Hello,
I have the following naxsi_core.rules:
MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
Given a request such as:
I'm seeing it blocked as expected:
NAXSI_EXLOG: uri=/user&id=1310&zone=BODY&var_name=object[property]&content=see%20[1]
NAXSI_EXLOG: uri=/user&id=1310&zone=BODY|NAME&var_name=see%20[1]&content=object[property]
NAXSI_FMT: uri=/user&learning=0&vers=0.54&total_processed=1&total_blocked=1&block=1&cscore0=$XSS&score0=8&zone0=BODY&id0=1310&var_name0=object[property]&zone1=BODY|NAME&id1=1310&var_name1=object[property]
I'd like to whitelist with this:
# Allow form field names/values with `[]`
BasicRule wl:1310,1311 "mz:BODY";
The request is blocked still:
NAXSI_EXLOG: uri=/user&id=1310&zone=BODY|NAME&var_name=see%20[1]&content=object[property]
NAXSI_EXLOG: uri=/user&id=1311&zone=BODY|NAME&var_name=see%20[1]&content=object[property]
NAXSI_FMT: uri=/user&learning=0&vers=0.54&total_processed=1&total_blocked=1&block=1&cscore0=$XSS&score0=8&zone0=BODY|NAME&id0=1310&var_name0=object[property]&zone1=BODY|NAME&id1=1311&var_name1=object[property]
When I add another rule so that I have:
# Allow form field names/values with `[]`
BasicRule wl:1310,1311 "mz:BODY";
BasicRule wl:1310,1311 "mz:BODY|NAME";
Then there is no more blocking.
Thank you,
Adam