Thibault "bui" Koechlin
Thibault "bui" Koechlin
Can you provide me a reproducible use-case ? I don't see exactly what is the issue :) ty !
Hello, Thanks for your time. In order to be able to debug and understand what is going on, I would need : - [x] a valid nginx configuration - [...
Because naxsi [BasicRule configuration is per location](https://github.com/nbs-system/naxsi/wiki/rules-bnf)
> My question is why “MainRule” does not work at http level? `MainRule` should work at http level, and is part of unit tests. Can you provide a configuration where...
`BasicRule wl:0 "mz:$BODY_VAR:channelid";` It will whitelist rules, but only in the channelId post variable, is it what you meant ?
Hello, Unfortunately, I don't think the json parser supports this yet, but I need to look into it, as I have already issue #457 that is somehow related.
Hello @selivan, If I understand correctly you really want to _strip out_ all the variables that would not be specified by the `naxsi_allowed_headers`/`naxsi_allowed_get_args` etc?
Hello, We will consider, however, it would require really altering the incoming request, which has quite a lot of implications. Thanks for the idea anyway :)
Hello, The difference is due to the fact that NAXSI_EXLOG uses `NGX_ESCAPE_URI_COMPONENT` while NAXSI_FMT uses `NGX_ESCAPE_ARGS`. Both ensure that `&` is encoded, avoiding log injection, but it might be worth...
Hello, I don't know much about isitio/envoy, but will have a look. However, naxsi's design is strongly influenced by nginx's expected module behaviour, so this will be non trivial :)