White List Bug

[Xavier de Poorter]

Hi,

I installed "The IPS Community Suite" from https://www.invisionpower.com/ and i'm making the white list for NAXSI.

I'm using doxi/contrib/nx_util/nx_util.py to do it : all work fine but i have a litle problem  for one HTTPS call :

An AJAX call done in POST make this error : it call upload an image

2016/02/09 00:49:45 [error] 3230#0: *52060 NAXSI_FMT: ip=95.176.72.236&server=www.domain.com&uri=/calendar/submit/&learning=0&vers=0.54&total_processed=5584&total_blocked=148&block=1&zone0=BODY&id0=2&var_name0=, client: 95.176.72.236, server: www.playthegaming.com, request: "POST /calendar/submit/?y=2016&m=02&d=17 HTTP/1.1", host: "www.domain.com", referrer: "https://www.domain.com/calendar/submit/?y=2016&m=02&d=17"

And it producing this white list line

BasicRule wl:2 "mz:$URL:/calendar/submit/|BODY";

When i plug this white list line in nginx conf, the call stay blocked by NAXSI

Do someone have an idea about this problem please ?

Here the details of the call : 

1. Request URL:
   https://www.domain.com/calendar/submit/?y=2016&m=02&d=17
2. Request Method:
   POST
3. Status Code:
   501 OK
4. Remote Address:
   149.202.43.169:443
1. Response Headers
1. content-length:
   576
2. content-type:
   text/html; charset=utf8
3. date:
   Tue, 09 Feb 2016 00:03:29 GMT
4. server:
   nginx
5. status:
   501
6. version:
   HTTP/1.1
2. Request Headers
1. :host:
   www.domain.com
2. :method:
   POST
3. :path:
   /calendar/submit/?y=2016&m=02&d=17
4. :scheme:
   https
5. :version:
   HTTP/1.1
6. accept:
   */*
7. accept-encoding:
   gzip, deflate
8. accept-language:
   fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
9. content-length:
   656725
10. content-type:
    multipart/form-data; boundary=----WebKitFormBoundary0xbAYCFHyoozMuJj
11. cookie:
    ips4_IPSSessionFront=48cb5c4237a4f696c2ba3ba55260a0e7; ips4_hasJS=true; ips4_member_id=1; ips4_pass_hash=92eff5d2e1a4e26bfbfd16f2fef95aa7; ips4_ipsTimezone=Europe/Paris; _ga=GA1.2.970888670.1446149119
12. origin:
    https://www.domain.com
13. referer:
    https://www.domain.com/calendar/submit/?y=2016&m=02&d=17
14. user-agent:
    Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
15. x-plupload:
    5e325c3051979e88aea5d024861cfe25
3. Query String Parametersview sourceview URL encoded
1. y:
   2016
2. m:
   02
3. d:
   17
4. Request Payload
1. ------WebKitFormBoundary0xbAYCFHyoozMuJj Content-Disposition: form-data; name="name" HappyBioVertGros.png ------WebKitFormBoundary0xbAYCFHyoozMuJj Content-Disposition: form-data; name="chunk" 0 ------WebKitFormBoundary0xbAYCFHyoozMuJj Content-Disposition: form-data; name="chunks" 1 ------WebKitFormBoundary0xbAYCFHyoozMuJj Content-Disposition: form-data; name="event_cover_photo"; filename="myImage.png" Content-Type: image/png ------WebKitFormBoundary0xbAYCFHyoozMuJj--

Regards,

Xavier