|
[-]
[+]
|
Changed |
nginx.spec
|
|
|
|
[-]
[+]
|
Added |
openssl-rc4tilt.patch
^
|
| @@ -0,0 +1,17 @@
+Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch.
+diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c
+--- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200
+@@ -3844,6 +3844,11 @@
+ (TLS1_get_version(s) < TLS1_2_VERSION))
+ continue;
+
++ /* Disable RC4 for TLS v1.1+ */
++ if ((c->algorithm_enc == SSL_RC4) &&
++ (TLS1_get_version(s) >= TLS1_1_VERSION))
++ continue;
++
+ ssl_set_cert_masks(cert,c);
+ mask_k = cert->mask_k;
+ mask_a = cert->mask_a;
+Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
|
|
|
Changed |
1.12.34.2-x64.tar.gz
^
|
|
|
Added |
1.13.35.1-x64.tar.gz
^
|
|
[-]
[+]
|
Changed |
_service
^
|
| @@ -2,11 +2,6 @@
<service name="download_url">
<param name="host">nginx.org</param>
<param name="protocol">http</param>
- <param name="path">/download/nginx-1.20.1.tar.gz</param>
+ <param name="path">/download/nginx-1.12.2.tar.gz</param>
</service>
- <service name="download_url">
- <param name="host">www.openssl.org</param>
- <param name="protocol">https</param>
- <param name="path">/source/openssl-1.1.1l.tar.gz</param>
- </service>
-</services>
+<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.12.2.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services>
|
|
|
Changed |
_service:download_url:nginx-1.12.2.tar.gz
^
|
|
|
Added |
_service:download_url:openssl-1.1.0g.tar.gz
^
|
|
|
Deleted |
_service:download_url:openssl-1.1.1l.tar.gz
^
|
|
[-]
[+]
|
Added |
blockips.conf
^
|
| @@ -0,0 +1,718 @@
+### updates are avail. at raw.githubusercontent.com/mariusv/nginx-badbot-blocker/master/blockips.conf
+
+
+deny 178.238.234.1;
+deny 76.90.254.19;
+deny 85.17.26.68; # spammy comments - Leaseweb
+deny 85.17.230.23; # spammy comments - Leaseweb
+deny 173.234.11.105; # junk referrers
+deny 173.234.31.9; # junk referrers - Ubiquityservers
+deny 173.234.38.25; # spammy comments
+deny 173.234.153.30; # junk referrers
+deny 173.234.153.106; # spammy comments - Ubiquityservers
+deny 173.234.175.68; # spammy comments
+deny 190.152.223.27; # junk referrers
+deny 195.191.54.90; # odd behaviour, Mozilla, doesnt fetch js/css. Ended up doing a POST, prob a spambot
+deny 195.229.241.174; # spammy comments - United Arab Emirates
+deny 210.212.194.60; # junk referrers + spammy comments
+deny 76.91.248.49; # bad bot
+deny 1.4.0.0/17;
+deny 1.10.16.0/20;
+deny 1.116.0.0/14;
+deny 5.34.242.0/23;
+deny 5.72.0.0/14;
+deny 5.134.128.0/19;
+deny 14.4.0.0/14;
+deny 14.245.0.0/16;
+deny 23.235.48.0/20;
+deny 27.111.48.0/20;
+deny 27.122.32.0/20;
+deny 27.126.160.0/20;
+deny 31.11.43.0/24;
+deny 31.222.200.0/21;
+deny 36.0.8.0/21;
+deny 36.37.48.0/20;
+deny 37.139.49.0/24;
+deny 37.148.216.0/21;
+deny 37.246.0.0/16;
+deny 41.72.64.0/19;
+deny 42.0.32.0/19;
+deny 42.1.56.0/22;
+deny 42.1.128.0/17;
+deny 42.52.0.0/14;
+deny 42.83.80.0/22;
+deny 42.96.0.0/18;
+deny 42.123.36.0/22;
+deny 42.128.0.0/12;
+deny 42.160.0.0/12;
+deny 42.194.8.0/22;
+deny 42.194.12.0/22;
+deny 42.194.128.0/17;
+deny 43.229.52.0/22;
+deny 43.236.0.0/16;
+deny 43.250.64.0/22;
+deny 43.250.116.0/22;
+deny 43.252.80.0/22;
+deny 43.252.152.0/22;
+deny 43.252.180.0/22;
+deny 43.255.188.0/22;
+deny 45.64.88.0/22;
+deny 45.117.208.0/22;
+deny 45.121.144.0/22;
+deny 46.29.248.0/22;
+deny 46.29.248.0/21;
+deny 46.148.112.0/20;
+deny 46.151.48.0/21;
+deny 46.232.192.0/21;
+deny 46.243.140.0/24;
+deny 46.243.142.0/24;
+deny 49.8.0.0/14;
+deny 49.128.104.0/22;
+deny 58.87.64.0/18;
+deny 59.254.0.0/15;
+deny 60.233.0.0/16;
+deny 61.11.224.0/19;
+deny 61.13.128.0/17;
+deny 61.45.251.0/24;
+deny 62.182.152.0/21;
+deny 64.234.224.0/20;
+deny 66.231.64.0/20;
+deny 67.213.128.0/20;
+deny 67.218.208.0/20;
+deny 72.13.16.0/20;
+deny 78.31.184.0/21;
+deny 78.31.211.0/24;
+deny 79.173.104.0/21;
+deny 80.76.8.0/21;
+deny 81.22.152.0/23;
+deny 83.175.0.0/18;
+deny 85.121.39.0/24;
+deny 86.55.40.0/23;
+deny 86.55.42.0/23;
+deny 88.135.16.0/20;
+deny 91.194.254.0/23;
+deny 91.195.254.0/23;
+deny 91.198.127.0/24;
+deny 91.200.248.0/22;
+deny 91.203.20.0/22;
+deny 91.207.4.0/22;
+deny 91.209.12.0/24;
+deny 91.212.104.0/24;
+deny 91.212.198.0/24;
+deny 91.212.201.0/24;
+deny 91.212.220.0/24;
+deny 91.213.126.0/24;
+deny 91.213.172.0/24;
+deny 91.216.3.0/24;
+deny 91.217.10.0/23;
+deny 91.220.35.0/24;
+deny 91.220.62.0/24;
+deny 91.220.163.0/24;
+deny 91.223.89.0/24;
+deny 91.226.97.0/24;
+deny 91.229.210.0/24;
+deny 91.230.110.0/24;
+deny 91.230.252.0/23;
+deny 91.234.36.0/24;
+deny 91.235.2.0/24;
+deny 91.236.74.0/23;
+deny 91.236.120.0/24;
+deny 91.237.198.0/24;
+deny 91.238.82.0/24;
+deny 91.239.24.0/24;
+deny 91.239.238.0/24;
+deny 91.240.163.0/24;
+deny 91.240.165.0/24;
+deny 91.242.217.0/24;
+deny 91.243.115.0/24;
+deny 93.175.240.0/20;
+deny 94.26.112.0/20;
+deny 94.154.128.0/18;
+deny 95.216.0.0/15;
+deny 101.192.0.0/14;
+deny 101.199.0.0/16;
+deny 101.202.0.0/16;
+deny 101.203.128.0/19;
+deny 101.248.0.0/15;
+deny 101.252.0.0/15;
+deny 103.2.44.0/22;
+deny 103.10.68.0/22;
+deny 103.12.216.0/22;
+deny 103.16.76.0/24;
+deny 103.20.36.0/22;
+deny 103.23.8.0/22;
+deny 103.36.64.0/22;
+deny 103.41.124.0/22;
+deny 103.41.180.0/22;
+deny 103.42.115.0/24;
+deny 103.55.28.0/22;
+deny 103.57.248.0/22;
+deny 103.61.4.0/22;
+deny 103.228.60.0/22;
+deny 103.229.36.0/22;
+deny 103.230.144.0/22;
+deny 103.231.84.0/22;
+deny 103.232.136.0/22;
+deny 103.232.172.0/22;
+deny 103.236.32.0/22;
+deny 103.242.184.0/22;
+deny 104.143.112.0/20;
+deny 104.255.136.0/21;
+deny 106.96.0.0/14;
+deny 108.166.224.0/19;
+deny 109.94.208.0/20;
+deny 110.44.128.0/20;
+deny 110.232.160.0/20;
+deny 113.20.160.0/19;
+deny 114.8.0.0/16;
+deny 115.85.133.0/24;
+deny 116.78.0.0/15;
+deny 116.128.0.0/10;
+deny 116.144.0.0/15;
+deny 116.146.0.0/15;
+deny 117.100.0.0/15;
+deny 118.177.0.0/16;
+deny 118.185.0.0/16;
+deny 119.232.0.0/16;
+deny 120.48.0.0/15;
+deny 120.92.0.0/17;
+deny 120.92.128.0/18;
+deny 120.92.192.0/19;
+deny 120.92.224.0/20;
+deny 121.100.128.0/18;
+deny 122.129.0.0/18;
+deny 122.202.96.0/19;
+deny 123.136.80.0/20;
+deny 124.68.0.0/15;
+deny 124.70.0.0/15;
+deny 124.157.0.0/18;
+deny 124.242.0.0/16;
+deny 124.245.0.0/16;
+deny 125.31.192.0/18;
+deny 125.58.0.0/18;
+deny 125.169.0.0/16;
+deny 128.13.0.0/16;
+deny 128.168.0.0/16;
+deny 128.191.0.0/16;
+deny 129.47.0.0/16;
+deny 129.76.64.0/18;
+deny 130.148.0.0/16;
|
|
[-]
[+]
|
Changed |
changelog
^
|
| @@ -1,9 +1,3 @@
-* Tu Oct 26 2021 Kilian Ries <kr@internetx.com> - 1.20.1
-- 1.20.1 bump
-- cleanup old files
-- update all modules to latest version
-- openssl 1.1.1l
-
* Sun Mar 05 2016 Juergen Gotteswinter <jg@internetx.com> - 1.9.12-1
- 1.9.12 bump
- enabled http splice module
@@ -134,4 +128,4 @@
- version bump to 0.7.63
* Fri Oct 23 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.62-3
-- included nginx-socket-patch for unix socket support
+- included nginx-socket-patch for unix socket support
\ No newline at end of file
|
|
[-]
[+]
|
Added |
config
^
|
| @@ -0,0 +1,856 @@
+
+
+
+
+
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset='utf-8'>
+ <meta http-equiv="X-UA-Compatible" content="chrome=1">
+ <title>config at master from bigplum/Nginx-limit-traffic-rate-module - GitHub</title>
+ <link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub" />
+ <link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub" />
+
+ <link href="https://assets0.github.com/stylesheets/bundle_common.css?594c3ba479ae702f0f0215dba898d5fb809fc253" media="screen" rel="stylesheet" type="text/css" />
+<link href="https://assets3.github.com/stylesheets/bundle_github.css?594c3ba479ae702f0f0215dba898d5fb809fc253" media="screen" rel="stylesheet" type="text/css" />
+
+ <script type="text/javascript">
+ if (typeof console == "undefined" || typeof console.log == "undefined")
+ console = { log: function() {} }
+ </script>
+ <script type="text/javascript" charset="utf-8">
+ var GitHub = {}
+ var github_user = null
+
+ </script>
+ <script src="https://assets2.github.com/javascripts/jquery/jquery-1.4.2.min.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script>
+ <script src="https://assets2.github.com/javascripts/bundle_common.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script>
+<script src="https://assets3.github.com/javascripts/bundle_github.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script>
