nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Still blocking on cookies even with whitelist #405

Closed rmdashrfslash closed 6 years ago

rmdashrfslash commented 6 years ago

Hi -

I'm having an issue where Naxsi continues to alert on an issue with a cookie header, even though I have a whitelist ignoring all cookies. A sample of my log:

NAXSI_FMT: ip=111.222.333.444&server=my.server.com&uri=/my/uri&learning=1&vers=0.55.3&total_processed=45576&total_blocked=672&block=1&cscore0=$SQL&score0=16&zone0=HEADERS&id0=1016&var_name0=cookie

And in my rules, I have:

BasicRule wl:0 "mz:$HEADERS_VAR:cookie";

Any idea why this whitelist isn't working?

Thanks!

sabban commented 6 years ago

Hi, You should whitelist the 1016 id. BasicRule wl:1016 "mz:$HEADERS_VAR:cookie"; Regards,

rmdashrfslash commented 6 years ago

hi Sabban, shouldn't wl:0 whitelist all rules?

Thanks

sabban commented 6 years ago

Hi, Not completely sure about that, but I think id 0 just does'nt exist.

By the way the documentation specifies that internal rule ie id under 1000 should not be whitelisted. https://github.com/nbs-system/naxsi/wiki/internal-rules

Regards,

buixor commented 6 years ago

hello, @rmdashrfslash is right, wl:0 should whitelist all rules except the internal ones :) I guess this might be an issue in the config, or a bug. Can you provide minimal test case ?

cheers,

buixor commented 6 years ago

Closing for now, just added a test-case for this and it seems to be working : https://github.com/nbs-system/naxsi/commit/7c8aa9cb296d5d0e7d822e3f9622cd39c1c86935