What are the nginx-naxsi whitelist rules?-Nginx-php.cn

Home

Operation and Maintenance

Nginx

What are the nginx-naxsi whitelist rules?

PHPz

May 13, 2023 pm 04:19 PM

nginx naxsi

Whitelist rule syntax:

##wl:id (white list id)Which interception rules will enter Whitelistwl:0Add all interception rules to the whitelistwl:42Add the interception rule with ID 42 to the whitelistwl:42,41,43Add the interception rule with IDs 42, 41 and 43 to the whitelist wl:-42Add all interception rules to the whitelist, except the interception rule with id 42

##mz:(match zones)

args$args_var$args_var_xheaders$headers_var$headers_var_x body$body_var$ body_var_xurlurl_xfile_ext

get’s entire parameters, such as: foo=bar&in=
Get the parameter name of the parameter, such as foo and in in foo=bar&in=
The parameter name of the regular matching get parameter
The entire http protocol header
The name of the http protocol header
The name of the regular matching http protocol header
The entire parameter content of post
The parameter name of post parameter
Parameter name of the regular matching post parameter
#url (before ?)
Regular matching url (before ?)
File name (the file name uploaded when uploading a file in post)

Whitelist configuration example

Take rule #1000 as an example: Rule #1000 filters out select, update, delete, insert Rules for sql keywords

Rulebasicrule wl:1000;basicrule wl:1000 "mz:$args_var:foo";Disable interception rules in all get parameter values named foo#1000basicrule wl:1000 "mz:$url:/bar|args";In the get request with url /bar Parameter disable interception rule #1000basicrule wl:1000 "mz:args|name";at Disable interception rules for all parameter names (just names, not including parameter values) in all get requests #1000basicrule wl:0 "mz:$url_x:^/upload/(.*).(.*)$|url";Disable all interception rules for URLs that match ^/upload/(.*).(.*)$ regular rules in all requests

实战用的白名单规则
# vi naxsi_basicrule.conf
basicrule wl:1010,1011 "mz:$args_var:rd";
basicrule wl:1015,1315 "mz:$headers_var:cookie";

Copy after login

Description
Completely disable interception rule #1000 in this sub-rule. Because there is no specified area, all are added to the whitelist.
	Requests like http://mike.hi-linux.com/?foo=select * from demo will not be filtered.
	The following similar requests will not be filtered: http://mike.hi-linux.com/bar?my=select * from demohttp:// mike.hi-linux.com/bar?from=weibo
	The following requests will not be filtered: http://mike.hi-linux .com/bar?from=weibo The following requests will be filtered: http://mike.hi-linux.com/bar?foo=select Because select It is a parameter value and is not in the whitelist range.
	Similar to http://mike.hi-linux.com/upload The /select.db request will not be filtered (it would have triggered the #1000 interception rule).

The above is the detailed content of What are the nginx-naxsi whitelist rules?. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

1 months ago By DDD

R.E.P.O. Best Graphic Settings

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

1 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7409

Java Tutorial

1631

CakePHP Tutorial

1358

Laravel Tutorial

1268

PHP Tutorial

1218

Related knowledge

How to allow external network access to tomcat server Apr 21, 2024 am 07:22 AM

To allow the Tomcat server to access the external network, you need to: modify the Tomcat configuration file to allow external connections. Add a firewall rule to allow access to the Tomcat server port. Create a DNS record pointing the domain name to the Tomcat server public IP. Optional: Use a reverse proxy to improve security and performance. Optional: Set up HTTPS for increased security.

How to run thinkphp Apr 09, 2024 pm 05:39 PM

Steps to run ThinkPHP Framework locally: Download and unzip ThinkPHP Framework to a local directory. Create a virtual host (optional) pointing to the ThinkPHP root directory. Configure database connection parameters. Start the web server. Initialize the ThinkPHP application. Access the ThinkPHP application URL and run it.

Welcome to nginx!How to solve it? Apr 17, 2024 am 05:12 AM

To solve the "Welcome to nginx!" error, you need to check the virtual host configuration, enable the virtual host, reload Nginx, if the virtual host configuration file cannot be found, create a default page and reload Nginx, then the error message will disappear and the website will be normal show.

How to communicate between docker containers Apr 07, 2024 pm 06:24 PM

There are five methods for container communication in the Docker environment: shared network, Docker Compose, network proxy, shared volume, and message queue. Depending on your isolation and security needs, choose the most appropriate communication method, such as leveraging Docker Compose to simplify connections or using a network proxy to increase isolation.

How to register phpmyadmin Apr 07, 2024 pm 02:45 PM

To register for phpMyAdmin, you need to first create a MySQL user and grant permissions to it, then download, install and configure phpMyAdmin, and finally log in to phpMyAdmin to manage the database.

How to deploy nodejs project to server Apr 21, 2024 am 04:40 AM

Server deployment steps for a Node.js project: Prepare the deployment environment: obtain server access, install Node.js, set up a Git repository. Build the application: Use npm run build to generate deployable code and dependencies. Upload code to the server: via Git or File Transfer Protocol. Install dependencies: SSH into the server and use npm install to install application dependencies. Start the application: Use a command such as node index.js to start the application, or use a process manager such as pm2. Configure a reverse proxy (optional): Use a reverse proxy such as Nginx or Apache to route traffic to your application

How to generate URL from html file Apr 21, 2024 pm 12:57 PM

Converting an HTML file to a URL requires a web server, which involves the following steps: Obtain a web server. Set up a web server. Upload HTML file. Create a domain name. Route the request.

What to do if the installation of phpmyadmin fails Apr 07, 2024 pm 03:15 PM

Troubleshooting steps for failed phpMyAdmin installation: Check system requirements (PHP version, MySQL version, web server); enable PHP extensions (mysqli, pdo_mysql, mbstring, token_get_all); check configuration file settings (host, port, username, password); Check file permissions (directory ownership, file permissions); check firewall settings (whitelist web server ports); view error logs (/var/log/apache2/error.log or /var/log/nginx/error.log); seek Technical support (phpMyAdmin

See all articles