nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Adding Content-type: application/vnd.api+json to reduce events with Unknown Content Type #511

Closed marcinguy closed 4 years ago

marcinguy commented 4 years ago

Hi,

I run NAXSI.

I noticed many events about Unknown Content-Type (internal rule 11) - https://github.com/nbs-system/naxsi/wiki/internal-rules#uncommon_content_type

I whitelisted it, but events still appear.

How to get rid of those events not to appear?

Is this just a matter of adding it here:

https://github.com/nbs-system/naxsi/blob/dd9ff12bb8893d235ae4d33f919094a5fc094ef4/naxsi_src/naxsi_runtime.c#L2334

Our JSON there should be normal JSON, it just the content type is set to application/vnd.api+json and NAXSI does not like it.

Any advice how to achieve the solution to this?

Thanks,

wargio commented 4 years ago

hmm i would say that we might need to hardcode also that. my suggestion in your use-case is to make a patch

marcinguy commented 4 years ago

@wargio Made a patch/PR: https://github.com/nbs-system/naxsi/pull/513

marcinguy commented 4 years ago

@wargio Thanks. Works now as expected.