Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
nginx plugin - waf policy issueissue
« previous
next »
Print
Pages: [
1
]
Author
Topic: nginx plugin - waf policy issueissue (Read 703 times)
Timeraider
Newbie
Posts: 7
Karma: 0
nginx plugin - waf policy issueissue
«
on:
March 22, 2024, 10:07:22 am »
So.. basically I have my nginx like this. Simple reverse proxy for a main website that is the domainname and then a few sites that contain a subname.domainname... nothing special.
Now I have been turning on and editing WAF policies to make sure its all fully secured, but im walking against an issue.
WAF policies active on the main domain name are blocking stuff happening on the subdomainnames within nginx.
So lets say it like this.. sub2.domainname.com has issues with something due to the SQL injections policy of WAF. I then turn off only the SQL injections policy for sub2.domainname.com. It still gets blocked.
However when I then also turn off the SQL injections policy on the domainname, it works.
In the logging I can see that rules/policies only active on the domainname site also seem to block stuff on the subdomains.
How can I try to seperate it so that WAF rules from the main site dont affect the subdomains (which are totally seperate sites)?
Logged
Timeraider
Newbie
Posts: 7
Karma: 0
Re: nginx plugin - waf policy issueissue
«
Reply #1 on:
March 27, 2024, 03:28:28 pm »
Welp, if anyone finds this thread.
Not solved the initial issue, but made it bearable by simply having all the stuff enabled on the main domain and then create Basic Rules to whitelist the IDs that kept blocking stuff. (regardless of the location of the policy trying to block it and whether its active on either domain/subdomain or both)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
nginx plugin - waf policy issueissue