nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Can i set all blocks and then only allow whitelist requests ? #504

Closed sule01u closed 11 months ago

sule01u commented 4 years ago

Can I set the request to pass only if the parameter is foo ?

nginx.conf
include naxsi_whitelists.rules;
CheckRule "$UWA >= 4" DROP;

naxsi_core.rules
MainRule "rx:." "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$UWA:4" id:10018;

naxsi_whitelists.rules
BasicRule wl:10018 "mz:$ARGS_VAR_X:foo";

wargio commented 4 years ago

Yes and no, yes you can do this, but not in the way you have defined this in the body of the issue.

You need to define the block list which says to block all the requests that does not contain the parameter foo.

Probably a negative regex should work, but i wouldn't suggest to use naxsi for sanitizing... this should be done on your code.

sule01u commented 4 years ago

Hopefully, one day we'll see a real whitelisting mode generated

wargio commented 4 years ago

well, the whitelist concept on naxsi is to allow false positives on blocked requests.