nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

[emerg] unknown directive "MainRule" #612

Closed rickygm closed 2 years ago

rickygm commented 2 years ago

Hi , I am testing with your wargio/naxsi fork and I get an error when I test nginx

The first one: when I compile with nginx/1.22.0 version and do a test I get a message:

nginx: [emerg] unknown directive "MainRule" in /etc/nginx/naxsi_core.rules:21

any ideas?

wargio commented 2 years ago

are you sure that you have loaded naxsi?

rickygm commented 2 years ago

yes , its loaded

nginx -V 2>&1 | tr ' ' '\n' | grep naxsi --add-dynamic-module=/rpm/naxsi/naxsi_src

http_addition_module http_flv_module http_gzip_static_module http_gunzip_module http_stub_status_module http_realip_module module=/rpm/naxsi/naxsi_src module=/rpm/incubator http_slice_module http_v2_module mail_pop3_module mail_smtp_module http_geoip_module module=/rpm/ngx_brotli http_auth_request_module http_mp4_module http_stub_status_module http_ssl_module module=/rpm/ngx_cache_purge http_xslt_module module=/rpm/nginx_cookie_flag_module module=/rpm/headers module module=/rpm/ngx_http_substitutions_filter_module module=/rpm/ModSecurity module=/rpm/nginx module module=/rpm/ngx_devel_kit module=/rpm/lua module

wargio commented 2 years ago

where do you load it?

rickygm commented 2 years ago

sorry , I didn't put part of the nginx.conf config

user              nginx;
worker_processes  auto; 
worker_cpu_affinity auto;

error_log  /var/log/nginx/error.log;

pid        /var/run/nginx.pid;
load_module "modules/ngx_http_headers_more_filter_module.so";
load_module "modules/ngx_http_naxsi_module.so";
events {
    use epoll;
    worker_connections  2048;
    multi_accept on;
}
http {
    geo $naxsi_witl {
    #ranges;
    default 0;
    127.0.0.1 1;
}
    server_names_hash_bucket_size 64;
    include       /etc/nginx/mime.types;
    include       /etc/nginx/naxsi_core.rules;
wargio commented 2 years ago

include /etc/nginx/naxsi_core.rules; must be in the http context.

rickygm commented 2 years ago

Hi wargio, there it is, if you look at the http { block, I just close geo $naxsi_witl {} , but it is still inside the http block

wargio commented 2 years ago

to me kinda looks like the module did not load

rickygm commented 2 years ago

I did a couple of successful tests using nginx version 1.20.2

1- compile the nbs-system/naxsi version and no problem.

2- compile your fork and no problem.

nginx version: nginx/1.20.2 built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC) built with OpenSSL 1.1.1q 5 Jul 2022 TLS SNI support enabled configure arguments: --user=nginx --group=nginx --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_addition_module --with-http_flv_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_stub_status_module --with-pcre --with-file-aio --with-threads --with-http_realip_module --add-dynamic-module=/rpm/naxsi/naxsi_src --add-module=/rpm/incubator-pagespeed-ngx-1.13.35.2-stable --with-http_slice_module --with-http_v2_module --without-mail_pop3_module --without-mail_smtp_module --with-debug --with-http_geoip_module --add-module=/rpm/ngx_brotli --with-compat --with-http_auth_request_module --with-http_mp4_module --with-openssl=/rpm/openssl-1.1.1q --with-http_stub_status_module --with-http_ssl_module --add-module=/rpm/ngx_cache_purge --with-http_xslt_module --add-module=/rpm/nginx_cookie_flag_module --add-dynamic-module=/rpm/headers-more-nginx-module --add-dynamic-module=/rpm/ngx_http_substitutions_filter_module --add-dynamic-module=/rpm/ModSecurity-nginx --add-module=/rpm/nginx-rtmp-module --add-dynamic-module=/rpm/ngx_devel_kit-0.3.1 --add-dynamic-module=/rpm/lua-nginx-module-0.10.20

nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

wargio commented 2 years ago

on my server i'm using nginx/1.22.0 and everything works. so you must be doing something wrong. If you are unsure what you are doing wrong, you can grab the built files for some distros here: https://github.com/wargio/naxsi/actions/runs/2852480227 do not use this repo for naxsi, because you won't block requests (all the regex rules are broken on this repo)

rickygm commented 2 years ago

it is strange , in these last versions of nginx 1.22 and 1.23.1 , I have the same message with naxsi , I am using almalinux 8.x

wargio commented 2 years ago

i guess the package format is RPM ?

rickygm commented 2 years ago

no , I'm compiling nginx from source

wargio commented 2 years ago

i will try tonight to build it on the same distro, can you provide me the command line that you have used so i can repro this? also a configuration for nginx

rickygm commented 2 years ago

thank wargio for you support , I did the test again with version 1.22.0, compiled from the source and did not present the previous errors, I do not know what could be happening, I did what you have in the readme Build naxsi

nginx version: nginx/1.22.0 built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC) built with OpenSSL 1.1.1q 5 Jul 2022 TLS SNI support enabled nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

wargio commented 2 years ago

maybe you had a module version mismatch ps: my name is not margo.

rickygm commented 2 years ago

fixed your name :) , I forgot to mention that I only added these modules to the compilation, previously I did not do it. --with-pcre --with-pcre-jit