nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Naxsi Block Google Bot, how to know which filter used? #466

Closed Chathu07 closed 5 years ago

Chathu07 commented 5 years ago

Hi all,

After apply naxsi rules, it blocked most of the Google bot IP's (only on one site). I want to know how do I find which rule blocked that Google bot? I can see that these URL's are belong to feedburner. Are there any way to get more information about this ban to correct it?

Here's some of the error log.

2019/04/16 23:06:22 [error] 16807#16807: *48 NAXSI_EXLOG: ip=66.249.69.202&server=www.mydomain.com&uri=%2F2013%2F06%2Fhow-to-theme-samsung-galaxy-s3-gt-i9300-like-holo-nexus-aosp.html&id=1010&zone=ARGS&var_name=utm_campaign&content=Feed%3A%2Bmydomain%2B%28mysite%2Bname%29, client: 66.249.69.202, server: mydomain.com, request: "GET /2013/06/theme-samsung-like-holo.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+mydomainname+(mysite+name) HTTP/1.1", host: "www.mydomain.com"

2019/04/16 23:06:37 [error] 16807#16807: *52 NAXSI_FMT: ip=66.249.69.200&server=www.domain.com&uri=/2013/06/theme-samsung-like-holo-nexus-aosp.html/amp&vers=0.56&total_processed=16&total_blocked=2&config=learning&cscore0=$SQL&score0=8&cscore1=$XSS&score1=16&zone0=ARGS&id0=1010&var_name0=utm_campaign&zone1=ARGS&id1=1011&var_name1=utm_campaign, client: 66.249.69.200, server: domain.com, request: "GET /2013/06/theme-samsung-like-holo-nexus-aosp.html/amp?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:%20sitename%20(site%20name) HTTP/1.1", host: "www.domain.com" "