strange behavior with rules

[2327]

Details

• NGINX version: 1.26.1
• NAXSI version: 1.6
• Did you install NAXSI from a package manager? * NO
• Operating System: ubuntu 24, docker 26.1.3: debian-12-slim

If mz contains "URL" then naxsi accepted all requests. Possible its not bug coz i can restrict all URL via nginx location

[wargio]

that is weird. can you provide an example? also is this referred to a rule or whitelist?

[2327]

I keep testing. Can proxy_pass cache cause unpredictable behavior? Every time i down and up my naxsi container. And suddenly it started work right.
only one thing that could unite different containers was the saved responses proxy cache in files in disk. I wasted 2 days for it :~~(

[wargio]

tbh, i doubt, but maybe something changed on 1.26

[wargio]

I just checked the CI and i only test up to 1.24.x so let me try to add extra versions

[wargio]

#140

[2327]

I continue to test this fork in my small project. Temporarily result: it definitely works. I hope I'm not wrong :)

I'm having problem with the rules generator. I attempted run it, but i have exception "raise SQLWrapperException, 'Sorry, step is not supported'. I think that it definitely needs to be rewritten. The code is hopelessly outdated or I'm doing something wrong. I tried running it in docker with different versions of python and all attempts without success. I didn't delve into the code. lol.

Also i didn't do any load testing. I didn't make good attacks (but simple requests were denied). It would be great to add similar things to the project. I mean just simple scripts. I think i can make it.

The discussion has gone off topic. Maybe there is some kind of mailing list or you can write general questions somewhere so as not to clutter up your issues? May be you can email me and all this helped your fork?

Сool project. Especially for poor people like me. Let's update scripts, documentation and add simple tests. After this, the project comes to life again!

I can place all the configs and docker files on the paste.bin or do PR to your project

[wargio]

Thank you for such great interest, very appreciated :)

Regarding the load testing, usually its mainly related to NGINX, i don't think there is any real reason to do such test, since i have seen naxsi handling millions of requests easily thanks to NGINX.

For the rule generator, many things needs to be rewritten. files are old and runs only on python 2.

I strongly suggest to setup a kibana/grafana dashboard and populate it, so you can easily see what is likely an attack or a false positive.

Currently i'm planning to work on it soon and maybe move towards v2.0 with a new format for the rules using yaml and probably split it into a c or c++ library for easily testing each components.

[wargio]

I'm in the process to update the documentation, it could be useful if you could proof-read it.
You can find it here: https://wargio.github.io/naxsi/ (ignore any non /naxsi/new path since that is the old outdated documentation).