nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

already in whitelist, but still blocked #449

Closed mautanya closed 5 years ago

mautanya commented 5 years ago

Hello, Im already to whitelist this log, but still blocked

NAXSI_FMT: ip=10.90.10.123&server=staging.mywebsite.com&uri=/lol/index-promo&vers=0.56&total_processed=403&total_blocked=59&config=learning&cscore0=$SQL&score0=56&zone0=ARGS&id0=1015&var_name0=p, client: 10.90.10.123, server: localhost, request: "GET /lol/index-promo?id=5&type=carouselid=5&type=carousel&p=SKU00814894,SKU01613143&t=Rekomendasi%20untuk%20Anda HTTP/1.1", host: "staging.mywebsite.com", referrer: "https://staging.mywebsite.com/"

and my whitelist rules is :

BasicRule wl:1015 "mz:$ARGS_VAR:p|$URL_X:^/index-promo?";

any idea why this whitelist isn't working?

Thanks 👍

buixor commented 5 years ago

Hello !

In your example, your whitelist is restricted to URI that start with /index-prom But you request starts with /lol cf. uri=/lol/index-promo

mautanya commented 5 years ago

Hello @buixor , Thanks for replay, so the whitelist must be :

BasicRule wl:1015 "mz:$ARGS_VAR:p|$URL_X:/lol/index-promo?";

sorry im new in naxsi :)