Text only | Text with Images

OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: Loïc_bzh on September 18, 2025, 12:16:17 PM

Title: Nginx - Download Naxsi WAF policy failed
Post by: Loïc_bzh on September 18, 2025, 12:16:17 PM
Hello,

I would like to implement a WAF with Nginx, but when I click on "Download" to import the NAXSI core rules on "HTTP's=> Naxsi WAF policy" tab, nothing happens and after a few seconds, I get this error from the crash reporter of OPNsense :

Code Select
PHP Fatal error:  Allowed memory size of 8589934592 bytes exhausted (tried to allocate 8579452928 bytes) in /usr/local/opnsense/scripts/nginx/naxsi_rule_download.php on line 172
For the above error, the memory_limit from /usr/local/opnsense/service/templates/OPNsense/WebGui/php.ini was set to 8G. I had the same error with the original limit set to 1G.

System info:
FreeBSD 14.3-RELEASE-p2 stable/25.7-n271676-ab2281de1853 SMP amd64
OPNsense 25.7.3_7 13101bd9a
Plugins os-acme-client-4.10 os-adguardhome-maxit-1.15 os-ddclient-1.27_4 os-nginx-1.35
OpenSSL 3.0.17
Python 3.11.13
PHP 8.3.25

Thank you for your help.
Title: Re: Nginx - Download Naxsi WAF policy failed
Post by: ethanvos on September 24, 2025, 12:06:28 AM
I have also come across this error. The behaviour is exactly as described by OP. This is a fresh installation in a VM.

Code Select
PHP Fatal error:  Allowed memory size of 1073741824 bytes exhausted (tried to allocate 1063260160 bytes) in /usr/local/opnsense/scripts/nginx/naxsi_rule_download.php on line 172
After some googling, I also tried setting the memory_limit to a higher value. The only effect this had was to raise the byte counts.

Code Select
PHP Fatal error:  Allowed memory size of 4294967296 bytes exhausted (tried to allocate 4284485632 bytes) in /usr/local/opnsense/scripts/nginx/naxsi_rule_download.php on line 172
Advice, help, or a gentle nudge in the right direction would be much appreciated, as I'm on a deadline to get this implemented.

sysinfo:
FreeBSD 14.3-RELEASE-p2 stable/25.7-n271676-ab2281de1853 SMP amd64
OPNsense 25.7.3_7 13101bd9a
Plugins os-net-snmp-1.6 os-nginx-1.35 os-vmware-1.5_1
OpenSSL 3.0.17
Python 3.11.13
PHP 8.3.25

Thanks.
Title: Re: Nginx - Download Naxsi WAF policy failed
Post by: ethanvos on September 24, 2025, 04:08:07 AM
I have opened a bug report on GitHub for this issue, which includes a little more information as to the nature of the bug.
https://github.com/opnsense/plugins/issues/4953
Title: Re: Nginx - Download Naxsi WAF policy failed
Post by: Loïc_bzh on September 26, 2025, 10:56:53 AM
Quote from: ethanvos on September 24, 2025, 04:08:07 AMI have opened a bug report on GitHub for this issue, which includes a little more information as to the nature of the bug.
https://github.com/opnsense/plugins/issues/4953

Thank you! I was going to open the ticket this morning, but you were quicker. :)
Title: Re: Nginx - Download Naxsi WAF policy failed
Post by: Loïc_bzh on October 01, 2025, 02:27:13 PM
Patch available from the GitHub issue (https://github.com/opnsense/plugins/issues/4953#issuecomment-3343559364) :

Code Select
opnsense-patch -c plugins -a kulikov-a cfbe14d
Text only | Text with Images