OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • Could naxsi support block empty user-agent?
« previous next »
  • Print
Pages: [1] 2

Author Topic: Could naxsi support block empty user-agent?  (Read 9499 times)

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Could naxsi support block empty user-agent?
« on: November 05, 2020, 02:42:39 am »
Hello,
I know nginx can use hook to add block empty user-agent.I want know naxsi could support it?
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #1 on: November 05, 2020, 11:08:32 am »
it should
may be something like:
Code: [Select]
MainRule negative id:1700 "rx:^(?!\s*$).+" "msg:Empty_UA" "mz:$HEADERS_VAR_X:User-Agent"not tested
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #2 on: November 06, 2020, 03:05:56 am »
OK,I will test it.Thanks a lot.
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #3 on: November 06, 2020, 03:16:46 am »
I test it.It's can't block it.
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #4 on: November 06, 2020, 05:17:22 am »
test it. works
Code: [Select]
curl -H "User-Agent;" http://myCA_CRL_URL
Code: [Select]
*32507 NAXSI_EXLOG: ip=some_ip&server=my_serever&uri=%2Fcrl_file&id=1700&zone=HEADERS&var_name=user-agent&content=, client: some_ip, server: my_server, request: "GET /my.crl HTTP/1.1", host: "my_server
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #5 on: November 06, 2020, 06:41:40 am »
If you try
Quote
curl -A '' -H 'User-Agent;' http://web -I
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #6 on: November 06, 2020, 06:49:35 am »
Sorry,I make mistake.It's can block it.Thanks a lot.
I want know about naxsi.It's can choose drop connection this option.What the different block request and drop connection?I test it.I feel no different.
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #7 on: November 06, 2020, 07:34:26 am »
https://github.com/nbs-system/naxsi/wiki/rules-bnf
Quote
specifiy an action such a BLOCK (blocks the request in non-learning mode) or DROP (blocks the request even in learning mode)
DROP is not "DROP connection". its block even in learning mode
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #8 on: November 06, 2020, 07:50:15 am »
So,Whatever choose block request or drop connection it's always show opnsense request denied webpage.
Right?
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #9 on: November 06, 2020, 08:02:49 am »
yep
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #10 on: November 06, 2020, 11:13:54 am »
Quote from: Fright on November 05, 2020, 11:08:32 am
it should
may be something like:
Code: [Select]
MainRule negative id:1700 "rx:^(?!\s*$).+" "msg:Empty_UA" "mz:$HEADERS_VAR_X:User-Agent"not tested
Hello,I test it.
If I use browers like firefox to see http://ab.aspa.idv.tw.It's also show Request Denied.
You can check http://ab.aspa.idv.tw
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #11 on: November 06, 2020, 11:47:38 am »
and whats in the "HTTP Error logs" for this requests?
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #12 on: November 06, 2020, 12:39:59 pm »
Quote
*19 NAXSI_FMT: ip=219.84.34.52&server=ab.aspa.idv.tw&uri=/&learning=0&vers=0.56&total_processed=12&total_blocked=10&block=1&cscore0=$policy20906cd5e25e413f9fe6e733c38d3586&score0=16&zone0=HEADERS&id0=15001&var_name0=user-agent&zone1=HEADERS|NAME&id1=15001&var_name1=user-agent, client: 219.84.34.52, server: ab.aspa.idv.tw, request: "GET / HTTP/1.1", host: "ab.aspa.idv.tw"

Quote
*19 NAXSI_FMT: ip=219.84.34.52&server=ab.aspa.idv.tw&uri=/favicon.ico&learning=0&vers=0.56&total_processed=13&total_blocked=11&block=1&cscore0=$policy20906cd5e25e413f9fe6e733c38d3586&score0=16&zone0=HEADERS&id0=15001&var_name0=user-agent&zone1=HEADERS|NAME&id1=15001&var_name1=user-agent, client: 219.84.34.52, server: ab.aspa.idv.tw, request: "GET /favicon.ico HTTP/1.1", host: "ab.aspa.idv.tw", referrer: "http://ab.aspa.idv.tw/"
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #13 on: November 06, 2020, 03:03:10 pm »
Quote
zone1=HEADERS|NAME
and how exactly rule 15001 looks like?
and can you enable "Extensive Naxsi Log" in server properties and post NAXSI_EXLOG log for blocked request?
Logged

akong77

  • Newbie
  • *
  • Posts: 41
  • Karma: 0
    • View Profile
Re: Could naxsi support block empty user-agent?
« Reply #14 on: November 06, 2020, 03:46:59 pm »
Quote
MainRule id:15001 "rx:^(?!\s*$).+" "msg:Empty UA" "mz:$HEADERS_VAR_X:User-Agent" "s:$policy20906cd5e25e413f9fe6e733c38d3586:8";
Logged
  • Print
Pages: [1] 2
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • Could naxsi support block empty user-agent?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2