+
+
+ <script type="text/javascript" charset="utf-8">
+ GitHub.spy({
+ repo: "bigplum/Nginx-limit-traffic-rate-module"
+ })
+ </script>
+
+
+ <link href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/commits/master.atom" rel="alternate" title="Recent Commits to Nginx-limit-traffic-rate-module:master" type="application/atom+xml" />
+
+ <meta name="description" content="Limiting rate by given variables(like $request_uri, $remote_addr, etc..)." />
+ <script type="text/javascript">
+ GitHub.nameWithOwner = GitHub.nameWithOwner || "bigplum/Nginx-limit-traffic-rate-module";
+ GitHub.currentRef = 'master';
+ GitHub.commitSHA = "c0c90f55a8cb545559b73eafb91a0af3f2d8474a";
+ GitHub.currentPath = 'config';
+ GitHub.masterBranch = "master";
+
+
+ </script>
+
+
+ <script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-3769691-2']);
+ _gaq.push(['_setDomainName', 'none']);
+ _gaq.push(['_trackPageview']);
+ (function() {
+ var ga = document.createElement('script');
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ ga.setAttribute('async', 'true');
+ document.documentElement.firstChild.appendChild(ga);
+ })();
+ </script>
+
+
+ </head>
+
+
+
+ <body class="logged_out page-blob">
+
+
+
+
+
+
+
+
+
+
+ <div class="subnavd" id="main">
+ <div id="header" class="true">
+
+ <a class="logo boring" href="https://github.com">
+ <img src="/images/modules/header/logov3.png?changed" class="default" alt="github" />
+ <!--[if (gt IE 8)|!(IE)]><!-->
+ <img src="/images/modules/header/logov3-hover.png" class="hover" alt="github" />
+ <!--<![endif]-->
+ </a>
+
+
+ <div class="topsearch">
+
+ <ul class="nav logged_out">
+ <li class="pricing"><a href="/plans">Pricing and Signup</a></li>
+ <li class="explore"><a href="/explore">Explore GitHub</a></li>
+ <li class="features"><a href="/features">Features</a></li>
+ <li class="blog"><a href="/blog">Blog</a></li>
+ <li class="login"><a href="/login?return_to=https://github.com/bigplum/Nginx-limit-traffic-rate-module/blob/master/config">Login</a></li>
+ </ul>
+
+</div>
+
+ </div>
+
+
+
+
+ <div class="site">
+ <div class="pagehead repohead vis-public ">
+
+
+
+ <div class="title-actions-bar">
+ <h1>
+ <a href="/bigplum">bigplum</a> / <strong><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module">Nginx-limit-traffic-rate-module</a></strong>
+
+
+ </h1>
+
+
+ <ul class="actions">
+
+
+
+ <li class="for-owner" style="display:none"><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/admin" class="minibutton btn-admin "><span><span class="icon"></span>Admin</span></a></li>
+ <li>
+ <a href="/bigplum/Nginx-limit-traffic-rate-module/toggle_watch" class="minibutton btn-watch " id="watch_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;" style="display:none"><span><span class="icon"></span>Watch</span></a>
+ <a href="/bigplum/Nginx-limit-traffic-rate-module/toggle_watch" class="minibutton btn-watch " id="unwatch_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;" style="display:none"><span><span class="icon"></span>Unwatch</span></a>
+ </li>
+
+
+ <li class="for-notforked" style="display:none"><a href="/bigplum/Nginx-limit-traffic-rate-module/fork" class="minibutton btn-fork " id="fork_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;"><span><span class="icon"></span>Fork</span></a></li>
+ <li class="for-hasfork" style="display:none"><a href="#" class="minibutton btn-fork " id="your_fork_button"><span><span class="icon"></span>Your Fork</span></a></li>
+
+
+
+
+
+
+ <li class="repostats">
+ <ul class="repo-stats">
+ <li class="watchers"><a href="/bigplum/Nginx-limit-traffic-rate-module/watchers" title="Watchers" class="tooltipped downwards">3</a></li>
+ <li class="forks"><a href="/bigplum/Nginx-limit-traffic-rate-module/network" title="Forks" class="tooltipped downwards">2</a></li>
+ </ul>
+ </li>
+ </ul>
+
+ </div>
+
+
+ <ul class="tabs">
+ <li><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module" class="selected" highlight="repo_source">Source</a></li>
+ <li><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/commits/master" highlight="repo_commits">Commits</a></li>
+ <li><a href="/bigplum/Nginx-limit-traffic-rate-module/network" highlight="repo_network">Network</a></li>
+ <li><a href="/bigplum/Nginx-limit-traffic-rate-module/pulls" highlight="repo_pulls">Pull Requests (0)</a></li>
+
+
+
+
+
+ <li><a href="/bigplum/Nginx-limit-traffic-rate-module/issues" highlight="issues">Issues (0)</a></li>
+
+
+
+ <li><a href="/bigplum/Nginx-limit-traffic-rate-module/graphs" highlight="repo_graphs">Graphs</a></li>
+
+ <li class="contextswitch nochoices">
+ <span class="toggle leftwards" >
+ <em>Branch:</em>
+ <code>master</code>
+ </span>
+ </li>
+ </ul>
+
+ <div style="display:none" id="pl-description"><p><em class="placeholder">click here to add a description</em></p></div>
+ <div style="display:none" id="pl-homepage"><p><em class="placeholder">click here to add a homepage</em></p></div>
+
+ <div class="subnav-bar">
+
+ <ul>
+ <li>
+ <a href="#" class="dropdown">Switch Branches (1)</a>
+ <ul>
+
+
+ <li><strong>master ✓</strong></li>
+
+ </ul>
+ </li>
+ <li>
+ <a href="#" class="dropdown defunct">Switch Tags (0)</a>
+
+ </li>
+ <li>
+
+ <a href="/bigplum/Nginx-limit-traffic-rate-module/branches" class="manage">Branch List</a>
+
|
|
|
Deleted |
cscope.tmplst
^
|
|
[-]
[+]
|
Added |
magento-sample.conf-disabled
^
|
| @@ -0,0 +1,113 @@
+server {
+ include /etc/nginx/port.conf;
+ server_name example.com;
+ return 301 $scheme://www.example.com$request_uri;
+}
+
+server {
+ include /etc/nginx/port.conf;
+ #listen 443 ssl;
+ server_name www.example.com; ## Domain is here
+ root /var/www/html;
+ access_log /var/log/nginx/access_www.example.com.log main;
+
+ if ($http_user_agent = "") { return 444;}
+
+ ####################################################################################
+ ## SSL CONFIGURATION
+
+ #ssl_certificate /etc/ssl/certs/www_server_com.chained.crt;
+ #ssl_certificate_key /etc/ssl/certs/server.key;
+
+ ####################################################################################
+ ## Server maintenance block. insert dev ip 1.2.3.4 static address www.whatismyip.com
+
+ #if ($remote_addr !~ "^(1.2.3.4|1.2.3.4)$") {
+ #return 503;
+ #}
+
+ #error_page 503 @maintenance;
+ #location @maintenance {
+ #rewrite ^(.*)$ /error_page/503.html break;
+ #internal;
+ #access_log off;
+ #log_not_found off;
+ #}
+
+ ####################################################################################
+ ## 403 error log/page
+
+ #error_page 403 /403.html;
+ #location = /403.html {
+ #root /var/www/html/error_page;
+ #internal;
+ #access_log /var/log/nginx/403.log error403;
+ #}
+
+ ####################################################################################
+ ## Main Magento location
+
+ location / {
+ try_files $uri $uri/ @handler;
+ }
+
+ ####################################################################################
+ ## These locations would be hidden by .htaccess normally, protected
+
+ location ~ (/(app/|includes/|pkginfo/|var/|errors/local.xml)|/\.) {
+ deny all;
+ }
+
+ ####################################################################################
+ ## Protecting /admin/ and /downloader/ 1.2.3.4 = static ip (www.whatismyip.com)
+
+ #location /downloader/ {
+ #allow 1.2.3.4; allow 1.2.3.4; deny all;
+ #rewrite ^/downloader/(.*)$ /downloader/index.php$1;
+ #}
+ #location /admin {
+ #allow 1.2.3.4; allow 1.2.3.4; deny all;
+ #rewrite / /@handler;
+ #}
+
+ ####################################################################################
+ ## Images, scripts and styles set far future Expires header
+
+ location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+ open_file_cache max=10000 inactive=8h;
+ open_file_cache_valid 1h;
+ open_file_cache_min_uses 2;
+ open_file_cache_errors off;
+ expires max;
+ log_not_found off;
+ access_log off;
+ }
+
+ ####################################################################################
+ ## Main Magento location
+
+ location @handler {
+ rewrite / /index.php?$args;
+ }
+
+ location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
+ rewrite ^(.*.php)/ $1 last;
+ }
+
+ ####################################################################################
+ ## Execute PHP scripts
+
+ location ~ .php$ {
+ add_header X-UA-Compatible 'IE=Edge,chrome=1';
