NAXSI_FMT logs does not indicate which rules matched
270 views
Skip to first unread message
r0m5...@gmail.com
Mar 3, 2014, 11:30:36 AM3/3/14
to naxsi-...@googlegroups.com
Hi,
I succeeded in using naxsi before but at this time I am stuck.
On my last two installations (Debian Wheezy, nginx-naxsi package from wheezy backports), I can't see the rules that matched in the logs. The part "&zone0=XXX&id0=YYY&var_name0=ZZZ&" never appears.
For example, the command "wget http://192.168.39.183/?a=%3C" (example command in naxsi wiki) logs :
2014/03/03 15:59:51 [error] 10704#0: *6 NAXSI_FMT: ip=192.168.39.183&server=192.168.39.183&uri=/&learning=1&total_processed=4&total_blocked=, client: 192.168.39.183, server: , request: "GET /?a=%3C HTTP/1.1", host: "192.168.39.183"
Another example :
2014/03/03 15:57:36 [error] 10704#0: *1 NAXSI_FMT: ip=192.168.128.120&server=xxx.fr&uri=/folder/lister&learning=1&total_processed=1&total_blocked=, client: 192.168.128.120, server: , request: "GET /folder/lister HTTP/1.1", host: "xxx.fr", referrer: "http://xxx.fr/search"
Moreover, no NAXSI_EXLOG line is logged even if "set $naxsi_extensive_log 1;" is used.
So naxsi is "working", but I can't generate any whitelist because I can't get the rules IDs that matched.
Does anyone have any idea what I am doing wrong ?
Regards,
I succeeded in using naxsi before but at this time I am stuck.
On my last two installations (Debian Wheezy, nginx-naxsi package from wheezy backports), I can't see the rules that matched in the logs. The part "&zone0=XXX&id0=YYY&var_name0=ZZZ&" never appears.
For example, the command "wget http://192.168.39.183/?a=%3C" (example command in naxsi wiki) logs :
2014/03/03 15:59:51 [error] 10704#0: *6 NAXSI_FMT: ip=192.168.39.183&server=192.168.39.183&uri=/&learning=1&total_processed=4&total_blocked=, client: 192.168.39.183, server: , request: "GET /?a=%3C HTTP/1.1", host: "192.168.39.183"
Another example :
2014/03/03 15:57:36 [error] 10704#0: *1 NAXSI_FMT: ip=192.168.128.120&server=xxx.fr&uri=/folder/lister&learning=1&total_processed=1&total_blocked=, client: 192.168.128.120, server: , request: "GET /folder/lister HTTP/1.1", host: "xxx.fr", referrer: "http://xxx.fr/search"
Moreover, no NAXSI_EXLOG line is logged even if "set $naxsi_extensive_log 1;" is used.
So naxsi is "working", but I can't generate any whitelist because I can't get the rules IDs that matched.
Does anyone have any idea what I am doing wrong ?
Regards,
bui
Mar 5, 2014, 3:26:07 AM3/5/14
to naxsi-discuss
Hi,
My guess would be that you forgot to include naxsi_core.rules at your top level configuration.
can you check that ?
cheers,
--
You received this message because you are subscribed to the Google Groups "naxsi-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to naxsi-discus...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
r0m5...@gmail.com
Mar 5, 2014, 8:21:32 AM3/5/14
to naxsi-...@googlegroups.com
Hi,
Excatly I forgot to uncomment "include /etc/nginx/naxsi_core.rules;" in nginx.conf.
Sorry for this "LMGIFY" post I was in a hurry, lot of things to do at work.
Tnakk you :-)
Excatly I forgot to uncomment "include /etc/nginx/naxsi_core.rules;" in nginx.conf.
Sorry for this "LMGIFY" post I was in a hurry, lot of things to do at work.
Tnakk you :-)
bui
Mar 5, 2014, 10:12:21 AM3/5/14
to naxsi-discuss
You're welcome, that's what support is for ;)
Feel free to have a look / complete FAQ if you fall in another pitfall !
cheers,
Reply all
Reply to author
Forward
0 new messages