Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

Global Whitelist and JSON output of events/blocks #488

Merged
merged 23 commits into from
Aug 15, 2020
Merged

Global Whitelist and JSON output of events/blocks #488

merged 23 commits into from
Aug 15, 2020

Conversation

marcinguy
Copy link
Contributor

@marcinguy marcinguy commented Jan 3, 2020
edited
Loading

Added global whitelist in /etc/nginx/whitelist.txt (one IP per line), meaning these IPs will never be blocked and JSON output of logged events/blocks

Can you check my code edits (beginner to NGINX and NGINX modules).

If this or similar feature could be merged or added to NAXSI, it would be great.

@marcinguy marcinguy mentioned this pull request Jan 3, 2020
Closed
wargio
wargio reviewed Jan 8, 2020
View reviewed changes
naxsi_src/naxsi.h Outdated Show resolved Hide resolved
wargio
wargio reviewed Jan 8, 2020
View reviewed changes
naxsi_src/naxsi.h Outdated Show resolved Hide resolved
@mhf-ir
Copy link

mhf-ir commented Jul 9, 2020

Any update on this feature ?

@marcinguy
Copy link
Contributor Author

@mhf-ir You can achieve most of it by configuration changes, other than JSON log output. Having JSON log output would be great, especially to easily parse events in i.e DataDog.

See linked issue discussions and my opened issues.

To maintainers:

Can JSON output be added?

@wargio
Copy link
Contributor

wargio commented Jul 13, 2020

i would love to merge this, but seems that you broke some tests.

@marcinguy
Copy link
Contributor Author

marcinguy commented Jul 20, 2020
edited
Loading

@wargio @mhf-ir Actually tests are broken since they expect not JSON there:

T13 and T28 can be ignored or need to be adjusted.

t/13test.t                     (Wstat: 0 Tests: 5 Failed: 4)
  Failed tests:  1-3, 5
  Parse errors: Bad plan.  You planned 4 tests but ran 5.
t/23verylong.t                 (Wstat: 1024 Tests: 9 Failed: 4)
  Failed tests:  3-4, 6, 8
  Non-zero exit status: 4
t/28log.t                      (Wstat: 512 Tests: 21 Failed: 2)
  Failed tests:  5, 18
  Non-zero exit status: 2

No idea why T23 does not pass. Will look some more when I have time

t/23verylong.t ................... 1/9 
#   Failed test 'TEST 1.6: test very long post (url-encoded) - in var_name - status code ok'
#   at /usr/local/share/perl/5.22.1/Test/Nginx/Socket.pm line 922.
#          got: ''
#     expected: '412'
#   Failed test 'TEST 1: very long url (exception in url) - status code ok'
#   at /usr/local/share/perl/5.22.1/Test/Nginx/Socket.pm line 922.
#          got: ''
#     expected: '412'
#   Failed test 'TEST 1.1: very long get varname (exception in content) - status code ok'
#   at /usr/local/share/perl/5.22.1/Test/Nginx/Socket.pm line 922.
#          got: ''
#     expected: '412'
t/23verylong.t ................... 7/9 
#   Failed test 'TEST 1.2: very long get varname (exception in varname) - status code ok'
#   at /usr/local/share/perl/5.22.1/Test/Nginx/Socket.pm line 922.
#          got: ''
#     expected: '412'
# Looks like you failed 4 tests of 9.

These fail as I understood:

=== TEST 1.6: test very long post (url-encoded) - in var_name
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
         #LearningMode;
         SecRulesEnabled;
         DeniedUrl "/RequestDenied";
         CheckRule "$SQL >= 8" BLOCK;
         CheckRule "$RFI >= 8" BLOCK;
         CheckRule "$TRAVERSAL >= 4" BLOCK;
         CheckRule "$XSS >= 8" BLOCK;
         root $TEST_NGINX_SERVROOT/html/;
         index index.html index.htm;
         error_page 405 = $uri;
}
location /RequestDenied {
         return 412;
}
--- more_headers
Content-Type: application/x-www-form-urlencoded
--- request eval
use URI::Escape;
"POST /
foAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<>AAAAAAAAAAAAAAAAAAo1=bar1&foo2=bar2"
--- error_code: 412