+ add_header X-Time-Spent $request_time;
+ try_files $uri $uri/ =404;
+ fastcgi_pass 127.0.0.1:9000;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ ## Store code with multi domain
+ #fastcgi_param MAGE_RUN_CODE $storecode;
+ ## Default Store code
+ fastcgi_param MAGE_RUN_CODE default;
+ fastcgi_param MAGE_RUN_TYPE store; ## or website;
+ include fastcgi_params; ## See /etc/nginx/fastcgi_params
+ }
+ }
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/.travis.yml
^
|
| @@ -10,7 +10,7 @@
env:
global:
- VER_NGINX=1.9.11
- - COV=0
+ - COV=1
compiler:
- clang
@@ -27,7 +27,7 @@
- cd ./naxsi_src
- if [ "$CC" == "clang" ]; then COV=0; fi
- make
- - sudo cpanm -v --notest Test::Nginx
+ - cpanm -v --notest Test::Nginx
before_script:
- lcov --directory "../nginx-${VER_NGINX}" --zerocounters
@@ -39,3 +39,7 @@
- cat /tmp/ngx_error.log
- cat /tmp/ngx_access.log
+after_success:
+ - lcov --list naxsi.info
+ - coveralls-lcov --repo-token ${COVERALLS_TOKEN} naxsi.info
+
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/README.md
^
|
| @@ -4,8 +4,6 @@
[](https://travis-ci.org/nbs-system/naxsi)
[](https://coveralls.io/github/nbs-system/naxsi?branch=master)
[](http://codecov.io/github/nbs-system/naxsi?branch=master)
-[](https://bestpractices.coreinfrastructure.org/projects/740)
-[](https://gitter.im/nbs-system/naxsi)
### We need your help
@@ -43,7 +41,7 @@
and free (as in free beer) to use.
## What does it run on?
-Naxsi should be compatible with any nginx version.
+Naxsi is compatible with any nginx version, although it currently doesn't play well with the new HTTPv2 protocol added in recent nginx versions. See [issue #227]( https://github.com/nbs-system/naxsi/issues/227 ) for more details.
It depends on `libpcre` for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS.
@@ -52,12 +50,3 @@
- The [documentation](https://github.com/nbs-system/naxsi/wiki)
- Some [rules]( https://github.com/nbs-system/naxsi-rules ) for mainstream software
- The [nxapi/nxtool]( https://github.com/nbs-system/naxsi/tree/master/nxapi ) to generate rules
-
-
-<img alt="nxapi-dashboard logo" src="https://raw.githubusercontent.com/wiki/nbs-system/naxsi/Images/kibana.png" align="center"/>
-
-## Security issues
-If you find a security issue, please send it by email to `tko@nbs-system.com`;
-you can use the gpg key
-[0x251A28DE2685AED4](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x251A28DE2685AED4)
-to encrypt it.
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/naxsi_config/naxsi_core.rules
^
|
| @@ -69,7 +69,7 @@
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+MainRule "rx:%[2|3]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/naxsi_src/Makefile
^
|
| @@ -1,113 +1,75 @@
CORE_VERS := $(shell grep NAXSI_VERSION naxsi.h | cut -d '"' -f 2)
MOD_PATH := $(shell pwd)
-TMP_DIR := /tmp/nginx/
+TMP_DIR := /tmp/nginx/
# Keys for coverity
CAN :=
CAK :=
-#Mode: coverage, fuzz, or base
-COV ?= 0
-FUZZ ?= 0
-STOCK ?= 1
+#Set to 1 if you want coverage report
+COV ?= 1
#Allows to force for specific UT only
-#TEST := ""
-NGINX_VERS := "1.12.2"
+#TEST := "29*.t"
+NGINX_VERS := "1.9.11"
-
-NGINX_OPTIONS="--with-select_module"
+NGINX_OPTIONS="--error-log-path=/tmp/naxsi_ut/error.log"
NGINX_OPTIONS+="--conf-path=/tmp/naxsi_ut/nginx.conf"
NGINX_OPTIONS+="--http-client-body-temp-path=/tmp/naxsi_ut/body/"
NGINX_OPTIONS+="--http-fastcgi-temp-path=/tmp/naxsi_ut/fastcgi/"
+NGINX_OPTIONS+="--http-log-path=/tmp/naxsi_ut/access.log"
NGINX_OPTIONS+="--http-proxy-temp-path=/tmp/naxsi_ut/proxy/"
NGINX_OPTIONS+="--lock-path=/tmpnginx.lock"
NGINX_OPTIONS+="--pid-path=/tmp/naxsi_ut/nginx.pid"
NGINX_OPTIONS+="--modules-path=/tmp/naxsi_ut/modules/"
+NGINX_OPTIONS+="--with-http_ssl_module"
NGINX_OPTIONS+="--without-mail_pop3_module"
NGINX_OPTIONS+="--without-mail_smtp_module"
NGINX_OPTIONS+="--without-mail_imap_module"
-NGINX_OPTIONS+="--with-http_v2_module"
NGINX_OPTIONS+="--without-http_uwsgi_module"
NGINX_OPTIONS+="--without-http_scgi_module"
-#dynamic or not NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)"
+NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)"
+NGINX_OPTIONS+="--with-ipv6"
NGINX_OPTIONS+="--prefix=/tmp"
+NGINX_OPTIONS+="--with-debug"
-CFLAGS:="-Wall -Wextra -Werror"
+CFLAGS:="-Wall -Wextra"
all: nginx_download configure build install deploy
re: clean all test
-
-FUZZ_PATH := "../fuzz"
-AFL_PATH := $(PWD)"/"$(FUZZ_PATH)"/afl/"
-
-install_afl:
- mkdir -p $(FUZZ_PATH)
- cd $(FUZZ_PATH) && (wget -nc --no-clobber "http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz" || exit 1)
- cd $(FUZZ_PATH) && (test -d $(AFL_PATH) || (mkdir $(FUZZ_PATH)"/afl" && tar -C $(AFL_PATH)/ -xzf afl-latest.tgz --strip-components=1))
- cd $(FUZZ_PATH) && (make -C $(AFL_PATH) && make -C $(AFL_PATH)"/llvm_mode" clean all afl-clang-fast)
-
-install_preeny:
- cd $(FUZZ_PATH) && (test -d preeny || git clone https://github.com/zardus/preeny.git)
- cd $(FUZZ_PATH) && make -C preeny/src/
-
-fuzz_build: install_afl install_preeny
- mkdir -p $(FUZZ_PATH)
- STOCK=0 FUZZ=1 make nginx_download
- cd $(TMP_DIR) && patch -p1 "./src/core/ngx_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_cycle.patch"
- cd $(TMP_DIR) && patch -p1 "./src/os/unix/ngx_process_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_process_cycle.patch"
- STOCK=0 FUZZ=1 make configure build install deploy
-
-fuzz:
- LD_PRELOAD=$(FUZZ_PATH)"/preeny/src/desock.so" $(AFL_PATH)"afl-fuzz" -t 10 -i "../t/fuzz/" -o $(FUZZ_PATH)/findings $(TMP_DIR)/objs/nginx
-
clean:
rm -f "nginx-"$(NGINX_VERS)".tar.gz"
rm -f "nginx-"$(NGINX_VERS)".tar.gz.asc"
rm -rf /tmp/naxsi_ut/
rm -rf $(TMP_DIR)/
- rm -rf $(FUZZ_PATH)/
nginx_download:
wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz" || exit 1
wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz.asc" || exit 1
-# gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8
-# gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" || exit 1
+ gpg --keyserver pgp.key-server.io --recv-keys 0x251a28de2685aed4 0x520A9993A1C052F8
+ gpg --verify "nginx-"$(NGINX_VERS)".tar.gz.asc" "nginx-"$(NGINX_VERS)".tar.gz" || exit 1
mkdir -p $(TMP_DIR)/
tar -C $(TMP_DIR)/ -xzf nginx-$(NGINX_VERS).tar.gz --strip-components=1
configure:
-#build non dynamic module (faster) for fuzz/afl
-ifeq ($(FUZZ),1)
- cd $(TMP_DIR)/ && AFL_PATH=$(AFL_PATH) ./configure --with-cc=$(AFL_PATH)"/llvm_mode/afl-clang-fast" --with-cc-opt="-O3" $(NGINX_OPTIONS) --add-module=$(MOD_PATH) --error-log-path=/dev/null --http-log-path=/dev/null
-endif
-
ifeq ($(COV),1)
- cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf
-endif
-
-ifeq ($(STOCK),1)
- cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf
+ cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS)
+else
+ cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS)
endif
-
build:
- AFL_PATH=$(AFL_PATH) make -C $(TMP_DIR)
- if [ -d "/tmp/naxsi_ut" ] && [ -f $(TMP_DIR)/objs/ngx_http_naxsi_module.so ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi
+ cd $(TMP_DIR)/ && make
+ if [ -d "/tmp/naxsi_ut" ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi
install:
- make -C $(TMP_DIR) install
+ cd $(TMP_DIR)/ && make install
-deploy:
-ifeq ($(FUZZ),1)
- @cp ../t/confs/nginx_fuzz.conf.example /tmp/naxsi_ut/nginx.conf
-else
- @cp ../t/confs/nginx.conf.example /tmp/naxsi_ut/nginx.conf
-endif
+deploy:
+ @cp ./nginx.conf.example /tmp/naxsi_ut/nginx.conf
@cp ../naxsi_config/naxsi_core.rules /tmp/naxsi_ut/naxsi_core.rules
- @openssl req -batch -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt
# RUN UNIT TESTS
@@ -115,10 +77,13 @@
ifeq ($(COV),1)
lcov --directory $(TMP_DIR) --zerocounters
endif
+
if [ ! $(TEST) ] ; then TEST="*.t" ; fi
+
export PATH="$(TMP_DIR)/objs/:"$(PATH) ; \
- export PERL5LIB="~/perl5/lib/perl5/" ;\
+ export PERL5LIB="~/perl5/lib/perl5/:/home/travis/perl5/lib/perl5/" ; \
cd .. ; prove -r "t/$(TEST)"
+
ifeq ($(COV),1)
lcov --directory $(TMP_DIR)/objs/addon/naxsi_src/ --capture --output-file naxsi.info --base-directory $(TMP_DIR)
genhtml -s -o /tmp/naxsicov.html naxsi.info
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/naxsi_src/naxsi.h
^
|
| @@ -32,7 +32,7 @@
#ifndef __FOO_H__
#define __FOO_H__
-#define NAXSI_VERSION "0.56"
+#define NAXSI_VERSION "0.55.3"
#include <nginx.h>
#include <ngx_config.h>
@@ -548,7 +548,6 @@
ngx_http_request_t *r);
