Closed fushisanlang closed 11 months ago
What is the value of CheckRule
?
#LearningMode; #Enables learning mode
SecRulesEnabled;
DeniedUrl "/RequestDenied";
include "/usr/local/nginx/conf/wl.conf";
#include "/tmp/naxsi_rules.tmp";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
CheckRule "$EVADE >= 8" BLOCK;
CheckRule "$UPLOAD >= 8" BLOCK;
Try to use MainRule "str:.php" "mz:ARGS|BODY|URL" "s:$XSS:8" id:10009;
still not work
i need add a rule ,to denied a php request。it like:
MainRule "rx:.php" "mz:ARGS|BODY|URL" "s:$XSS:8" id:10009;
when i request ‘XXX.com/?1.php’,i can get a 403. but when i request 'XXX.com/1.php', I am not denied access。
i want to know is that a bug or a configuration error。
thank you