=== TEST 1: very long url (exception in url)
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
	 SecRulesEnabled;
	 DeniedUrl "/RequestDenied";
	 CheckRule "$SQL >= 8" BLOCK;
	 CheckRule "$RFI >= 8" BLOCK;
	 CheckRule "$TRAVERSAL >= 4" BLOCK;
	 CheckRule "$XSS >= 8" BLOCK;
  	 root $TEST_NGINX_SERVROOT/html/;
         index index.html index.htm;
}
location /RequestDenied {
	 return 412;
	# return 412;
}
--- request
GET /RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/GHMjmX551MaZ703Zgik2hfRuJABMShON/Z5wR2X5bFir5PycE5FFVoFHmfx8QNL4V/943CsQz2dYBV33Z9jiZYnZ5EejAlkEO4/uYTS41BdplwAOUDB0xn9ClFmDZsr7tRZ/wTLei0OHtlrZR8bxfK2LDwIF8OMH3WZE/w3kvyBve0dpjW3x9xoqg748ZjebaQdy8/Bx85uPeiwDtoQrj3oFP2dRnj73iyiLt3/iY1oSOihQC4ulhrGd2YprEp08T3FH0kQ/hh6z5gOUuqli4hh5HIaeP6GVGiiONZLj/CofGwbvn3Ykmi7mbFL6k4pMMgQaFSMvB/mz3nZHp8DhDQTl387vv7P1wcdBKvujfe/EJYiTbfJd9WVYcmdnqKLXiFpF6Kr0biw/G9nSg0ZN4yftaumTdGXntboyZT2iJvqe/2etvNYUSpPTJdWGQGkCFDw9Yn6P8bG0t/1hvs9ktzfaAgWil0I0wolt24rft67Whs/fpOeIopoVz2YA10ricpFi7c1n1uhKPOM/XscwrENSml68eZWoLDCNNPMxtSZa07er/fEnANOa73wuHAXRmh9waM2n8nbaWB8lr/lIyImkx0q8K1tMepBI6OTjNAzTfPPveX/sReJanUiHGNmrA5DD8OcCMhQWakdTVd6/ctGF1f1f8i8zxZ4ayGPHdER9xdQmGYIj/ZpYUJz0hneOW0uCpmcnDdiBb2chRzd2j/IRK4BKje7lMTIk54cTShUng3M2J9j4ae/jfC9Z3wxSqrOm41ntbPh4FKs4DCGl4X3/fwfYfvDWvJBos5JmKbelHDwycUIA0iPj/VbArpVN5jTpqyNsGJT5rMRnEdvfHCdO9/TjZfWMSN47NIxbnFCqDOIDkFLwxrxJ6n/mkacRmKU9bUetg5ZZWplW40jmbst9W91/9UdszxKPDe1kIvwP9MJXVB5TFO4PoM45/cKaB0uHe5XYs4VRvi0SC3Ezt1XjBDrsT/xsjasaATxxGtf7aPdvweU4Fhfkcj8RqQ/KVSArfJaLokxKvZJa6DnRv86FZBfjyPp/zRAuwgCqKxMBFQccsN6kz2gQQbn6M2OR/UCBdRksWkIbbI6xu6g3cEC6I4RS0blhC/IYsGGwHs2xDaso9nUZa6itgzVYB2jqGG/awACcJnUKyrr30iIe00nDCCsbWisNS9j/KtJ28OnSy1AgZGWm1zGJfHZ1L25lMryz/WccLtXBQSw9lgnZYlI4HL0Fcvo0xg0VV/4bAURVacvcMWsWH0OeBITjNr4pZHy1ev/DUYNBjRFOrlZ0729b8tnnFPOcWfs6oPo/5MGXyTTMKmsfBJREKJ57L0kzsJLNqBJZ/BggReuhQlZvIOZ3V4oyzja8ffYTea1YM/evjFx6vVxbTHkAkiXyxF9961azP5kRaE/qUsuvNZOuASzvjeufYK0ED1yDpoM18yr/d9M5aMssXJ5NIqeOcr1zNlnnOJCHozvR/iff1NofjukyuQHE1nzkFy4fKyWpcWwTJ/K6OXsgUeiPMoJH4ahKc32TAJVaCOMF2b/Qx9OMg3mGLgGWFMJwX7NCIAvAjknHCMC/MrZfhxQk4Y05wOc8WU43r4DNuANXEU6W/41wneSCeolVguxfuaRv0qR2IRcKyxnqJ/5kx4glclwR9pKqcY1XNmgyoFC3aAYQ64/dRIOuzBuAATyTsZunC7dRhSqOYB6MX3v/1L9m8gHnKYmSvlN9tTVc9N1eok33lh72/Nfl5SSttMNwsmJ9Va0cpzkhNh3MTlYxU/v84mzMslmeieOct17yUTBXDOyI7ztdaY/C038inDtbZY6cEtM2A09NC89fRNMa1nZ/1oWGjLTcCqx0tEH8ZV6GnL8eXEKbQeUq/PrnlePb9Je7jL1QCwMdgm3L8qFrn6q1e/iqUJJk67hgZhJWmIRyCok9BUqEeaXka4/7y1FF0WGB41c6QPDfBfCoBzPo7GZTXcL/hLgm8mS6NM2ZQGQoHftOno2KRXxz6Cax/37RYU50Mt7tiojooI2RGQ5ZaYr5b8Yp6/qD0Q4gXaVoSPcASmKjiTYeAcEWRxoBLU/SrZoCOHkJ745oCIeq6RgbFKXkDbMR41Q/vbqDdUtKwxXV8l0rN6wsAzwkHhQSPUvJ/WgMBMQeMYQOkLoOKEh2zCi8RYsG0B4bk/4CDcr2AFd2VgD9p2e3myTfztts83Wi6R/so6KZFe5hedSwBtjPH52b4g8em5uCpbI/7Rewp9X5dOc5s0ZUPGNN5qCLVeHodsD6/f1YXMjXNXrEYGJyQB6w9aMSzRFCvNopf/hPlfwl7xqrZ9tZzQoA6pFsV8YAgsJOic/BzvocMhJysrZUdlKYd5z1U0f8GTZll3K/csVO0kT1oVIvVTu77J7aJdvgSuPUKJG5/QOmgDvbZM7rmbGCzWSKUYVDQOwdw6vWz/lYVkxkP7KfOWfhA0EHn6mYl9Z7Ydsz8g/vaU0FEeTaug5QQOoNIkuHSIql2pMhi2A/ztAvv63ICXHMBhIz4ODhuirdfFCjEi7u/STEwVjyoFzVLAvWIVqDCaesSMTXwMcnc/tEy0ti1eO2YbER49AqbEFZHcWjNCLdTb/XnQOK5oG56lK3FDPu7IiNwcd3IHaXsqb/Z1LA8fATilAhBLzao0QRREQFoVVLUSzR/HJuOpV4pc3UbI9BrlxpKb4MH5HygSSJr/2C9u069p51S4f8QrFnl07tWIlHmCsdGl/dNJHadU8ZRQru4X4fhPfM8igItp38uX3/LvDeJiUhQwgQzoB1Qv2NHqsOGkteoHQU/BS0ckq1A2PKLMTttvfjydpHtPgeassh3/NRr6JTdrESraBIcarAyYMbsjMWmo2cmj/UhNbOYwLgfn2k9IIlnYX1y887tSk2gtC/v9FtGi3GBODP62s9ynQ1J1VBC2E5sSFK/rl7DP7fbSpyxXlKmbpSkx1Apo9RHc40I/hPQp6mVDdpoa8zyyoOcovvQNC5hI8OXx/wtVoQq1cg5hka45aa6Do9q0zYSLY7S4f/Ol83EEYWDHsiIp9lwVWq1SD6KaOc9Y5n/24bokb5wcXO6MMLPdzaunGB4QElf7NAI/ZnJb7N3OB2xP7iJIIrjQGPDhnGENigH8/xEQ9ZtcJEALBlXNUtuI3nenGvPDYXULC/G37GmfjO196GL8zsfw5qg4emHOcAISbX/E3ara7483ef9fVJ2bYJXTeABcWapJkD8/atFN81jfowvbhS1eCKj8YeOFzPuyAxJ3/B6xXXjza8hbLjUZhYOkE8VIP2IreWUYn/qzKLDpyyctOSDYAHZCbu2GE0e12kgzx9/sDvTzITL3GulSd49arQfwxyMkZOZj2ZU/ufQFvrwgCmrFZ5OVsEcRt4u2eatx4Ybf/0NVTWYhjMO05JSwuWEXvdbXHWwJz2h1e/DGtZSnttC07UbBDZrXQ9Y5TKqFber6k6/qxYNgM5NbKMKX5m7Reqf8Vdt5YpwvDdG/7POOLBYyHd5r8ngPfr8JsCSBIgTqWffj/GKGSZDEjbpG6sMa5piY6VvKuTnwQ4ORj/qUqI0ToMuNcPDoz83nrKsIAfd562WSBL/W0xVA8FxpWyFMNGvmmRSri64UMQvYV2D/0ZcQPPCWbTuyj7ftXAx2ZDYioUxSEUv3/8qWvb4QHFfMBRgK3QAM0XXvDO5tTg4kG/1eNLXea64uiTwIo9J304xUQ7fGqO4elW/85p96yifmWorBU2W4EzcWHk8UxTULCpf/TRwklFWugsjhaLi7ILdHCOlVeNMljWk7/nt0GFgcJbw4wzICY1Rs2F2TwEJxOfvDA/TMXNel2c46lnFRDvrMiNwSVx4dK7xUfX/S25k4U0O2ULIFxPoymgyXqBIw<>IOavZfK?a=buib
--- error_code: 412


