Closed tjosm closed 5 years ago
What about something like BasicRule wl:1310 "mz:$URL:/indkobskurv/|$BODY_VAR_X:^cart\[[0-9a-f]\]\[qty\]|NAME";
?
Thanks for the quick reply @jvoisin. I tried adding above rule, but it doesn't appear to be working. I'm in the learning mode. The same error still gets recorded in the log.
@tjosm can you try
BasicRule wl:1310 "mz:$URL_X:^/indkobskurv/$|$BODY_VAR_X:^cart\[[0-9a-f]\]\[qty\]|NAME";
If you still have issues you can try to have something more generic such as
BasicRule wl:1310 "mz:$BODY_VAR_X:^cart\[[0-9a-f]\]\[qty\]|NAME";
I'm having trouble generating whitelist rules for an action on my site. I'm using nxutil to generate rules. But problem is there are some dynamic characters that I can't figure out how to whitelist.
This is the error,
2019/01/03 13:10:47 [error] 10637#10637: *5 NAXSI_FMT: ip=xx.xx.xx.xx&server=domain.com&uri=/indkobskurv/&learning=1&vers=0.56&total_processed=2&total_blocked=1&block=1&cscore0=$XSS&score0=16&zone0=BODY|NAME&id0=1310&var_name0=cart%5B6b39183e7053a0106e4376f4e9c5c74d%5D%5Bqty%5D&zone1=BODY|NAME&id1=1311&var_name1=cart%5B6b39183e7053a0106e4376f4e9c5c74d%5D%5Bqty%5D, client: 112.135.12.210, server: domain.com, request: "POST /indkobskurv/ HTTP/2.0", host: "domain.com", referrer: "https://domain.com/indkobskurv/"
And this is the whitelist rule generated by nxutil
BasicRule wl:1310 "mz:$URL:/indkobskurv/|$BODY_VAR:cart[6b39183e7053a0106e4376f4e9c5c74d][qty]|NAME";
The problem is 6b39183e7053a0106e4376f4e9c5c74d. This is changing time to time. Need help whitelisting this.
Thanks!