1
General Discussion / nginx plugin - waf policy issueissue
« on: March 22, 2024, 10:07:22 am »
So.. basically I have my nginx like this. Simple reverse proxy for a main website that is the domainname and then a few sites that contain a subname.domainname... nothing special.
Now I have been turning on and editing WAF policies to make sure its all fully secured, but im walking against an issue.
WAF policies active on the main domain name are blocking stuff happening on the subdomainnames within nginx.
So lets say it like this.. sub2.domainname.com has issues with something due to the SQL injections policy of WAF. I then turn off only the SQL injections policy for sub2.domainname.com. It still gets blocked.
However when I then also turn off the SQL injections policy on the domainname, it works.
In the logging I can see that rules/policies only active on the domainname site also seem to block stuff on the subdomains.
How can I try to seperate it so that WAF rules from the main site dont affect the subdomains (which are totally seperate sites)?
Now I have been turning on and editing WAF policies to make sure its all fully secured, but im walking against an issue.
WAF policies active on the main domain name are blocking stuff happening on the subdomainnames within nginx.
So lets say it like this.. sub2.domainname.com has issues with something due to the SQL injections policy of WAF. I then turn off only the SQL injections policy for sub2.domainname.com. It still gets blocked.
However when I then also turn off the SQL injections policy on the domainname, it works.
In the logging I can see that rules/policies only active on the domainname site also seem to block stuff on the subdomains.
How can I try to seperate it so that WAF rules from the main site dont affect the subdomains (which are totally seperate sites)?