int nx_check_ids(ngx_int_t match_id, ngx_array_t *wl_ids);
int naxsi_unescape(ngx_str_t *str);
-u_int naxsi_escape_nullbytes(ngx_str_t *str);
void ngx_http_dummy_json_parse(ngx_http_request_ctx_t *ctx,
ngx_http_request_t *r,
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/naxsi_src/naxsi_json.c
^
|
| @@ -91,7 +91,6 @@
if (*(js->src+js->off) == '\\') {
js->off += 2;
if (js->off >= js->len) break;
- continue;
}
if (*(js->src+js->off) == '"') {
vn_end = js->src+js->off;
@@ -162,7 +161,7 @@
ngx_http_basestr_ruleset_n(js->r->pool, &js->ckey, &val,
js->main_cf->body_rules, js->r, js->ctx,
BODY);
- NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "quoted-JSON '%V' : '%V'",
+ NX_DEBUG(_debug_json, NGX_LOG_DEBUG_HTTP, js->r->connection->log, 0, "JSON '%V' : '%V'",
&(js->ckey), &(val));
}
return (ret);
@@ -319,7 +318,7 @@
{
ngx_json_t *js;
-
+
js = ngx_pcalloc(r->pool, sizeof(ngx_json_t));
if (!js) return ;
js->json.data = js->src = src;
@@ -328,7 +327,7 @@
js->ctx = ctx;
js->loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_naxsi_module);
js->main_cf = ngx_http_get_module_main_conf(r, ngx_http_naxsi_module);
-
+
if (ngx_http_nx_json_seek(js, '{')) {
ngx_http_apply_rulematch_v_n(&nx_int__invalid_json, ctx, r, NULL, NULL, BODY, 1, 0);
return ;
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/naxsi_src/naxsi_runtime.c
^
|
| @@ -108,14 +108,6 @@
ngx_http_rule_t *nx_int__libinject_sql; /*ID:17*/
ngx_http_rule_t *nx_int__libinject_xss; /*ID:18*/
-ngx_http_rule_t nx_int__no_rules = {/*type*/ 0, /*whitelist flag*/ 0,
- /*wl_id ptr*/ NULL, /*rule_id*/ 19,
- /*log_msg*/ NULL, /*score*/ 0,
- /*sscores*/ NULL,
- /*sc_block*/ 0, /*sc_allow*/ 0,
- /*block*/ 0, /*allow*/ 0, /*drop*/ 1, /*log*/ 0,
- /*br ptrs*/ NULL};
-
@@ -349,44 +341,38 @@
}
ngx_http_whitelist_rule_t *
-nx_find_wl_in_hash(
- ngx_http_request_t *req,
- ngx_str_t *mstr,
- ngx_http_dummy_loc_conf_t *cf,
- enum DUMMY_MATCH_ZONE zone)
+nx_find_wl_in_hash(ngx_str_t *mstr,
+ ngx_http_dummy_loc_conf_t *cf,
+ enum DUMMY_MATCH_ZONE zone)
{
+
ngx_int_t k;
ngx_http_whitelist_rule_t *b = NULL;
size_t i;
- ngx_str_t scratch = {.data = mstr->data, .len = mstr->len};
-
- if (zone == HEADERS) {
- scratch.data = ngx_pcalloc(req->pool, scratch.len+1);
- memcpy(scratch.data, mstr->data, scratch.len);
- }
-
- for (i = 0; i < scratch.len; i++)
- scratch.data[i] = tolower(scratch.data[i]);
-
- k = ngx_hash_key_lc(scratch.data, scratch.len);
+
+ for (i = 0; i < mstr->len; i++)
+ mstr->data[i] = tolower(mstr->data[i]);
+
+ k = ngx_hash_key_lc(mstr->data, mstr->len);
+
if ((zone == BODY || zone == FILE_EXT) && cf->wlr_body_hash && cf->wlr_body_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_body_hash, k,
- (u_char*) scratch.data,
- scratch.len);
+ (u_char*) mstr->data,
+ mstr->len);
else if (zone == HEADERS && cf->wlr_headers_hash &&
cf->wlr_headers_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_headers_hash, k,
- (u_char*) scratch.data,
- scratch.len);
+ (u_char*) mstr->data,
+ mstr->len);
else if (zone == URL && cf->wlr_url_hash && cf->wlr_url_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_url_hash, k,
- (u_char*) scratch.data,
- scratch.len);
+ (u_char*) mstr->data,
+ mstr->len);
else if (zone == ARGS && cf->wlr_args_hash && cf->wlr_args_hash->size > 0)
b = (ngx_http_whitelist_rule_t*) ngx_hash_find(cf->wlr_args_hash, k,
- (u_char*) scratch.data,
- scratch.len);
+ (u_char*) mstr->data,
+ mstr->len);
return (b);
}
@@ -653,7 +639,7 @@
if (name->len > 0) {
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V'", name, r->rule_id, name);
/* try to find in hashtables */
- b = nx_find_wl_in_hash(req, name, cf, zone);
+ b = nx_find_wl_in_hash(name, cf, zone);
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name))
return (1);
/*prefix hash with '#', to find whitelists that would be done only on ARGS_VAR:X|NAME */
@@ -663,7 +649,7 @@
tmp_hashname.data[0] = '#';
memcpy(tmp_hashname.data+1, name->data, name->len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing varname [%V] (rule:%d) - 'wl:X_VAR:%V|NAME'", name, r->rule_id, name);
- b = nx_find_wl_in_hash(req, &tmp_hashname, cf, zone);
+ b = nx_find_wl_in_hash(&tmp_hashname, cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
tmp_hashname.data = NULL;
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, NAME_ONLY, target_name))
@@ -699,7 +685,7 @@
tmp_hashname.len = req->uri.len;
ngx_memcpy(tmp_hashname.data, req->uri.data, req->uri.len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#1 [%V] (rule:%d) ($URL:X|URI)", &(tmp_hashname), r->rule_id);
- b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone);
+ b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
tmp_hashname.data = NULL;
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name))
@@ -713,7 +699,7 @@
tmp_hashname.data[0] = '#';
ngx_memcpy(tmp_hashname.data+1, req->uri.data, req->uri.len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing uri#3 [%V] (rule:%d) ($URL:X|ZONE|NAME)", &(tmp_hashname), r->rule_id);
- b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone);
+ b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
tmp_hashname.data = NULL;
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, URI_ONLY, target_name))
@@ -732,7 +718,7 @@
strncat((char*)tmp_hashname.data, (char*)name->data, name->len);
NX_DEBUG(_debug_whitelist_compat, NGX_LOG_DEBUG_HTTP, req->connection->log, 0, "hashing MIX [%V] ($URL:x|$X_VAR:y) or ($URL:x|$X_VAR:y|NAME)", &tmp_hashname);
- b = nx_find_wl_in_hash(req, &(tmp_hashname), cf, zone);
+ b = nx_find_wl_in_hash(&(tmp_hashname), cf, zone);
ngx_pfree(req->pool, tmp_hashname.data);
if (b && ngx_http_dummy_is_whitelist_adapted(b, name, zone, r, req, MIXED, target_name))
@@ -811,10 +797,6 @@
if (!tmp_uri)
return (NGX_ERROR);
*ret_uri = tmp_uri;
-
- if (r->uri.len >= (NGX_MAX_UINT32_VALUE/4)-1) {
- r->uri.len /= 4;
- }
tmp_uri->len = r->uri.len + (2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len,
NGX_ESCAPE_ARGS));
@@ -898,21 +880,9 @@
strcat(tmp_zone, "FILE_EXT");
if (mr[i].target_name)
strcat(tmp_zone, "|NAME");
-
- ngx_str_t tmp_val;
-
- if (mr[i].name->len >= (NGX_MAX_UINT32_VALUE/4)-1) {
- mr[i].name->len /= 4;
- }
-
- tmp_val.len = mr[i].name->len + (2 * ngx_escape_uri(NULL, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT));
-
- tmp_val.data = ngx_pcalloc(r->pool, tmp_val.len+1);
- ngx_escape_uri(tmp_val.data, mr[i].name->data, mr[i].name->len, NGX_ESCAPE_URI_COMPONENT);
-
sub = snprintf(0, 0, fmt_rm, i, tmp_zone, i,
- mr[i].rule->rule_id, i, tmp_val.len,
- tmp_val.data);
+ mr[i].rule->rule_id, i, mr[i].name->len,
+ mr[i].name->data);
/*
** This one would not fit :
** append a seed to the current fragment,
@@ -926,7 +896,7 @@
}
sub = snprintf((char *)fragment->data+offset, sz_left,
fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i,
- tmp_val.len, tmp_val.data);
+ mr[i].name->len, mr[i].name->data);
if (sub >= sz_left)
sub = sz_left - 1;
offset += sub;
@@ -1196,7 +1166,7 @@
*/
int
ngx_http_spliturl_ruleset(ngx_pool_t *pool,
- ngx_str_t *nx_str,
+ char *str,
ngx_array_t *rules,
ngx_array_t *main_rules,
ngx_http_request_t *req,
@@ -1204,23 +1174,14 @@
enum DUMMY_MATCH_ZONE zone)
{
ngx_str_t name, val;
- char *eq, *ev, *orig, *str;
+ char *eq, *ev, *orig;
int len, full_len;
int nullbytes=0;
-
-
- if (naxsi_escape_nullbytes(nx_str) > 0) {
- ngx_str_t dummy;
- dummy.data = NULL;
- dummy.len = 0;
- ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, req, &dummy, &dummy, zone, 1, 0);
- }
- str = (char *)nx_str->data;
-
NX_DEBUG(_debug_spliturl_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
"XX-check url-like [%s]", str);
-
+
+
orig = str;
full_len = strlen(orig);
while (str < (orig+full_len) && *str) {
@@ -1340,8 +1301,8 @@
enum DUMMY_MATCH_ZONE zone) {
/*
** Libinjection integration :
- ** 1 - check if libinjection_sql is explicitly enabled
- ** 2 - check if libinjection_xss is explicitly enabled
+ ** 1 - check if libinjection_sql is explicitely enabled
+ ** 2 - check if libinjection_xss is explicitely enabled
** if 1 is true : perform check on both name and content,
** in case of match, apply internal rule
** increasing the LIBINJECTION_SQL score
@@ -1384,12 +1345,12 @@
}
int
-ngx_http_basestr_ruleset_n(ngx_pool_t *pool,
+ngx_http_basestr_ruleset_n(ngx_pool_t *pool,
ngx_str_t *name,
ngx_str_t *value,
- ngx_array_t *rules,
- ngx_http_request_t *req,