=== TEST 1.1: very long get varname (exception in content)
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
	 SecRulesEnabled;
	 DeniedUrl "/RequestDenied";
	 CheckRule "$SQL >= 8" BLOCK;
	 CheckRule "$RFI >= 8" BLOCK;
	 CheckRule "$TRAVERSAL >= 4" BLOCK;
	 CheckRule "$XSS >= 8" BLOCK;
  	 root $TEST_NGINX_SERVROOT/html/;
         index index.html index.htm;
}
location /RequestDenied {
	 return 412;
	# return 412;
}
--- request
GET /x?RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/GHMjmX551MaZ703Zgik2hfRuJABMShON/Z5wR2X5bFir5PycE5FFVoFHmfx8QNL4V/943CsQz2dYBV33Z9jiZYnZ5EejAlkEO4/uYTS41BdplwAOUDB0xn9ClFmDZsr7tRZ/wTLei0OHtlrZR8bxfK2LDwIF8OMH3WZE/w3kvyBve0dpjW3x9xoqg748ZjebaQdy8/Bx85uPeiwDtoQrj3oFP2dRnj73iyiLt3/iY1oSOihQC4ulhrGd2YprEp08T3FH0kQ/hh6z5gOUuqli4hh5HIaeP6GVGiiONZLj/CofGwbvn3Ykmi7mbFL6k4pMMgQaFSMvB/mz3nZHp8DhDQTl387vv7P1wcdBKvujfe/EJYiTbfJd9WVYcmdnqKLXiFpF6Kr0biw/G9nSg0ZN4yftaumTdGXntboyZT2iJvqe/2etvNYUSpPTJdWGQGkCFDw9Yn6P8bG0t/1hvs9ktzfaAgWil0I0wolt24rft67Whs/fpOeIopoVz2YA10ricpFi7c1n1uhKPOM/XscwrENSml68eZWoLDCNNPMxtSZa07er/fEnANOa73wuHAXRmh9waM2n8nbaWB8lr/lIyImkx0q8K1tMepBI6OTjNAzTfPPveX/sReJanUiHGNmrA5DD8OcCMhQWakdTVd6/ctGF1f1f8i8zxZ4ayGPHdER9xdQmGYIj/ZpYUJz0hneOW0uCpmcnDdiBb2chRzd2j/IRK4BKje7lMTIk54cTShUng3M2J9j4ae/jfC9Z3wxSqrOm41ntbPh4FKs4DCGl4X3/fwfYfvDWvJBos5JmKbelHDwycUIA0iPj/VbArpVN5jTpqyNsGJT5rMRnEdvfHCdO9/TjZfWMSN47NIxbnFCqDOIDkFLwxrxJ6n/mkacRmKU9bUetg5ZZWplW40jmbst9W91/9UdszxKPDe1kIvwP9MJXVB5TFO4PoM45/cKaB0uHe5XYs4VRvi0SC3Ezt1XjBDrsT/xsjasaATxxGtf7aPdvweU4Fhfkcj8RqQ/KVSArfJaLokxKvZJa6DnRv86FZBfjyPp/zRAuwgCqKxMBFQccsN6kz2gQQbn6M2OR/UCBdRksWkIbbI6xu6g3cEC6I4RS0blhC/IYsGGwHs2xDaso9nUZa6itgzVYB2jqGG/awACcJnUKyrr30iIe00nDCCsbWisNS9j/KtJ28OnSy1AgZGWm1zGJfHZ1L25lMryz/WccLtXBQSw9lgnZYlI4HL0Fcvo0xg0VV/4bAURVacvcMWsWH0OeBITjNr4pZHy1ev/DUYNBjRFOrlZ0729b8tnnFPOcWfs6oPo/5MGXyTTMKmsfBJREKJ57L0kzsJLNqBJZ/BggReuhQlZvIOZ3V4oyzja8ffYTea1YM/evjFx6vVxbTHkAkiXyxF9961azP5kRaE/qUsuvNZOuASzvjeufYK0ED1yDpoM18yr/d9M5aMssXJ5NIqeOcr1zNlnnOJCHozvR/iff1NofjukyuQHE1nzkFy4fKyWpcWwTJ/K6OXsgUeiPMoJH4ahKc32TAJVaCOMF2b/Qx9OMg3mGLgGWFMJwX7NCIAvAjknHCMC/MrZfhxQk4Y05wOc8WU43r4DNuANXEU6W/41wneSCeolVguxfuaRv0qR2IRcKyxnqJ/5kx4glclwR9pKqcY1XNmgyoFC3aAYQ64/dRIOuzBuAATyTsZunC7dRhSqOYB6