OPNsense Forum

English Forums => General Discussion => Topic started by: isJesusHere on November 28, 2021, 01:14:45 am

Title: Where do custom NAXSI basic rule (whitelist rule) conditions get applied?
Post by: isJesusHere on November 28, 2021, 01:14:45 am

So I'm currently setting up my WAF for various web apps and the nginx WebUI gives options to add conditions like "only match this specific GET argument, but only if it matches this regex" but when generating the nginx.conf i only see the "only this specific GET argument" part and not the regex.
Example:in the webui i have a rule setup that matches a GET argument named url but only if it's value matches

Code: [Select]

X-Plex-Token=[0-9a-zA-Z]*. Now in the nginx conf it only shows

Code: [Select]

BasicRule wl:1103 "mz:$ARGS_VAR:url";.
I don't see any links to include other configs, where it could specify what exactly to match.
Anybody know what I'm missing?

Title: Re: Where do custom NAXSI basic rule (whitelist rule) conditions get applied?
Post by: fabian on November 28, 2021, 01:10:55 pm

Main Rules: Global
Basic Rules: Location

Title: Re: Where do custom NAXSI basic rule (whitelist rule) conditions get applied?
Post by: isJesusHere on November 28, 2021, 01:30:38 pm

Well yeah, but in the nginx config only the basics of the basic-rule are included.
I attached a screenshot of the basic rule I created, added to a policy, and added that to a location and applied.
vs what shows in the location block

Code: [Select]

BasicRule wl:1100 "mz:RAW_BODY";note that it's missing

Code: [Select]

X-Plex-Token=[0-9a-zA-Z]*. I'm new to naxsi, so i don't know if it's applied somewhere else, just that i can't find any other reference to the constraints I've made other than in the opnsense config