- ngx_http_request_ctx_t *ctx,
+ ngx_array_t *rules,
+ ngx_http_request_t *req,
+ ngx_http_request_ctx_t *ctx,
enum DUMMY_MATCH_ZONE zone)
{
ngx_http_rule_t *r;
@@ -1428,7 +1389,7 @@
"XX-RULE %d : START", r[i].rule_id);
/* does the rule have a custom location ? custom location means checking only on a specific argument */
- if (name && r[i].br->custom_location) {
+ if (name && name->len > 0 && r[i].br->custom_location) {
location = r[i].br->custom_locations->elts;
/*
@@ -1440,23 +1401,18 @@
*/
for (z = 0; z < r[i].br->custom_locations->nelts; z++) {
- if (location[z].specific_url) {
+ if (location[z].specific_url) {
+
/* if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) */
- if (r[i].br->rx_mz) {
-
- if (ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1) {
- uri_constraint_ok = 0;
- }
- }
+ if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, req->uri.data, req->uri.len) == -1)
+ uri_constraint_ok = 0;
/* if it was a static string, ensure it matches (ie. BODY_VAR / ARGS_VAR / ..) */
- if (!r[i].br->rx_mz) {
- if (req->uri.len != location[z].target.len || strncasecmp((const char *) req->uri.data,
- (const char *) location[z].target.data,
- req->uri.len) != 0) {
- uri_constraint_ok = 0;
- }
- }
+ if ( (!r[i].br->rx_mz) && strncasecmp((const char *) req->uri.data,
+ (const char *) location[z].target.data,
+ req->uri.len) )
+ uri_constraint_ok = 0;
+
break;
}
}
@@ -1465,11 +1421,8 @@
** if one of the custom location rule specifies an $URL/$URL_X
** and it was mismatched, skip the rule.
*/
- if (uri_constraint_ok == 0) {
- NX_DEBUG(_debug_basestr_ruleset , NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
- "XX URI CONSTRAINT MISMATCH, SKIP");
+ if (uri_constraint_ok == 0)
continue;
- }
/* for each custom location */
for (z = 0; z < r[i].br->custom_locations->nelts; z++) {
@@ -1480,7 +1433,7 @@
!(zone == HEADERS && location[z].headers_var != 0) &&
!(zone == ARGS && location[z].args_var != 0))
continue;
-
+
/* if matchzone is a regex, ensure it matches (ie. BODY_VAR_X / ARGS_VAR_X / ..) */
if (r[i].br->rx_mz && ngx_http_dummy_pcre_wrapper(location[z].target_rx, name->data, name->len) == -1)
continue;
@@ -1492,6 +1445,7 @@
location[z].target.len)) )
continue;
+
NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
"XX-[SPECIFIC] check one rule [%d] iteration %d * %d", r[i].rule_id, i, z);
@@ -1536,25 +1490,20 @@
(zone == FILE_EXT && r[i].br->file_ext) ) {
- /*
- ** If the Rule **specifically** targets name (ie. mz:BODY|NAME), only check against name
- */
- if (!r[i].br->target_name) {
- NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
- "XX-test rulematch (value) [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match);
-
+ NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
+ "XX-test rulematch [zone-wide]!1 [%V]=[%V] [rule =%d] (%d times)", name, value, r[i].rule_id, nb_match);
+
- /* check the rule against the value*/
- ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match);
- /*if our rule matched, apply effects (score etc.)*/
- if (ret == 1) {
- NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
- "XX-apply rulematch (value) [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match);
-
- ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0);
- }
+ /* check the rule against the value*/
+ ret = ngx_http_process_basic_rule_buffer(value, &(r[i]), &nb_match);
+ /*if our rule matched, apply effects (score etc.)*/
+ if (ret == 1) {
+ NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
+ "XX-apply rulematch!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match);
+
+ ngx_http_apply_rulematch_v_n(&(r[i]), ctx, req, name, value, zone, nb_match, 0);
}
-
+
if (!r[i].br->negative) {
NX_DEBUG(_debug_basestr_ruleset, NGX_LOG_DEBUG_HTTP, req->connection->log, 0,
"XX-test rulematch [against-name]!1 [%V]=[%V] [rule=%d] (%d times)", name, value, r[i].rule_id, nb_match);
@@ -2051,8 +2000,8 @@
NX_DEBUG(_debug_post_heavy, NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"XX-POST DATA [%V]", &tmp);
-
- if(ngx_http_spliturl_ruleset(r->pool, &tmp,
+
+ if(ngx_http_spliturl_ruleset(r->pool, (char *)tmp.data,
cf->body_rules, main_cf->body_rules,
r, ctx, BODY)) {
ngx_http_apply_rulematch_v_n(&nx_int__uncommon_url, ctx, r, NULL, NULL, BODY, 1, 0);
@@ -2069,11 +2018,6 @@
(u_char *) "application/json", 16)) {
ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len);
}
- /* 22 = echo -n "application/csp-report" | wc -c */
- else if (!ngx_strncasecmp(r->headers_in.content_type->value.data,
- (u_char *) "application/csp-report", 22)) {
- ngx_http_dummy_json_parse(ctx, r, full_body, full_body_len);
- }
else {
ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"[POST] Unknown content-type");
@@ -2113,9 +2057,7 @@
if ( (ctx->block && !ctx->learning) || ctx->drop )
return ;
if (!main_cf->generic_rules && !cf->generic_rules) {
- tmp.data = NULL;
- tmp.len = 0;
- ngx_http_apply_rulematch_v_n(&nx_int__no_rules, ctx, r, &tmp, &tmp, URL, 1, 0);
+ dummy_error_fatal(ctx, r, "no generic rules ?!");
return ;
}
tmp.len = r->uri.len;
@@ -2125,12 +2067,6 @@
return ;
}
memcpy(tmp.data, r->uri.data, r->uri.len);
- if (naxsi_escape_nullbytes(&tmp) > 0) {
- ngx_str_t tmp_name, tmp_val;
- tmp_name.data = tmp_val.data = NULL;
- tmp_name.len = tmp_val.len = 0;
- ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &tmp_name, &tmp_val, URL, 1, 0);
- }
name.data = NULL;
name.len = 0;
if (cf->generic_rules)
@@ -2162,8 +2098,7 @@
return ;
}
memcpy(tmp.data, r->args.data, r->args.len);
-
- if(ngx_http_spliturl_ruleset(r->pool, &tmp,
+ if(ngx_http_spliturl_ruleset(r->pool, (char *)tmp.data,
cf->get_rules, main_cf->get_rules, r,
ctx, ARGS)) {
dummy_error_fatal(ctx, r,
@@ -2181,7 +2116,6 @@
ngx_list_part_t *part;
ngx_table_elt_t *h;
unsigned int i;
- ngx_str_t lowcase_header;
if (!cf->header_rules && !main_cf->header_rules)
return ;
@@ -2199,19 +2133,11 @@
h = part->elts;
i = 0;
}
- lowcase_header.data = h[i].lowcase_key;
- lowcase_header.len = h[i].key.len;
- if (naxsi_escape_nullbytes(&lowcase_header) > 0) {
- ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 1);
- }
- if (naxsi_escape_nullbytes(&h[i].value) > 0) {
- ngx_http_apply_rulematch_v_n(&nx_int__uncommon_hex_encoding, ctx, r, &h[i].key, &h[i].value, HEADERS, 1, 0);
- }
if (cf->header_rules)
- ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value),
+ ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value),
cf->header_rules, r, ctx, HEADERS);
if (main_cf->header_rules)
- ngx_http_basestr_ruleset_n(r->pool, &lowcase_header, &(h[i].value),
+ ngx_http_basestr_ruleset_n(r->pool, &(h[i].key), &(h[i].value),
main_cf->header_rules, r, ctx, HEADERS);
}
return ;
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/naxsi_src/naxsi_utils.c
^
|
| @@ -85,20 +85,6 @@
return (NULL);
}
-u_int naxsi_escape_nullbytes(ngx_str_t *str) {
-
- size_t i = 0;
- u_int nullbytes = 0;
-
- for (i = 0; i < str->len; i++) {
- if (str->data[i] == 0) {
- str->data[i] = '0';
- nullbytes++;
- }
- }
- return nullbytes;
-}
-
/* unescape routine, returns number of nullbytes present */
int naxsi_unescape(ngx_str_t *str) {
u_char *dst, *src;
@@ -770,32 +756,32 @@
//encode uri
tmp_uri.len = req->uri.len + (2 * ngx_escape_uri(NULL, req->uri.data, req->uri.len,
- NGX_ESCAPE_URI_COMPONENT));
+ NGX_ESCAPE_ARGS));
tmp_uri.data = ngx_pcalloc(req->pool, tmp_uri.len+1);
if (tmp_uri.data == NULL)
return ;
- ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_URI_COMPONENT);
+ ngx_escape_uri(tmp_uri.data, req->uri.data, req->uri.len, NGX_ESCAPE_ARGS);
//encode val
if (val->len <= 0)
tmp_val = empty;
else {
tmp_val.len = val->len + (2 * ngx_escape_uri(NULL, val->data, val->len,
- NGX_ESCAPE_URI_COMPONENT));
+ NGX_ESCAPE_ARGS));
tmp_val.data = ngx_pcalloc(req->pool, tmp_val.len+1);
if (tmp_val.data == NULL)
return ;
- ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_URI_COMPONENT);
+ ngx_escape_uri(tmp_val.data, val->data, val->len, NGX_ESCAPE_ARGS);
}
//encode name
if (name->len <= 0)
tmp_name = empty;
else {
tmp_name.len = name->len + (2 * ngx_escape_uri(NULL, name->data, name->len,
- NGX_ESCAPE_URI_COMPONENT));
+ NGX_ESCAPE_ARGS));
tmp_name.data = ngx_pcalloc(req->pool, tmp_name.len+1);
if (tmp_name.data == NULL)
return ;
- ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_URI_COMPONENT);
+ ngx_escape_uri(tmp_name.data, name->data, name->len, NGX_ESCAPE_ARGS);
