nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

DeniedUrl #474

Closed inetshell closed 5 years ago

inetshell commented 5 years ago

I need to send the blocked request to another server for logging.

According to this link (https://github.com/nbs-system/naxsi/wiki/directives), the follow headers are added: NAXSI_HEADER_ORIG_URL "x-orig_url" NAXSI_HEADER_ORIG_ARGS "x-orig_args" NAXSI_HEADER_NAXSI_SIG "x-naxsi_sig"

But I cannot see the headers.

This is my config:

server { listen 80; listen [::]:80; servername ; location /_LOG { proxy_pass http://192.168.1.1:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; proxy_pass_request_headers on; } location / { proxy_pass http://gateway; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0;

enable naxsi

SecRulesEnabled;
#LearningMode;
LibInjectionSql; #enable libinjection support for SQLI
LibInjectionXss; #enable libinjection support for XSS
#the location where naxsi will redirect the request when it is blocked
DeniedUrl "/_LOG/";
CheckRule "$SQL >= 8" BLOCK;#the action to take when the $SQL score is superior or equal to 8
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 5" BLOCK;
CheckRule "$UPLOAD >= 5" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

} }

Does anyone had configured something similar?

https://github.com/nbs-system/naxsi/issues/345

Regards!

buixor commented 5 years ago

@inetshell in your setup, you tried to capture the request arriving on your /RequestedDenied, and you didn't see the headers ? Can you show an example please ?