nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

Redirect URL based on certain checkrule #591

Closed Taymindis closed 11 months ago

Taymindis commented 2 years ago

Hi,

I am just wondering any other way to redirect URL OR multiple Denied URL based on certain rule? Instead of one deniedURL for all

wargio commented 2 years ago

why would you need such feature? can you explain your scenario where this could be useful?

Taymindis commented 2 years ago

We have a scenario which handle some special case of security and proxy to another data analysis service. I wish naxsi can have a feature to handle individual deniedUrl

wargio commented 2 years ago

Hmm sounds like a good feature. i'm adding this to the list of TODOs.

wargio commented 2 years ago

This could be implemented using some tags:

DeniedURL "/path/to/403.html";
DeniedURL "/different/path" MYTAG1;

CheckRule "$FOO > 8" DROP; # redirects using default route;
CheckRule "$MALICIOUS > 8" DROP MYTAG1; # redirects using MYTAG1 route;
Taymindis commented 2 years ago

You actually can just return status, we will handle error by ourself

wargio commented 2 years ago

i see, but that is not how it works internally.

Taymindis commented 2 years ago

i see, but that is not how it works internally.

Ya I can see that, it’s quite different with modsecurity.