naxsi
naxsi copied to clipboard
nbs-system
Valid JSON is blocked by Rule ID 15
Hello
It seems that escaping characters in JSON are triggering the rule id15:
test JSON:
{"key":"escaped \"\" value"}
2022/02/15 16:19:19 [error] 39898#0: *58 NAXSI_FMT: ip=*&server=*&uri=/angular.do&learning=1&vers=0.55.3&total_processed=30&total_blocked=1&block=1&zone0=BODY&id0=15&var_name0=&zone1=BODY&id1=15&var_name1=, client: *, server: *, request: "POST /angular.do?sysparm_type=sp_ref_list_data HTTP/1.1", host: "*", referrer: "https://*
# nginx -V nginx version: nginx/1.16.1 built by gcc 8.3.0 (Debian 8.3.0-6) built with OpenSSL 1.1.1c 28 May 2019 (running with OpenSSL 1.1.1d 10 Sep 2019) TLS SNI support enabled configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi-0.55.3/naxsi_src/ --with-http_auth_request_module --with-http_geoip_module --with-http_ssl_module --with-http_stub_status_module --with-http_xslt_module --with-http_realip_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module --with-stream_ssl_preread_module --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --http-scgi-temp-path=/var/lib/nginx/scgi --prefix=/usr --with-cc-opt='-Wno-stringop-overflow -Wno-stringop-truncation' --with-debug
Hi 😃
Same behaviour here with :
nginx version: nginx/1.20.2
built with OpenSSL 1.1.1m 14 Dec 2021 (running with OpenSSL 1.1.1o 3 May 2022)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --with-compat --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --add-module=/usr/obj/usr/ports/www/nginx/work/nginx-module-vts-0.1.18 --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/ngx_brotli-9aec15e --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/headers-more-nginx-module-d6d7eba --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-1.3/naxsi_src --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/njs-0.7.0/nginx
Shorter :
nginx version: nginx/1.20.2
--add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-1.3/naxsi_src
Can't confirm this is due to escaped chars but I can correlate having some in json files
Thanks for investigating
💡 The rule 15 is triggering 3 time with Jenkins Blue Ocean Plugin
