nginx --with-cc-opt='-m64 -mtune=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-tautological-compare -Wno-deprecated -Wno-pointer-sign -Wno-parentheses -Wno-write-strings -gsplit-dwarf' --with-compat --with-threads --with-file-aio --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre=/usr/local/src/pcre --with-pcre-jit --with-zlib=/usr/local/src/zlib --with-openssl=/usr/local/src/openssl --with-openssl-opt=enable-ec_nistp_64_gcc_128 --with-http_v2_hpack_enc --add-module=/usr/local/src/ngx_cache_purge --add-module=/usr/local/src/memc-nginx-module --add-module=/usr/local/src/headers-more-nginx-module --add-module=/usr/local/src/ngx_devel_kit --add-module=/usr/local/src/srcache-nginx-module --add-module=/usr/local/src/set-misc-nginx-module --add-module=/usr/local/src/redis2-nginx-module --add-module=/usr/local/src/ngx_http_redis --add-module=/usr/local/src/nginx-module-vts --add-module=/usr/local/src/ngx_brotli

Inside "/etc/nginx/nginx.conf": http{ ... include /etc/nginx/naxsi_core.rules; ... }

Where "/etc/nginx/naxsi_core.rules" is copied from source

Inside my server block: `location / {

include /etc/nginx/naxsi.rules;
try_files $uri $uri/ /index.php?$args;

}`

Inside "/etc/nginx/naxsi.rules": `LearningMode; SecRulesEnabled; DeniedUrl "/etc/nginx/html/50x.html";

Check rules

CheckRule “$SQL >= 8” BLOCK; CheckRule “$RFI >= 8” BLOCK; CheckRule “$TRAVERSAL >= 4” BLOCK; CheckRule “$EVADE >= 4” BLOCK; CheckRule “$XSS >= 8” BLOCK; `

Did I do something wrong? Any help would be appreciated.

chancarlo commented 6 years ago

I found the error. The quotation symbol “ in CheckRule “$SQL >= 8” BLOCK; was copied from my Excel sheet and apparently it is a different character from the the regular " that is required. You can see how the Excel “ is a little bit slanted hence is interpreted by Naxsi as a different character. See side by side:

" “

buixor commented 6 years ago

cool :)