Closed vapao closed 6 years ago
The NAXSI_FMT
reports an id0=13
which means that the POST format is invalid.
Haven't you tried to build a POST request with the GET format ?
My strange place is why block this request in leaning mode. this request is successful when i set SecRulesDisabled
. now, i only can join this url to white list ?
You are always able to use a properly formatted POST request. Whitelisting the id=13, is a bad idea.
Hello @Yooke ! By default, learning-mode doesn't whitelist the internal rues (ids < 1000), you have to whitelist those explictely, as they usually mean that naxsi isn't able to parse the request and thus won't filter anything on the whitelisted scope :)
See : https://github.com/nbs-system/naxsi/wiki/internal-rules
cheers !
Thanks @buixor @sabban ! I understand. I'm sorry, asking such a simple question, i will read wiki again.
This is my nginx configuration:
nginx access.log:
naxsi error log:
the naxsi error log has many logs, but only this request
POST /api/v2_5_6.php?r=passport/account
blocked and return 418, way ? please help