search

ucinc / naxsi

Automatically exported from code.google.com/p/naxsi
Other
0 stars 0 forks source link

problem with URI case-sensiitive #86

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.Add a whitelist
BasicRule wl:0 "mz:$URL:/A.html"

2.Request
curl http://my-site/A.html?'''''''''

What is the expected output? What do you see instead?
Request in step 2 should be blocked by naxsi, but it didn't. Naxsi lowercase 
URL when creation hash table but when matching request URI, it use "A.html". 
URI is case-sensitive, is it more rational to not lowercase URL when creating 
hash table?

What version of the product are you using? On what operating system?
naxsi-0.50, centos 5.8

Original issue reported on code.google.com by bandnew...@gmail.com on 19 Aug 2013 at 10:02

GoogleCodeExporter commented 8 years ago 
Sorry ,I've wrote a wrong word. "Request in step 2 should be blocked by naxsi" 
should be "Request in step 2 should pass naxsi"

Original comment by bandnew...@gmail.com on 19 Aug 2013 at 10:06