Closed rmdashrfslash closed 6 years ago
Hi, You should whitelist the 1016 id. BasicRule wl:1016 "mz:$HEADERS_VAR:cookie"; Regards,
hi Sabban, shouldn't wl:0 whitelist all rules?
Thanks
Hi, Not completely sure about that, but I think id 0 just does'nt exist.
By the way the documentation specifies that internal rule ie id under 1000 should not be whitelisted. https://github.com/nbs-system/naxsi/wiki/internal-rules
Regards,
hello,
@rmdashrfslash is right, wl:0
should whitelist all rules except the internal ones :)
I guess this might be an issue in the config, or a bug.
Can you provide minimal test case ?
cheers,
Closing for now, just added a test-case for this and it seems to be working : https://github.com/nbs-system/naxsi/commit/7c8aa9cb296d5d0e7d822e3f9622cd39c1c86935
Hi -
I'm having an issue where Naxsi continues to alert on an issue with a cookie header, even though I have a whitelist ignoring all cookies. A sample of my log:
NAXSI_FMT: ip=111.222.333.444&server=my.server.com&uri=/my/uri&learning=1&vers=0.55.3&total_processed=45576&total_blocked=672&block=1&cscore0=$SQL&score0=16&zone0=HEADERS&id0=1016&var_name0=cookie
And in my rules, I have:
BasicRule wl:0 "mz:$HEADERS_VAR:cookie";
Any idea why this whitelist isn't working?
Thanks!