nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

redirect naxsi log to a separate log file #561

Closed RekGRpth closed 3 years ago

RekGRpth commented 3 years ago
diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
index 0f61d95..53df1bd 100644
--- a/naxsi_src/naxsi.h
+++ b/naxsi_src/naxsi.h
@@ -326,7 +326,6 @@ typedef struct
   ngx_array_t* raw_body_rules;

   ngx_array_t* locations; /*ngx_http_naxsi_loc_conf_t*/
-  ngx_log_t*   log;

 } ngx_http_naxsi_main_conf_t;

@@ -388,6 +387,7 @@ typedef struct
      libinjection dynamic flags */
   ngx_uint_t flag_libinjection_xss_h;
   ngx_uint_t flag_libinjection_sql_h;
+  ngx_log_t* log;

 } ngx_http_naxsi_loc_conf_t;

@@ -471,6 +471,7 @@ typedef struct ngx_http_nx_json_s
 #define TOP_MAIN_BASIC_RULE_T  "MainRule"
 #define TOP_LIBINJECTION_SQL_T "LibInjectionSql"
 #define TOP_LIBINJECTION_XSS_T "LibInjectionXss"
+#define TOP_NAXSI_LOGFILE_T    "NaxsiLogFile"

 /* nginx-style names */
 #define TOP_DENIED_URL_N       "denied_url"
@@ -484,6 +485,7 @@ typedef struct ngx_http_nx_json_s
 #define TOP_MAIN_BASIC_RULE_N  "main_rule"
 #define TOP_LIBINJECTION_SQL_N "libinjection_sql"
 #define TOP_LIBINJECTION_XSS_N "libinjection_xss"
+#define TOP_NAXSI_LOGFILE_N    "naxsi_log"

 /*possible 'tokens' in rule */
 #define ID_T         "id:"
diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
index 28e0b29..6a5dea2 100644
--- a/naxsi_src/naxsi_runtime.c
+++ b/naxsi_src/naxsi_runtime.c
@@ -1262,7 +1262,7 @@ ngx_http_output_forbidden_page(ngx_http_request_ctx_t* ctx, ngx_http_request_t*
   if (!ctx->json_log) {
     for (i = 0; i < ostr->nelts; i++) {
       ngx_log_error(
-        NGX_LOG_ERR, r->connection->log, 0, "NAXSI_FMT: %s", ((ngx_str_t*)ostr->elts)[i].data);
+        NGX_LOG_ERR, cf->log ? cf->log : r->connection->log, 0, "NAXSI_FMT: %s", ((ngx_str_t*)ostr->elts)[i].data);
     }
   } else {
     const char* hex  = "0123456789abcdef";
diff --git a/naxsi_src/naxsi_skeleton.c b/naxsi_src/naxsi_skeleton.c
index 19486c9..90d4fbc 100644
--- a/naxsi_src/naxsi_skeleton.c
+++ b/naxsi_src/naxsi_skeleton.c
@@ -60,6 +60,11 @@ ngx_http_naxsi_create_main_conf(ngx_conf_t* cf);
 void
 ngx_http_naxsi_payload_handler(ngx_http_request_t* r);

+static char *ngx_http_naxsi_log_loc_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
+    ngx_http_naxsi_loc_conf_t *alcf = conf;
+    return ngx_log_set_log(cf, &alcf->log);
+}
+
 /* command handled by the module */
 static ngx_command_t ngx_http_naxsi_commands[] = {
   /* BasicRule (in main) */
@@ -225,6 +230,22 @@ static ngx_command_t ngx_http_naxsi_commands[] = {
     0,
     NULL },

+  /* NaxsiLogfile */
+  { ngx_string(TOP_NAXSI_LOGFILE_T),
+    NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_1MORE,
+    ngx_http_naxsi_log_loc_conf,
+    NGX_HTTP_LOC_CONF_OFFSET,
+    0,
+    NULL },
+
+  /* NaxsiLogfile - nginx style*/
+  { ngx_string(TOP_NAXSI_LOGFILE_N),
+    NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_1MORE,
+    ngx_http_naxsi_log_loc_conf,
+    NGX_HTTP_LOC_CONF_OFFSET,
+    0,
+    NULL },
+
   ngx_null_command
 };

@@ -363,6 +384,8 @@ ngx_http_naxsi_merge_loc_conf(ngx_conf_t* cf, void* parent, void* child)
     conf->flag_libinjection_xss_h = prev->flag_libinjection_xss_h;
   if (conf->flag_libinjection_sql_h == 0)
     conf->flag_libinjection_sql_h = prev->flag_libinjection_sql_h;
+  if (conf->log == NULL)
+    conf->log = prev->log;
   return NGX_CONF_OK;
 }

diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
index 445c487..e3d6f18 100644
--- a/naxsi_src/naxsi_utils.c
+++ b/naxsi_src/naxsi_utils.c
@@ -892,6 +892,7 @@ naxsi_log_offending(ngx_str_t*          name,
                     naxsi_match_zone_t  zone,
                     ngx_int_t           target_name)
 {
+  ngx_http_naxsi_loc_conf_t* cf;
   ngx_str_t tmp_uri, tmp_val, tmp_name;
   ngx_str_t empty = ngx_string("");

@@ -925,8 +926,9 @@ naxsi_log_offending(ngx_str_t*          name,
     ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_URI_COMPONENT);
   }

+  cf = ngx_http_get_module_loc_conf(req, ngx_http_naxsi_module);
   ngx_log_error(NGX_LOG_ERR,
-                req->connection->log,
+                cf->log ? cf->log : req->connection->log,
                 0,
                 "NAXSI_EXLOG: "
                 "ip=%V&server=%V&uri=%V&id=%d&zone=%s%s&var_name=%V&content=%V",
wargio commented 3 years ago

Can you please submit a PR?

RekGRpth commented 3 years ago

https://github.com/nbs-system/naxsi/pull/563