}
ngx_log_error(NGX_LOG_ERR, req->connection->log, 0,
|
|
[-]
[+]
|
Added |
naxsi-0.55.3.tar.gz/naxsi_src/nginx.conf.example
^
|
| @@ -0,0 +1,36 @@
+master_process off;
+worker_processes 1;
+load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
+events {
+ worker_connections 1024;
+}
+http {
+ include /tmp/naxsi_ut/naxsi_core.rules;
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+ server {
+ listen 4242;
+ server_name localhost;
+ location / {
+ LearningMode;
+ SecRulesEnabled;
+ DeniedUrl "/50x.html";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$EVADE >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ error_log /tmp/ngx_error.log debug;
+ access_log /tmp/ngx_access.log;
+ root html;
+ index index.html index.htm;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root html;
+ }
+ }
+}
+
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/nxapi/README.md
^
|
| @@ -311,20 +311,18 @@
}
Here is how nxtool will use this to generate whitelists:
-
-1. extract global_filters from nxapi.json, and create the base ES filter: `{ "whitelisted" : "false" }`
-2. merge base ES filter with provided cmd line filter (`--filter`, `-s www.x1.fr`): `{ "whitelisted" : "false", "server" : "www.x1.fr" }`
-3. For each static field of the template, merge it in base ES filter: `{ "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" }`
-4. For each field to be expanded (value is `?`) :
-
- 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here)
-
- 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores:
-
- { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"}
- { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"}
-
-5. For each final set that provided results, output a whitelist.
+ 1. extract global_filters from nxapi.json, and create the base ES filter :
+ { "whitelisted" : "false" }
+ 2. merge base ES filter with provided cmd line filter (--filter, -s www.x1.fr)
+ { "whitelisted" : "false", "server" : "www.x1.fr" }
+ 3. For each static field of the template, merge it in base ES filter :
+ { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie" }
+ 4. For each field to be expanded (value is `?`) :
+ 4.1. select all possible values for this field (id) matching base ES filter, (ie. 1000 and 1001 here)
+ 4.2. attempt to generate a whitelist for each possible value, and evaluate its scores.
+ { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1000"}
+ { "whitelisted" : "false", "server" : "www.x1.fr", "zone" : "HEADERS", "var_name" : "cookie", "id" : "1001"}
+ 5. For each final set that provided results, output a whitelist.
Templates support :
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/nxapi/nxapi.json
^
|
| @@ -3,8 +3,6 @@
"host" : "127.0.0.1:9200",
"use_ssl" : false,
"index" : "nxapi",
- "number_of_shards" : "4",
- "number_of_replicas" : "0",
"doctype" : "events",
"default_ttl" : "7200",
"max_size" : "1000",
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/nxapi/nxapi/nxparse.py
^
|
| @@ -67,7 +67,6 @@
print "Unable to get syslog host and port"
sys.exit(1)
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
- s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
s.bind((host,port))
s.listen(10)
@@ -407,12 +406,6 @@
try:
self.es.indices.create(
index=self.cfg["elastic"]["index"],
- body = {
- "settings" : {
- "number_of_shards": self.cfg["elastic"]["number_of_shards"],
- "number_of_replicas": self.cfg["elastic"]["number_of_replicas"]
- }
- },
ignore=400 # Ignore 400 cause by IndexAlreadyExistsException when creating an index
)
except Exception as idxadd_error:
@@ -446,12 +439,7 @@
index=self.cfg["elastic"]["index"],
doc_type=self.cfg["elastic"]["doctype"],
# id=repo_name,
- body = {
- "settings" : {
- "number_of_shards": self.cfg["elastic"]["number_of_shards"],
- "number_of_replicas": self.cfg["elastic"]["number_of_replicas"]
- }
- },
+ body={},
ignore=409 # 409 - conflict - would be returned if the document is already there
)
except Exception as idxadd_error:
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/nxapi/nxtool.py
^
|
| @@ -275,12 +275,7 @@
# statistics
if options.stats is True:
print translate.red.format("# Whitelist(ing) ratio :")
- for e in translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2):
- try:
- list_e = e.split()
- print '# {0} {1} {2}{3}'.format(translate.grn.format(list_e[0]), list_e[1], list_e[2], list_e[3])
- except:
- print "--malformed--"
+ translate.fetch_top(cfg.cfg["global_filters"], "whitelisted", limit=2)
print translate.red.format("# Top servers :")
for e in translate.fetch_top(cfg.cfg["global_filters"], "server", limit=10):
try:
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/t/01naxsi_whitelists.t
^
|
| @@ -272,7 +272,7 @@
return 412;
}
--- more_headers
-cookie: foobar
+Cookie: foobar
--- request
GET /another-page
--- error_code: 200
@@ -361,7 +361,7 @@
return 412;
}
--- more_headers
-cookie: foobar
+COOKIE: foobar
--- request
GET /another-page
--- error_code: 200
@@ -1192,81 +1192,3 @@
--- request
GET /?a123a=lol
--- error_code: 200
-=== WL TEST 20.0 : wl:0 in cookies (#405)
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
-MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK;
---- config
-location / {
- SecRulesEnabled;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- more_headers
-Cookie: 123
---- request
-GET /
---- error_code: 412
-=== WL TEST 20.1 : wl:0 in cookies (#405)
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
-MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK;
---- config
-location / {
- SecRulesEnabled;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- more_headers
-Cookie: 124
---- request
-GET /
---- error_code: 200
-=== WL TEST 20.0 : wl:0 in cookies (#405)
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
-MainRule id:4242 "str:123" "mz:$HEADERS_VAR:cookie" s:BLOCK;
---- config
-location / {
- SecRulesEnabled;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- BasicRule wl:0 "mz:$HEADERS_VAR:cookie";
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- more_headers
-Cookie: 123
---- request
-GET /
---- error_code: 200
-
-
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/t/02naxsi_bypass.t
^
|
| @@ -317,30 +317,3 @@
--- request
GET /?val&
--- error_code: 412
-=== TEST 5.1: DENY : XSS bypass vector true nullbyte
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
---- config
-location / {
- #LearningMode;
- SecRulesEnabled;
- DeniedUrl "/RequestDenied";
-CheckRule "$SQL >= 8" BLOCK;
-CheckRule "$RFI >= 2" BLOCK;
-CheckRule "$TRAVERSAL >= 4" BLOCK;
-CheckRule "$XSS >= 8" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- more_headers
-Content-Type: application/x-www-form-urlencoded
---- request eval
-use URI::Escape;
-"POST /foobar
-a=a�<><><>"
---- error_code: 412
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/t/11naxsi_newstyle_config.t
^
|
| @@ -75,7 +75,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -134,7 +134,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -193,7 +193,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -252,7 +252,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -311,7 +311,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -370,7 +370,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -429,7 +429,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -493,7 +493,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -557,7 +557,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -621,7 +621,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -681,7 +681,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -741,7 +741,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -808,7 +808,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -877,7 +877,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -946,7 +946,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1015,7 +1015,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1078,7 +1078,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1146,7 +1146,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1211,7 +1211,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1276,7 +1276,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1343,7 +1343,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1411,7 +1411,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1478,7 +1478,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1547,7 +1547,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1615,7 +1615,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1682,7 +1682,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1749,7 +1749,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1816,7 +1816,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1880,7 +1880,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -1947,7 +1947,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2011,7 +2011,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2075,7 +2075,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2139,7 +2139,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2203,7 +2203,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2267,7 +2267,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