MX3v/1L9m8gHnKYmSvlN9tTVc9N1eok33lh72/Nfl5SSttMNwsmJ9Va0cpzkhNh3MTlYxU/v84mzMslmeieOct17yUTBXDOyI7ztdaY/C038inDtbZY6cEtM2A09NC89fRNMa1nZ/1oWGjLTcCqx0tEH8ZV6GnL8eXEKbQeUq/PrnlePb9Je7jL1QCwMdgm3L8qFrn6q1e/iqUJJk67hgZhJWmIRyCok9BUqEeaXka4/7y1FF0WGB41c6QPDfBfCoBzPo7GZTXcL/hLgm8mS6NM2ZQGQoHftOno2KRXxz6Cax/37RYU50Mt7tiojooI2RGQ5ZaYr5b8Yp6/qD0Q4gXaVoSPcASmKjiTYeAcEWRxoBLU/SrZoCOHkJ745oCIeq6RgbFKXkDbMR41Q/vbqDdUtKwxXV8l0rN6wsAzwkHhQSPUvJ/WgMBMQeMYQOkLoOKEh2zCi8RYsG0B4bk/4CDcr2AFd2VgD9p2e3myTfztts83Wi6R/so6KZFe5hedSwBtjPH52b4g8em5uCpbI/7Rewp9X5dOc5s0ZUPGNN5qCLVeHodsD6/f1YXMjXNXrEYGJyQB6w9aMSzRFCvNopf/hPlfwl7xqrZ9tZzQoA6pFsV8YAgsJOic/BzvocMhJysrZUdlKYd5z1U0f8GTZll3K/csVO0kT1oVIvVTu77J7aJdvgSuPUKJG5/QOmgDvbZM7rmbGCzWSKUYVDQOwdw6vWz/lYVkxkP7KfOWfhA0EHn6mYl9Z7Ydsz8g/vaU0FEeTaug5QQOoNIkuHSIql2pMhi2A/ztAvv63ICXHMBhIz4ODhuirdfFCjEi7u/STEwVjyoFzVLAvWIVqDCaesSMTXwMcnc/tEy0ti1eO2YbER49AqbEFZHcWjNCLdTb/XnQOK5oG56lK3FDPu7IiNwcd3IHaXsqb/Z1LA8fATilAhBLzao0QRREQFoVVLUSzR/HJuOpV4pc3UbI9BrlxpKb4MH5HygSSJr/2C9u069p51S4f8QrFnl07tWIlHmCsdGl/dNJHadU8ZRQru4X4fhPfM8igItp38uX3/LvDeJiUhQwgQzoB1Qv2NHqsOGkteoHQU/BS0ckq1A2PKLMTttvfjydpHtPgeassh3/NRr6JTdrESraBIcarAyYMbsjMWmo2cmj/UhNbOYwLgfn2k9IIlnYX1y887tSk2gtC/v9FtGi3GBODP62s9ynQ1J1VBC2E5sSFK/rl7DP7fbSpyxXlKmbpSkx1Apo9RHc40I/hPQp6mVDdpoa8zyyoOcovvQNC5hI8OXx/wtVoQq1cg5hka45aa6Do9q0zYSLY7S4f/Ol83EEYWDHsiIp9lwVWq1SD6KaOc9Y5n/24bokb5wcXO6MMLPdzaunGB4QElf7NAI/ZnJb7N3OB2xP7iJIIrjQGPDhnGENigH8/xEQ9ZtcJEALBlXNUtuI3nenGvPDYXULC/G37GmfjO196GL8zsfw5qg4emHOcAISbX/E3ara7483ef9fVJ2bYJXTeABcWapJkD8/atFN81jfowvbhS1eCKj8YeOFzPuyAxJ3/B6xXXjza8hbLjUZhYOkE8VIP2IreWUYn/qzKLDpyyctOSDYAHZCbu2GE0e12kgzx9/sDvTzITL3GulSd49arQfwxyMkZOZj2ZU/ufQFvrwgCmrFZ5OVsEcRt4u2eatx4Ybf/0NVTWYhjMO05JSwuWEXvdbXHWwJz2h1e/DGtZSnttC07UbBDZrXQ9Y5TKqFber6k6/qxYNgM5NbKMKX5m7Reqf8Vdt5YpwvDdG/7POOLBYyHd5r8ngPfr8JsCSBIgTqWffj/GKGSZDEjbpG6sMa5piY6VvKuTnwQ4ORj/qUqI0ToMuNcPDoz83nrKsIAfd562WSBL/W0xVA8FxpWyFMNGvmmRSri64UMQvYV2D/0ZcQPPCWbTuyj7ftXAx2ZDYioUxSEUv3/8qWvb4QHFfMBRgK3QAM0XXvDO5tTg4kG/1eNLXea64uiTwIo9J304xUQ7fGqO4elW/85p96yifmWorBU2W4EzcWHk8UxTULCpf/TRwklFWugsjhaLi7ILdHCOlVeNMljWk7/nt0GFgcJbw4wzICY1Rs2F2TwEJxOfvDA/TMXNel2c46lnFRDvrMiNwSVx4dK7xUfX/S25k4U0O2ULIFxPoymgyXqBIwIOavZfK=b<>
--- error_code: 412



