Issue: Regex in Whitelist Rules Not Working as Expected

[bnchdan]

Description I noticed that the regex whitelist examples provided in the documentation no longer seem to work as expected.

Context My goal is to whitelist URLs starting with /foo (e.g., /foo, /foo/a, /foo/b) for GET variables. Here's the configuration I am using: In naxsi_core.rules:

MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;

In whitelist/generic.rules:

BasicRule wl:1007 "mz:$URL_X:^/foo|ARGS";

In nginx.conf:

CheckRule "$SQL >= 8" BLOCK;

Problem The following requests result in unexpected behavior:

Request: http://example.com/foo?a=---
Outcome: Blocked (unexpected)
Expected: Should not be blocked.

Request: http://example.com/foo/a?a=---
Outcome: Blocked (unexpected)
Expected: Should not be blocked.

Request: http://example.com/foo/b?a=---
Outcome: Blocked (unexpected)
Expected: Should not be blocked.

 2024/11/27 14:34:54 [error] 53163#53163: NAXSI_FMT: ip=192.168.0.1&server=example.com&uri=%2Ffoo&config=block&
  rid=5ad5511fc9f1156d61fe91cf69faae05&cscore0=$SQL&score0=8&zone0=ARGS&id0=1007&var_name0=a

If I add

BasicRule wl:1007 "mz:$URL:/foo|ARGS";
BasicRule wl:1007 "mz:$URL_X:^/foo|ARGS";

in whitelist

Request: http://example.com/foo?a=---
Outcome: Notblocked (expected)

Request: http://example.com/foo/a?a=---
Outcome: Blocked  (unexpected)
Expected: Should not be blocked.

Request: http://example.com/foo/b?a=---
Outcome: Blocked  (unexpected)
Expected: Should not be blocked.

Are regex patterns supported in the BasicRule whitelist?

[wargio]

Care to share all the logs and config? Without them is impossible to judge the bug report.

[wargio]

Also I strongly recommend to use the json output

[viiftw]

When testing with libpcre3 libpcre3-dev on WSL2, I got the expected results with your configuration

[bnchdan]

Thanks for the answers. I recompile the Naxsi module and it works.