@@ -2331,7 +2331,7 @@
main_rule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
main_rule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
main_rule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-main_rule "rx:%[23]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+main_rule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
main_rule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
main_rule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
main_rule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/t/14json.t
^
|
| @@ -740,35 +740,3 @@
\"fu\" : { \"aa\" : \"bb\"
}"
--- error_code: 412
-
-=== JSON14 : bug_418
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
---- config
-set $naxsi_extensive_log 1;
-location / {
- SecRulesEnabled;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
- error_page 405 = $uri;
-}
-location /RequestDenied {
- return 412;
-}
---- more_headers
-Content-Type: application/json
---- request eval
-use URI::Escape;
-"POST /
-{
- \"error\":
- \"ERROR_REPORT:{\\\"request\\\":{\\\"bar\\\":\\\"\\\"},\\\"response\\\":{\\\"bar\\\":[{\\\"schema_id\\\":\\\"foo\\\"}]}}\"
-}"
---- error_code: 412
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/t/28log.t
^
|
| @@ -79,8 +79,8 @@
--- error_code: 404
--- error_log eval
[qr@NAXSI_FMT: ip=127\.0\.0\.1&server=localhost&uri=/x,y&learning=1&vers=[^&]+&total_processed=1&total_blocked=1&block=1&cscore0=\$SQL&score0=8&zone0=URL&id0=1015&var_name0=&zone1=ARGS&id1=1015&var_name1=uuu@,
-qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy@,
-qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=ARGS&var_name=uuu&content=b%2Cc@
+qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y,@,
+qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=ARGS&var_name=uuu&content=b,c@
]
=== TEST 1.4 : learning + no-block score + naxsi_extensive_log, NAXSI_EXLOG only
--- main_config
@@ -104,7 +104,7 @@
GET /x,y?uuu=bc
--- error_code: 404
--- error_log eval
-qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=%2Fx%2Cy&id=1015&zone=URL&var_name=&content=%2Fx%2Cy, client: 127\.0\.0\.1,@
+qr@NAXSI_EXLOG: ip=127\.0\.0\.1&server=localhost&uri=/x,y&id=1015&zone=URL&var_name=&content=/x,y, client: 127\.0\.0\.1,@
--- no_error_log
NAXSI_FMT
=== TEST 1.6 : learning + block-score + naxsi_extensive_log, NAXSI_EXLOG only
|
|
[-]
[+]
|
Changed |
naxsi-0.55.3.tar.gz/t/29regression.t
^
|
| @@ -209,70 +209,3 @@
"POST /wp-json/wp/v2/posts/111
id=1a&foo2=bar2"
--- error_code: 412
-=== WL TEST 3.0: false-positive on virtual-patch with empty var name
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
-MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485;
---- config
-location / {
- SecRulesEnabled;
- CheckRule "$LOG_TEST >= 1" LOG;
- CheckRule "$UWA >= 8" BLOCK;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 4" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- request
-GET /?a=bui&FOOBAR
---- error_code: 200
-=== WL TEST 3.0: false-positive on virtual-patch with empty var name
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
-MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485;
---- config
-location / {
- SecRulesEnabled;
- CheckRule "$LOG_TEST >= 1" LOG;
- CheckRule "$UWA >= 8" BLOCK;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 4" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- request
-GET /wp-includes/js/plupload/plupload.flash.swf?a=bui&FOOBAR
---- error_code: 412
-=== WL TEST 3.01: false-positive on virtual-patch with empty var name
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
-MainRule "rx:FOOBAR" "mz:$URL:/wp-includes/js/plupload/plupload.flash.swf|ARGS" "msg:Wordpress PlUpload XSS" "s:$UWA:8,$XSS_UWA:1" id:42000485;
---- config
-location / {
- SecRulesEnabled;
- CheckRule "$LOG_TEST >= 1" LOG;
- CheckRule "$UWA >= 8" BLOCK;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 4" BLOCK;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- request
-GET /wp-includes/js/plupload/plupload.flash.swf/xxx/?a=bui&FOOBAR
---- error_code: 404
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/30regr.t
^
|
| @@ -1,121 +0,0 @@
-#vi:filetype=perl
-
-
-# A AJOUTER :
-# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
-# La même sur des arguments :)
-
-use lib 'lib';
-use Test::Nginx::Socket;
-
-repeat_each(3);
-
-plan tests => repeat_each(1) * blocks();
-no_root_location();
-no_long_string();
-$ENV{TEST_NGINX_SERVROOT} = server_root();
-run_tests();
-
-
-__DATA__
-=== TEST 1: rule target body|name
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
---- config
-location / {
- SecRulesEnabled;
- LearningMode;
- BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY|NAME" "s:$TEST_LOG:8";
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- CheckRule "$TEST_LOG >= 8" DROP;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
- error_page 405 = $uri;
-}
-location /RequestDenied {
- return 412;
- # return 412;
-}
---- more_headers
-Content-Type: application/x-www-form-urlencoded
---- request eval
-use URI::Escape;
-"POST /
-9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=]@&foo2=bar2"
---- error_code: 412
-
-=== TEST 1: rule target body|name
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
---- config
-location / {
- SecRulesEnabled;
- LearningMode;
- BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY|NAME" "s:$TEST_LOG:8";
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- CheckRule "$TEST_LOG >= 8" DROP;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
- error_page 405 = $uri;
-}
-location /RequestDenied {
- return 412;
- # return 412;
-}
---- more_headers
-Content-Type: application/x-www-form-urlencoded
---- request eval
-use URI::Escape;
-"POST /
-9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc=ww&foo2=bar2"
---- error_code: 412
-
-
-=== TEST 1: rule target body|name
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- http_config
-include /tmp/naxsi_ut/naxsi_core.rules;
---- config
-location / {
- SecRulesEnabled;
- LearningMode;
- BasicRule id:100054 "msg:Weird binary content" "rx:[^-0-9a-z_+.\[\]]" "mz:BODY|NAME" "s:$TEST_LOG:8";
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- CheckRule "$TEST_LOG >= 8" DROP;
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
- error_page 405 = $uri;
-}
-location /RequestDenied {
- return 412;
- # return 412;
-}
---- more_headers
-Content-Type: application/x-www-form-urlencoded
---- request eval
-use URI::Escape;
-"POST /
-ww=9p7jslna,ire(ul\)v`2q8u]h)bfuzpcgsa_3`s\twfw)gy)\%3Fc&foo2=bar2"
---- error_code: 200
-
-
-
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/31norules.t
^
|
| @@ -1,73 +0,0 @@
-#vi:filetype=perl
-
-
-# A AJOUTER :
-# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
-# La même sur des arguments :)
-
-use lib 'lib';
-use Test::Nginx::Socket;
-
-repeat_each(3);
-
-plan tests => repeat_each(1) * blocks();
-no_root_location();
-no_long_string();
-$ENV{TEST_NGINX_SERVROOT} = server_root();
-run_tests();
-
-
-__DATA__
-=== TEST 1: Basic GET request with no rules, drop
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- config
-location / {
- SecRulesEnabled;
- LearningMode;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- LibInjectionXss;
- CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
- LibInjectionSql;
- CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
-
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- request
-GET /?a=buibui
---- error_code: 412
-=== TEST 1.1: Basic GET request with no rules, whitelist the special rule.