=== TEST 1.2: very long get varname (exception in varname)
--- main_config
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
--- http_config
include /tmp/naxsi_ut/naxsi_core.rules;
--- config
location / {
	 SecRulesEnabled;
	 DeniedUrl "/RequestDenied";
	 CheckRule "$SQL >= 8" BLOCK;
	 CheckRule "$RFI >= 8" BLOCK;
	 CheckRule "$TRAVERSAL >= 4" BLOCK;
	 CheckRule "$XSS >= 8" BLOCK;
  	 root $TEST_NGINX_SERVROOT/html/;
         index index.html index.htm;
}
location /RequestDenied {
	 return 412;
	# return 412;
}
--- request
GET /x?RJyIdIFfpCvCmE3FCglyolhQpjAFGPqj/GHMjmX551MaZ703Zgik2hfRuJABMShON/Z5wR2X5bFir5PycE5FFVoFHmfx8QNL4V/943CsQz2dYBV33Z9jiZYnZ5EejAlkEO4/uYTS41BdplwAOUDB0xn9ClFmDZsr7tRZ/wTLei0OHtlrZR8bxfK2LDwIF8OMH3WZE/w3kvyBve0dpjW3x9xoqg748ZjebaQdy8/Bx85uPeiwDtoQrj3oFP2dRnj73iyiLt3/iY1oSOihQC4ulhrGd2YprEp08T3FH0kQ/hh6z5gOUuqli4hh5HIaeP6GVGiiONZLj/CofGwbvn3Ykmi7mbFL6k4pMMgQaFSMvB/mz3nZHp8DhDQTl387vv7P1wcdBKvujfe/EJYiTbfJd9WVYcmdnqKLXiFpF6Kr0biw/G9nSg0ZN4yftaumTdGXntboyZT2iJvqe/2etvNYUSpPTJdWGQGkCFDw9Yn6P8bG0t/1hvs9ktzfaAgWil0I0wolt24rft67Whs/fpOeIopoVz2YA10ricpFi7c1n1uhKPOM/XscwrENSml68eZWoLDCNNPMxtSZa07er/fEnANOa73wuHAXRmh9waM2n8nbaWB8lr/lIyImkx0q8K1tMepBI6OTjNAzTfPPveX/sReJanUiHGNmrA5DD8OcCMhQWakdTVd6/ctGF1f1f8i8zxZ4ayGPHdER9xdQmGYIj/ZpYUJz0hneOW0uCpmcnDdiBb2chRzd2j/IRK4BKje7lMTIk54cTShUng3M2J9j4ae/jfC9Z3wxSqrOm41ntbPh4FKs4DCGl4X3/fwfYfvDWvJBos5JmKbelHDwycUIA0iPj/VbArpVN5jTpqyNsGJT5rMRnEdvfHCdO9/TjZfWMSN47NIxbnFCqDOIDkFLwxrxJ6n/mkacRmKU9bUetg5ZZWplW40jmbst9W91/9UdszxKPDe1kIvwP9MJXVB5TFO4PoM45/cKaB0uHe5XYs4VRvi0SC3Ezt1XjBDrsT/xsjasaATxxGtf7aPdvweU4Fhfkcj8RqQ/KVSArfJaLokxKvZJa6DnRv86FZBfjyPp/zRAuwgCqKxMBFQccsN6kz2gQQbn6M2OR/UCBdRksWkIbbI6xu6g3cEC6I4RS0blhC/IYsGGwHs2xDaso9nUZa6itgzVYB2jqGG/awACcJnUKyrr30iIe00nDCCsbWisNS9j/KtJ28OnSy1AgZGWm1zGJfHZ1L25lMryz/WccLtXBQSw9lgnZYlI4HL0Fcvo0xg0VV/4bAURVacvcMWsWH0OeBITjNr4pZHy1ev/DUYNBjRFOrlZ0729b8tnnFPOcWfs6oPo/5MGXyTTMKmsfBJREKJ57L0kzsJLNqBJZ/BggReuhQlZvIOZ3V4oyzja8ffYTea1YM/evjFx6vVxbTHkAkiXyxF9961azP5kRaE/qUsuvNZOuASzvjeufYK0ED1yDpoM18yr/d9M5aMssXJ5NIqeOcr1zNlnnOJCHozvR/iff1NofjukyuQHE1nzkFy4fKyWpcWwTJ/K6OXsgUeiPMoJH4ahKc32TAJVaCOMF2b/Qx9OMg3mGLgGWFMJwX7NCIAvAjknHCMC/MrZfhxQk4Y05wOc8WU43r4DNuANXEU6W/41wneSCeolVguxfuaRv0qR2IRcKyxnqJ/5kx4glclwR9pKqcY1XNmgyoFC3aAYQ64/dRIOuzBuAATyTsZunC7dRhSqOYB6MX3v/1L9m8gHnKYmSvlN9tTVc9N1eok33lh72/Nfl5SSttMNwsmJ9Va0cpzkhNh3MTlYxU/v84mzMslmeieOct17yUTBXDOyI7ztdaY/C038inDtbZY6cEtM2A09NC89fRNMa1nZ/1oWGjLTcCqx0tEH8ZV6GnL8eXEKbQeUq/PrnlePb9Je7jL1QCwMdgm3L8qFrn6q1e/iqUJJk67hgZhJWmIRyCok9BUqEeaXka4/7y1FF0WGB41c6QPDfBfCoBzPo7GZTXcL/hLgm8mS6NM2ZQGQoHftOno2KRXxz6Cax/37RYU50Mt7tiojooI2RGQ5ZaYr5b8Yp6/qD0Q4gXaVoSPcASmKjiTYeAcEWRxoBLU/SrZoCOHkJ745oCIeq6RgbFKXkDbMR41Q/vbqDdUtKwxXV8l0rN6wsAzwkHhQSPUvJ/WgMBMQeMYQOkLoOKEh2zCi8RYsG0B4bk/4CDcr2AFd2VgD9p2e3myTfztts83Wi6R/so6KZFe5hedSwBtjPH52b4g8em5uCpbI/7Rewp9X5dOc5s0ZUPGNN5qCLVeHodsD6/f1YXMjXNXrEYGJyQB6w9aMSzRFCvNopf/hPlfwl7xqrZ9tZzQoA6pFsV8YAgsJOic/BzvocMhJysrZUdlKYd5z1U0f8GTZll3K/csVO0kT1oVIvVTu77J7aJdvgSuPUKJG5/QOmgDvbZM7rmbGCzWSKUYVDQOwdw6vWz/lYVkxkP7KfOWfhA0EHn6mYl9Z7Ydsz8g/vaU0FEeTaug5QQOoNIkuHSIql2pMhi2A/ztAvv63ICXHMBhIz4ODhuirdfFCjEi7u/STEwVjyoFzVLAvWIVqDCaesSMTXwMcnc/tEy0ti1eO2YbER49AqbEFZHcWjNCLdTb/XnQOK5oG56lK3FDPu7IiNwcd3IHaXsqb/Z1LA8fATilAhBLzao0QRREQFoVVLUSzR/HJuOpV4pc3UbI9BrlxpKb4MH5HygSSJr/2C9u069p51S4f8QrFnl07tWIlHmCsdGl/dNJHadU8ZRQru4X4fhPfM8igItp38uX3/LvDeJiUhQwgQzoB1Qv2NHqsOGkteoHQU/BS0ckq1A2PKLMTttvfjydpHtPgeassh3/NRr6JTdrESraBIcarAyYMbsjMWmo2cmj/UhNbOYwLgfn2k9IIlnYX1y887tSk2gtC/v9FtGi3GBODP62s9ynQ1J1VBC2E5sSFK/rl7DP7fbSpyxXlKmbpSkx1Apo9RHc40I/hPQp6mVDdpoa8zyyoOcovvQNC5hI8OXx/wtVoQq1cg5hka45aa6Do9q0zYSLY7S4f/Ol83EEYWDHsiIp9lwVWq1SD6KaOc9Y5n/24bokb5wcXO6MMLPdzaunGB4QElf7NAI/ZnJb7N3OB2xP7iJIIrjQGPDhnGENigH8/xEQ9ZtcJEALBlXNUtuI3nenGvPDYXULC/G37GmfjO196GL8zsfw5qg4emHOcAISbX/E3ara7483ef9fVJ2bYJXTeABcWapJkD8/atFN81jfowvbhS1eCKj8YeOFzPuyAxJ3/B6xXXjza8hbLjUZhYOkE8VIP2IreWUYn/qzKLDpyyctOSDYAHZCbu2GE0e12kgzx9/sDvTzITL3GulSd49arQfwxyMkZOZj2ZU/ufQFvrwgCmrFZ5OVsEcRt4u2eatx4Ybf/0NVTWYhjMO05JSwuWEXvdbXHWwJz2h1e/DGtZSnttC07UbBDZrXQ9Y5TKqFber6k6/qxYNgM5NbKMKX5m7Reqf8Vdt5YpwvDdG/7POOLBYyHd5r8ngPfr8JsCSBIgTqWffj/GKGSZDEjbpG6sMa5piY6VvKuTnwQ4ORj/qUqI0ToMuNcPDoz83nrKsIAfd562WSBL/W0xVA8FxpWyFMNGvmmRSri64UMQvYV2D/0ZcQPPCWbTuyj7ftXAx2ZDYioUxSEUv3/8qWvb4QHFfMBRgK3QAM0XXvDO5tTg4kG/1eNLXea64uiTwIo9J304xUQ7fGqO4elW/85p96yifmWorBU2W4EzcWHk8UxTULCpf/TRwklFWugsjhaLi7ILdHCOlVeNMljWk7/nt0GFgcJbw4wzICY1Rs2F2TwEJxOfvDA/TMXNel2c46lnFRDvrMiNwSVx4dK7xUfX/S25k4U0O2ULIFxPoymgyXqBIwIOa<>vZfK=b
--- error_code: 412

