Messages

1

Web Proxy Filtering and Caching / Re: nginx start and configcheck extremely slow

« on: August 05, 2022, 01:36:08 pm »

ok, so i figured out what it was. Somehow routing to that one VM within the subnet isn't working anymore by default. Setting a static route to the VM in opnsense fixed it. Really weird.

A few more infos for somebody else troubleshooting or wanting to fix this:
Opnsense with VLAN 10.10.0.0/24, mgmt net 192.168.178.0/24 (local network of ISP router).
access to VMs within VLAN with routes set to mgmt address setup in ISP router
With these static routes, I could access the VMs by IP from mgmt-net, but nginx couldn't. Where it now needs a static route, it didn't before 22.7. Maybe this is wanted for more granular routing control.

also this was the reason why nginx reload took so long, for anybody asking.

2

Web Proxy Filtering and Caching / Re: nginx start and configcheck extremely slow

« on: August 03, 2022, 03:30:02 pm »

So that seemed to have worked. Now nginx reloads quick again, but I can only access one of my two upstream servers. Both within the same subnet. If i change the IP of the faulty upstream server I can access it again. Don't know how that's possible. Haven't changed anything else.

3

Web Proxy Filtering and Caching / nginx start and configcheck extremely slow

« on: July 30, 2022, 06:55:26 pm »

Haven't had this problem in at least a year. Then, upgrade to 22.7 and it's back.
Restarting nginx from webui or cli will take ages (+5min).

But as soon as I restore a snapshot from 22.1 everything works just fine. Zero changes except the update.

Running opnsense in a esxi vm.

I've submitted a crash report via the webui and put the URL to this topic in the description. Don't know if it'll help

4

General Discussion / Re: Where do custom NAXSI basic rule (whitelist rule) conditions get applied?

« on: November 28, 2021, 01:30:38 pm »

Well yeah, but in the nginx config only the basics of the basic-rule are included.
I attached a screenshot of the basic rule I created, added to a policy, and added that to a location and applied.
vs what shows in the location block

Code: [Select]

BasicRule wl:1100 "mz:RAW_BODY";note that it's missing

Code: [Select]

X-Plex-Token=[0-9a-zA-Z]*. I'm new to naxsi, so i don't know if it's applied somewhere else, just that i can't find any other reference to the constraints I've made other than in the opnsense config

5

General Discussion / Where do custom NAXSI basic rule (whitelist rule) conditions get applied?

« on: November 28, 2021, 01:14:45 am »

So I'm currently setting up my WAF for various web apps and the nginx WebUI gives options to add conditions like "only match this specific GET argument, but only if it matches this regex" but when generating the nginx.conf i only see the "only this specific GET argument" part and not the regex.
Example:in the webui i have a rule setup that matches a GET argument named url but only if it's value matches

Code: [Select]

X-Plex-Token=[0-9a-zA-Z]*. Now in the nginx conf it only shows

Code: [Select]

BasicRule wl:1103 "mz:$ARGS_VAR:url";.
I don't see any links to include other configs, where it could specify what exactly to match.
Anybody know what I'm missing?