Closed vncloudsco closed 3 years ago
I use the following default rules
https://github.com/nbs-system/naxsi/blob/0395b102b7e9b5165e89e99bb62e9ddaa0a74910/naxsi_config/naxsi_core.rules#L34
Obviously the score here is 2
my block config score
#Enable naxsi SecRulesEnabled; #Enable learning mode # LearningMode; #Define where blocked requests go DeniedUrl "/50x.html"; #CheckRules, determining when naxsi needs to take action CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; LibInjectionXss; CheckRule "$LIBINJECTION_XSS >= 8" BLOCK; LibInjectionSql; CheckRule "$LIBINJECTION_SQL >= 8" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$ATTACK >= 8" BLOCK; CheckRule "$UWA >= 8" BLOCK;
but we were blocked by a firewall.
2021/04/13 10:43:31 [error] 8058#8058: *306007 NAXSI_FMT: ip=x.x.x.x&server=x.x.x.x&uri=/Oauth/reveice&vers=1.3&total_processed=90&total_blocked=1&config=block&cscore0=$SQL&score0=10&zone0=ARGS&id0=1009&var_name0=redirect, client: x.x.x.x, server: x.x.x.x, request: "GET /Oauth/reveice?redirect=http%3A%2F%2Fx.x.x.x%2Fteaser%3Ffbclid%3DIwAR0SSW5Y-DLW6JUBx7yMeq8T_jhQUMGMm8mEm6y6NG2RQCXIr_oL8azlbkA%26zarsrc%3D1303%26utm_source%3Dzalo%26utm_medium%3Dzalo%26utm_campaign%3Dzalo&code=xxxxxxxxxxxxxxxxx HTTP/2.0", host: "x.x.x.x"
Why is the score in the log 10?
because it was hit 5 times in that request. 2 * 5 = 10 The redirect value contains a string with 5 = inside.
redirect
=
I use the following default rules
https://github.com/nbs-system/naxsi/blob/0395b102b7e9b5165e89e99bb62e9ddaa0a74910/naxsi_config/naxsi_core.rules#L34
Obviously the score here is 2
my block config score
but we were blocked by a firewall.
Why is the score in the log 10?