Incorrect line MainRule rx (regex)

[ajgomez23]

Hi, I’m encountering an error when I try to start Nginx. The error message indicates that there’s an incorrect line in naxsi_core.rules. Could this be a compatibility issue?

Here’s the error message I’m seeing:

nginx: [emerg] Naxsi-Config : Incorrect line MainRule rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile (/etc/naxsi/naxsi_src//naxsi_skeleton.c/973)... in /etc/nginx/naxsi_core.rules:23

I’m currently using Nginx version 1.22.1.

[wargio]

sounds like you are using an old version of naxsi which has whatever patch the distro maintainers implemented to make it compile with pcre.

Did you build it from sources?

[ajgomez23]

Thanks, yes i was using an old version of naxsi, i will try implement a new naxsi version

[wargio]

Thanks, yes i was using an old version of naxsi, i will try implement a new naxsi version

Either use the compiled binaries in the release or just use the release naxsi-x.y-src-with-deps.tar.gz. avoid using the github tarballs/zips because they will not contain all the submodules.

For the latest release, please see: https://github.com/wargio/naxsi/releases

[AhsanZahid2001]

I'm also facing a similar issue. I am using the mentioned release (naxsi-x.y-src-with-deps.tar.gz), and am running NAXSI version 1.6, and NGINX version 1.24.

I started facing this issue when I tried upgrading from NAXSI 1.4 to 1.6. I already tried using version 1.5 and it's the same error.

This is the error that I'm getting

nginx: [emerg] Naxsi-Config : Incorrect line BasicRule wl:1310,1311 (naxsi_skeleton.c:723)... in /etc/nginx-conf/global/naxsi-wp-whitelist.rules:155

[wargio]

Now it is working properly and you have a new error.

From the log, sounds like you have a bad rule in /etc/nginx-conf/global/naxsi-wp-whitelist.rules at line 155

Can you paste here that line?

[AhsanZahid2001]

    BasicRule wl:1310,1311 
     "mz:$URL_X:^/([\w-]+/)?|$BODY_VAR_X:^some_field_[\w\d-%\[\]]+|NAME";

    BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^some_field_[\w\d-%\[\]]+|NAME";

    BasicRule wl:1310,1311 
    "mz:$URL_X:^/some-path/some-other/[\w-\/]+|$ARGS_VAR_X:^(_)?fields[%5BD\[\d\]]+|NAME";

    BasicRule wl:1310,1311 
     "mz:$URL_X:^/some-path/some-further/[\w-\/]+|$ARGS_VAR_X:^status[%5BD\[\d\]]+|NAME";

    BasicRule wl:1310,1311 
    "mz:$URL_X:^/some-path/some-other-path/[\w-\/]+|$ARGS_VAR_X:^some_path[%5BD\[\d\]]+|NAME";

These are the rules which are erroring out.

[wargio]

I would strongly suggest to check those regexes on a website like https://regex101.com/ if i have to guess, maybe the % might be problematic, same for not escaping [ and ]