Closed tmanninger closed 11 months ago
i actually never tried this. so i really don't know how to help. i'll give a look deeply in the code, to see if this is actually a bug or a configuration issue. for now i'll still tag this as a bug.
I'm really sorry for not being able to help you with this.
ok, by looking to the code, looks like the main rules
MainRule "msg:weird request, unable to parse" id:1;
MainRule "msg:request too big, stored on disk and not parsed" id:2;
MainRule "msg:invalid hex encoding, null bytes" id:10;
MainRule "msg:unknown content-type" id:11;
MainRule "msg:invalid formatted url" id:12;
MainRule "msg:invalid POST format" id:13;
MainRule "msg:invalid POST boundary" id:14;
MainRule "msg:invalid JSON" id:15;
MainRule "msg:empty POST" id:16;
MainRule "msg:libinjection_sql" id:17;
MainRule "msg:libinjection_xss" id:18;
are implicit. in order to have a minimal config you need at least 1 line of config. so i can confirm this is a bug.
my suggestion is to try to have only this as config (yes as comments):
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;
the configuration with only the comments are also not working, the invalid json request is not blocked.
hmm thanks for testing this. This is definitely a bug on an edge use case.
thanks for feedback! What does mean the "@" after the comment?
Hi,
i will only enable the internal rules (ids 1-18) in the naxsi_core.rules
My configuration file:
But all internal rules are ignored, this http request is working without any naxsi error (invalid json request):
If i add some other role, like below, then the internal rules are working:
Now this request is blocked by naxsi (json validatin failed):
my configuration in the server section:
is this the expected behavior or a bug?
Regards, Thomas