@wargio You can definitely add this to your project and somehow make it configurable. Looking for hints from you how to make it as an option:

https://github.com/nbs-system/naxsi/pull/488/files#diff-c94873dd7eede49a9d55290d07f66ef1R981

The rest can be achieved by config changes also, so for me it looks kinda optional.

Unless users think it is easier via file also, I can then look into it again. Not sure which way could faster and if config option supports netmask/CIDR etc

@marcinguy
Copy link
Contributor Author

marcinguy commented Jul 20, 2020
edited
Loading

@wargio OK, my bad. Indeed this was a bug. Thanks for having tests.

Fixed it.

Output is now in both Formats (NAXSI_FMT and JSON). So user can see both and tests pass.

Not sure if Multiline Logs will display correctly with JSON, if the length is too big, JSON will be empty. Had a hard time with them. Will chew some more on this, unless you see the solution.

Please review it and let me know your comments.

@marcinguy
Copy link
Contributor Author

FYI This PR is experimental, but since Tests passed, should be fine. YMMV (Your Mileage May Vary)

@wargio Looking for your review and tips how to improve it and maybe merge in master

@marcinguy
Copy link
Contributor Author

@wargio Multi line is pretty complex. Seems like JSON on multiline will not work. Will cap it to 1948 and if it is more, will return empry. Will update PR as I get it.

@marcinguy
Copy link
Contributor Author

@wargio Multiline will not make sense with JSON. So if a multiline event is made, I send empty JSON. You cannot connect JSON across logs lines, this would be very difficult for JSON parsing.

I think this will help in most of the cases.

@mhf-ir
Copy link

mhf-ir commented Jul 21, 2020
edited
Loading

See this simple tools, naxsi added also much more parsing inside nginx error log.

https://github.com/aasaam/nginx-error-log-parser

@marcinguy
Copy link
Contributor Author

Does your solution work also with a Multiline log???? I guess not.

Multiline log example:

2020/07/22 09:24:57 [error] 14714#0: *1 NAXSI_FMT: ip=127.0.0.1&server=localhost&uri=/&vers=0.56&total_processed=1&total_blocked=1&config=learning&cscore0=$SQL&score0=630&zone0=ARGS&id0=1998&var_name0=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1&zone1=ARGS&id1=1998&var_name1=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa2&zone2=ARGS&id2=1998&var_name2=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3&zone3=ARGS&id3=1998&var_name3=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa4&zone4=ARGS&id4=1998&var_name4=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa5&zone5=ARGS&id5=1998&var_name5=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa6&zone6=ARGS&id6=1998&var_name6=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa7&zone7=ARGS&id7=1998&var_name7=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa8&zone8=ARGS&id8=1998&var_name8=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9&zone9=ARGS&id9=1998&var_name9=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa10&zone10=ARGS&id10=1998&var_name10=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa11&zone11=ARGS&id11=1998&var_name11=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa12&zone12=ARGS&id12=1998&var_name12=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa13&seed_start=185, client: 127.0.0.1, server: localhost, request: "GET /?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2020/07/22 09:24:57 [error] 14714#0: *1 NAXSI_FMT: seed_end=185&zone13=ARGS&id13=1998&var_name13=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa14&zone14=ARGS&id14=1998&var_name14=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa15, client: 127.0.0.1, server: localhost, request: "GET /?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA10=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA11=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA12=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA13=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA14=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA15=1998 HTTP/1.1", host: "localhost"

As you can see they're connected by "seed_start" and "seed_end".

