nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Feature request: Separate log file for NAXSI #551

Closed Korving-F closed 11 months ago

Korving-F commented 3 years ago

I can see there was some work done on this before in #100, but I can't find any documentation on it. Is this still possible to do?

wargio commented 3 years ago

You can check this: https://github.com/nzin/naxsi/blob/master/t/21log.t#L22

Korving-F commented 3 years ago

Thanks for the quick reply. I just tried it out (copy-pastad that line), but it errors out as follows:

Mar 23 10:09:52 server nginx[337839]: nginx: [emerg] unknown directive "naxsi_logfile" in /etc/nginx/...

Installed version:

root@server:/tmp# dpkg-deb -I /tmp/naxsi.deb
 new Debian package, version 2.0.
 size 383466 bytes: control archive=1412 bytes.
     347 bytes,    10 lines      control              
     952 bytes,    13 lines      md5sums              
     764 bytes,    29 lines   *  postinst             #!/bin/sh
     906 bytes,    32 lines   *  postrm               #!/bin/sh
     436 bytes,    14 lines   *  prerm                #!/bin/sh
 Package: libnginx-mod-http-naxsi
 Version: 1.3
 Priority: optional
 Maintainer: NBS System <security@nbs-system.com>
 Installed-Size: 1196
 Section: httpd
 Architecture: amd64
 Depends: nginx-common (>= 1.18.0), libc6 (>= 2.17), libpcre3 (>= 2:8.39)
 Homepage: https://github.com/nbs-system/naxsi
 Description: NAXSI, a web application firewall for Nginx.
wargio commented 3 years ago

can i see the configuration?

Korving-F commented 3 years ago

It's basically the following. It fails in the server block as well.

# NAXSI WAF
include /usr/share/naxsi/naxsi_core.rules;

server {
  # NAXSI WAF
  include /usr/share/naxsi/naxsi_denied_url.conf;
  set $naxsi_extensive_log 1;

....

  location /  {
    naxsi_logfile /var/log/naxsi.log;

    include /usr/share/naxsi/naxsi_learning_mode.conf;
    include /usr/share/naxsi/rules/wordpress.rules;
    root    /var/www/somedir;
  }
}
wargio commented 3 years ago

what if you place the log into the tmp?

Korving-F commented 3 years ago

Just tried, same error: "unknown directive"

wargio commented 3 years ago

oh wait. we never merged that.

wargio commented 3 years ago

from what i see, it was merged and then removed later.

Korving-F commented 3 years ago

Check ^_^ was there a good reason for the revert and can/should this issue be closed? It's still a nice feature I'd say..

wargio commented 3 years ago

Unfortunately i do not know, since this was way before me joining the company, but according to the commit (https://github.com/nbs-system/naxsi/commit/21d2507b434de17348b4d1fa407d69ff2d73c3cb) looks like it was causing many crashes.

Korving-F commented 3 years ago

Thanks for the quick replies ^_^ I'll just continue as is for now and watch out for new releases.

RekGRpth commented 3 years ago

https://github.com/nbs-system/naxsi/issues/561