URL_X behaviour
54 views
Skip to first unread message
Bastien Durel
Sep 11, 2015, 7:10:22 AM9/11/15
to naxsi-discuss
Hello,
I have a problem with URL_X. There is a magento site behind naxsi, got
some rule matches in back office (which uses many dynamic urls)
nx-utils suggests these rules:
########### Optimized Rules Suggestion ##################
# total_count:1 (50.0%), peer_count:1 (100.0%) | sql keywords
BasicRule wl:1000
"mz:$URL:/index.php/admin263844b54dafc04e/catalog_product/validate/id/1929/back/edit/tab/product_info_tabs_super/key/f2d03f4f2f9a5820245dc9e61aa9956e/|$BODY_VAR:qty[from]|NAME";
# total_count:1 (50.0%), peer_count:1 (100.0%) | double encoding !
BasicRule wl:1315
"mz:$URL:/index.php/admin263844b54dafc04e/catalog_product/validate/id/1929/back/edit/tab/product_info_tabs_super/key/f2d03f4f2f9a5820245dc9e61aa9956e/|$BODY_VAR:links[grouped]";
I generalized them into
BasicRule wl:1000
"mz:$URL_X:^/index.php/admin[0-9a-f]+/catalog_product/validate/.*|$BODY_VAR:qty[from]|NAME";
BasicRule wl:1315
"mz:$URL_X:^/index.php/admin[0-9a-f]+/catalog_product/validate/.*|$BODY_VAR:links[grouped]";
but the rules keeps matching until I changed from BODY_VAR to
BODY_VAR_X. Is that the intended behaviour ?
thanks,
--
Bastien.
I have a problem with URL_X. There is a magento site behind naxsi, got
some rule matches in back office (which uses many dynamic urls)
nx-utils suggests these rules:
########### Optimized Rules Suggestion ##################
# total_count:1 (50.0%), peer_count:1 (100.0%) | sql keywords
BasicRule wl:1000
"mz:$URL:/index.php/admin263844b54dafc04e/catalog_product/validate/id/1929/back/edit/tab/product_info_tabs_super/key/f2d03f4f2f9a5820245dc9e61aa9956e/|$BODY_VAR:qty[from]|NAME";
# total_count:1 (50.0%), peer_count:1 (100.0%) | double encoding !
BasicRule wl:1315
"mz:$URL:/index.php/admin263844b54dafc04e/catalog_product/validate/id/1929/back/edit/tab/product_info_tabs_super/key/f2d03f4f2f9a5820245dc9e61aa9956e/|$BODY_VAR:links[grouped]";
I generalized them into
BasicRule wl:1000
"mz:$URL_X:^/index.php/admin[0-9a-f]+/catalog_product/validate/.*|$BODY_VAR:qty[from]|NAME";
BasicRule wl:1315
"mz:$URL_X:^/index.php/admin[0-9a-f]+/catalog_product/validate/.*|$BODY_VAR:links[grouped]";
but the rules keeps matching until I changed from BODY_VAR to
BODY_VAR_X. Is that the intended behaviour ?
thanks,
--
Bastien.
bui
Sep 14, 2015, 4:03:24 AM9/14/15
to naxsi-discuss
Hi,
You should not mix $URL_X and $BODY_VAR :)
To make it short, $*_X are stored into linked lists because they are regular expressions, while the $URL, $*_VAR etc are hashtables for fast match.
So, if you use one $*_X component in rule, all of the components of the whitelist should be $*_X as well.
--
Bastien.
--
You received this message because you are subscribed to the Google Groups "naxsi-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to naxsi-discus...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bastien Durel
Sep 26, 2015, 2:06:05 AM9/26/15
to naxsi-discuss
Thanks!
Reply all
Reply to author
Forward
0 new messages