I will just return empty JSON with my PR:

2020/07/22 09:24:57 [error] 14714#0: *1 { }, client: 127.0.0.1, server: localhost, request: "GET /?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA10=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA11=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA12=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA13=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA14=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA15=1998 HTTP/1.1", host: "localhost"
2020/07/22 09:24:57 [error] 14714#0: *1 { }, client: 127.0.0.1, server: localhost, request: "GET /?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA10=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA11=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA12=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA13=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA14=1998&AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA15=1998 HTTP/1.1", host: "localhost"

My use case is DataDog (which parser cannot connect multiple JSON with "seed_start" and "seed_end" values, this would be also very complex to connect and parse in DataDog)

The typical case should look like this (no Multiline log)

2020/07/22 09:25:01 [error] 14714#0: *2 { "ip":"127.0.0.1","server":"localhost","uri":"/","vers":"0.56","total_processed":"2","total_blocked":"2","config":"learning","cscore0":"$XSS","score0":"16","zone0":"ARGS","id0":"1302","var_name0":"","zone1":"ARGS","id1":"1303","var_name1":"" }, client: 127.0.0.1, server: localhost, request: "GET /?<script> HTTP/1.1", host: "localhost"

@wargio
Copy link
Contributor

wargio commented Jul 22, 2020

I'll review this tomorrow.

@mhf-ir
Copy link

mhf-ir commented Jul 23, 2020
edited
Loading

@marcinguy No multiline not support i may work on that. one simple solution is increase nginx NGX_MAX_ERROR_STR to solve this problem.
NGX_MAX_ERROR_STR

I donno why is really exist and so small?

@wargio
Copy link
Contributor

wargio commented Aug 14, 2020

OK, sorry for the huge delay on this. i want to merge this and looks good to me.

wargio
wargio suggested changes Aug 14, 2020
View reviewed changes
Copy link
Contributor

@wargio wargio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, is missing only a few pointer checks.

Maybe hardcoding a path for the whitelist is not the best idea?

naxsi_src/naxsi_runtime.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Outdated Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
naxsi_src/naxsi_utils.c Show resolved Hide resolved
@marcinguy
Copy link
Contributor Author

marcinguy commented Aug 14, 2020
edited
Loading

Ok, is missing only a few pointer checks.

Maybe hardcoding a path for the whitelist is not the best idea?

Wanted to just say this.

@mhf-ir Interesting ... could be also done. Nice!

@wargio Great.

One thing to consider is making /etc/nginx/whitelist.txt file name and location configurable via Naxsi config file. Don't know how to do it from the top of my head, would need to dig into this. Don't have time now.

It also does not support now CIDR, could be added. Wondering if this would be faster than fast hashmaps, also I can assume NGINX config uses also hashmaps so making this via runtime modifiers, should/could have the same speed. Not sure about it.

Definitely fewer lines and stuff is in one place with /etc/nginx/whitelist.txt approach.


https://github.com/nbs-system/naxsi/wiki/runtime-modifiers

 # Disable naxsi if client ip is 127.0.0.1
 if ($remote_addr = "127.0.0.1") {
  set $naxsi_flag_enable 0;
 }

@marcinguy
Copy link
Contributor Author

@wargio Also the output format can be specified also in Naxsi config. If you want JSON or standard etc I think I output now both. So you can pick what you want.

@marcinguy
Added whitelist first as a conf variable (WhitelistFile) and modifier…
e0666d6 
… to enable JSON output (set $naxsi_json_log 1)
@marcinguy
Copy link
Contributor Author

Added Whitelist file as an option in Naxsi configuration file and also a dynamic modifier to enable JSON logging format also in Naxsi configuration file.

Can update the Docs later on, also with my DataDog Setup instructions.

@wargio
what do you mean with missing pointer check? Can you show one example what you mean?

@wargio
Copy link
Contributor

wargio commented Aug 15, 2020

I mean that you are not checking for null pointers @marcinguy there are some memcpy like functions after that malloc from the pool.

wargio
wargio suggested changes Aug 15, 2020
View reviewed changes
naxsi_src/naxsi_utils.c Outdated Show resolved Hide resolved
naxsi_src/naxsi_utils.c Outdated Show resolved Hide resolved
wargio
wargio suggested changes Aug 15, 2020
View reviewed changes
naxsi_src/naxsi_utils.c Show resolved Hide resolved
@marcinguy marcinguy requested a review from wargio August 15, 2020 16:47
wargio
wargio approved these changes Aug 15, 2020
View reviewed changes
Copy link
Contributor

@wargio wargio left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks really good. awesome job!

@wargio wargio merged commit 07a056c into nbs-system:master Aug 15, 2020
@marcinguy
Copy link
Contributor Author

@wargio Cool. Modified also Wiki a little bit to add those new configuration options.

wargio referenced this pull request in wargio/naxsi Mar 5, 2022
@marcinguy @wargio
Global Whitelist and JSON output of events/blocks (#488)
0fb64ce 
* Added global whitelist in /etc/nginx/whitelist.txt (one IP per line) and JSON output of logged events/blocks

* Fix in whitelist size

* Reformatted to fit original formatting.

* Changed loggin to include both formats

* Formatting

* Fix code

* Fix pesky newlines with hashmap

* Fix bug with uninitialization

* Fix

* Cleanup

* Whitespaces

* Whitespaces

* Update naxsi.h

* Fixes for failed tests

* Fix

* Undo and comment

* Fixed JSON on Multiline

* Correct Makefile

* Remove debugs

* Added whitelist first as a conf variable (WhitelistFile) and modifier to enable JSON output (set $naxsi_json_log 1)

* Reformatting

* Resolved comments from @wargio

* Resolved change requests from @wargio
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wargio wargio wargio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marcinguy @mhf-ir @wargio