---- main_config
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
---- config
-location / {
- SecRulesEnabled;
- BasicRule wl:19;
- LearningMode;
- DeniedUrl "/RequestDenied";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- LibInjectionXss;
- CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
- LibInjectionSql;
- CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
-
- root $TEST_NGINX_SERVROOT/html/;
- index index.html index.htm;
-}
-location /RequestDenied {
- return 412;
-}
---- request
-GET /?a=buibui
---- error_code: 200
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/confs
^
|
| -(directory)
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/confs/nginx.conf.example
^
|
| @@ -1,44 +0,0 @@
-master_process off;
-#worker_processes 1;
-daemon off;
-
-load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
-events {
- worker_connections 1024;
- use select;
-}
-http {
- include /tmp/naxsi_ut/naxsi_core.rules;
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- server {
- listen 4242 ssl http2;
- ssl_certificate /tmp/nginx.crt;
- ssl_certificate_key /tmp/nginx.key;
- server_name localhost;
- set $naxsi_extensive_log 1;
- location / {
- LearningMode;
- SecRulesEnabled;
- DeniedUrl "/50x.html";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$EVADE >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- return 200;
-# error_log /tmp/ngx_error.log debug;
-# access_log /tmp/ngx_access.log;
-# root html;
-# index index.html index.htm;
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- return 500;
- # root html;
- }
- }
-}
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/confs/nginx_fuzz.conf.example
^
|
| @@ -1,48 +0,0 @@
-master_process off;
-daemon off;
-
-#load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
-events {
- worker_connections 1024;
- use select;
-}
-http {
-MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
-MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
-MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
-## Hardcore rules
-MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
-MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
-MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
-MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
-MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
-MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
-MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
-MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
-
-# include /tmp/naxsi_ut/naxsi_core.rules;
-# include mime.types;
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- server {
- listen 4242;
- server_name localhost;
- location / {
- LearningMode;
- SecRulesEnabled;
- DeniedUrl "/50x.html";
- CheckRule "$SQL >= 8" BLOCK;
- CheckRule "$RFI >= 8" BLOCK;
- CheckRule "$TRAVERSAL >= 4" BLOCK;
- CheckRule "$EVADE >= 4" BLOCK;
- CheckRule "$XSS >= 8" BLOCK;
- return 200;
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- return 500;
- }
- }
-}
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/confs/ngx_cycle.patch
^
|
| @@ -1,13 +0,0 @@
---- a/src/core/ngx_cycle.c.orig 2016-02-09 15:11:57.000000000 +0100
-+++ b/src/core/ngx_cycle.c 2016-12-12 18:05:53.832725017 +0100
---- nginx/src/core/ngx_cycle.c 2016-02-09 15:11:57.000000000 +0100
-+++ ngx_cycle.c 2016-12-13 09:49:47.762221499 +0100
-@@ -602,6 +602,8 @@
- }
- }
-
-+ __AFL_INIT();
-+
- if (ngx_open_listening_sockets(cycle) != NGX_OK) {
- goto failed;
- }
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/confs/ngx_process_cycle.patch
^
|
| @@ -1,25 +0,0 @@
---- a/src/os/unix/ngx_process_cycle.c.orig 2016-02-09 15:11:58.000000000 +0100
-+++ a/src/os/unix/ngx_process_cycle.c 2016-12-12 15:05:21.000000000 +0100
-@@ -303,7 +303,11 @@
- }
- }
-
-+
-+ int ran_once=0;
-+
- for ( ;; ) {
-+
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle");
-
- ngx_process_events_and_timers(cycle);
-@@ -337,6 +341,11 @@
- ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs");
- ngx_reopen_files(cycle, (ngx_uid_t) -1);
- }
-+
-+ ran_once += 1;
-+ //printf("ran : %d\n", ran_once);
-+ if (ran_once == 2) exit(0);
-+
- }
- }
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz
^
|
| -(directory)
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/big-json-post
^
|
| @@ -1,30 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: application/json
-Content-Length: 542
-
-{
- "glossary": {
- "title": "example glossary",
-"GlossDiv": {
- "title": "S",
-"GlossList": {
- "GlossEntry": {
- "ID": "SGML",
-"SortAs": "SGML",
-"GlossTerm": "Standard Generalized Markup Language",
-"Acronym": "SGML",
-"Abbrev": "ISO 8879:1986",
-"GlossDef": {
- "para": "A meta-markup language used to create markup languages such as DocBook.",
-"GlossSeeAlso": ["GML", "XML"]
- },
-"GlossSee": "markup"
- }
- }
- }
- }
-
-}}
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/big-multipart-post
^
|
| @@ -1,22 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: multipart/form-data; boundary=---------------------------103832778631715
-Content-Length: 4449
-
------------------------------103832778631715
-Content-Disposition: form-data; name="name"
-
-azzzo
-
-
------------------------------103832778631715
-Content-Disposition: form-data; name="married"
-
-not single
------------------------------103832778631715
-Content-Disposition: form-data; name="male"
-
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
------------------------------103832778631715--
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/med-get-bad-format
^
|
| @@ -1,4 +0,0 @@
-GET /?a=1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227 HTTP/1.0
-
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/med-get-with-path
^
|
| @@ -1,6 +0,0 @@
-GET /bla?/bla=1999&bu=1998 HTTP/1.1
-Host: localhost
-Connection: close
-
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/med-json-post
^
|
| @@ -1,14 +0,0 @@
-POST /test_uri HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: application/json
-Content-Length: 183
-
-{
- "oh" : ["there", "is", "no", "way"],
- "this" : { "will" : ["work", "does"],
- "it" : "??" },
- "trigger" : {"test_1234" : ["foobar", "will", "trigger", "it"]},
- "foo" : "baar"
-}
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/med-multipart-file-post
^
|
| @@ -1,26 +0,0 @@
-POST /foobar HTTP/1.1
-Host: 127.0.0.1
-Connection: Close
-User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10
-Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-Accept-Language: en-us,en;q=0.5
-Accept-Encoding: gzip, deflate
-Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
-Referer: http://127.0.0.1/
-Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957
-Content-Length: 394
-
------------------------------1919886344942015258287623957
-Content-Disposition: form-data; name="textline"
-
-valid text and small file
------------------------------1919886344942015258287623957
-Content-Disposition: form-data; name="datafile"; filename="bla.txt"; name="bla.txt"
-Content-Type: text/plain
-
-buibuibubi
-buibuibuib
-
------------------------------1919886344942015258287623957--
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/med-multipart-post
^
|
| @@ -1,21 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: multipart/form-data; boundary=---------------------------103832778631715
-Content-Length: 42
-
------------------------------103832778631715
-Content-Disposition: form-data; name="name"
-
-MyName
------------------------------103832778631715
-Content-Disposition: form-data; name="married"
-
-not single
------------------------------103832778631715
-Content-Disposition: form-data; name="male"
-
-yes
------------------------------103832778631715--
-
-
|
|
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/med-post-non-ascii
^
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-get-nohost
^
|
| @@ -1,4 +0,0 @@
-GET /?a=1%20UnioN%20SeLEct%201 HTTP/1.0
-
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-get-sig
^
|
| @@ -1,4 +0,0 @@
-GET /?a=1+/*!30000AND+2>1*/-- HTTP/1.0
-
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-json-post
^
|
| @@ -1,10 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: application/json
-Content-Length: 18
-
-{
- "lol" : "bar"
-}
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-ko-get
^
|
| @@ -1,6 +0,0 @@
-GET /?==yesone&&& HTTP/1.1
-Host: localhost
-Connection: close
-
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-multipart-post
^
|
| @@ -1,26 +0,0 @@
-POST /foobar HTTP/1.1
-Host: 127.0.0.1
-Connection: Close
-User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10
-Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
-Accept-Language: en-us,en;q=0.5
-Accept-Encoding: gzip, deflate
-Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
-Referer: http://127.0.0.1/
-Content-Type: multipart/form-data; boundary=---------------------------1919886344942015258287623957
-Content-Length: 378
-
------------------------------1919886344942015258287623957
-Content-Disposition: form-data; name="textline"
-
-valid text and small file
------------------------------1919886344942015258287623957
-Content-Disposition: form-data; name="datafile"; filename="bla.txt"
-Content-Type: text/plain
-
-buibuibubi
-buibuibuib
-
------------------------------1919886344942015258287623957--
-
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-ok-get
^
|
| @@ -1,6 +0,0 @@
-GET /?a=<> HTTP/1.1
-Host: localhost
-Connection: close
-
-
-
|
|
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-unknown-CT-post
^
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-urlencded-post-2
^
|
| @@ -1,8 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 32
-
-foo1='><script>alert(1)</script>
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/mini-urlencoded-post
^
|
| @@ -1,8 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 9
-
-a1=trolol
-
|
|
[-]
[+]
|
Deleted |
naxsi-0.56.tar.gz/t/fuzz/small-multipart-post
^
|
| @@ -1,20 +0,0 @@
-POST / HTTP/1.1
-Host: localhost
-Connection: close
-Content-Type: multipart/form-data; boundary=---------------------------103832778631715
-Content-Length: 353
-
------------------------------103832778631715
-Content-Disposition: form-data; name="name"
-
-MyName
------------------------------103832778631715
-Content-Disposition: form-data; name="married"
-
-not single
------------------------------103832778631715
-Content-Disposition: form-data; name="male"
-
-yes
------------------------------103832778631715--
-
|
|
|
Added |
naxsi-0.56rc1.tar.gz
^
|
|
|
Deleted |
naxsi-1.3.tar.gz
^
|
|
|
Deleted |
nginx-module-vts-0.1.18.tar.gz
^
|
|
|
Deleted |
nginx-rtmp-module-1.2.2.tar.gz
^
|
|
|
Added |
nginx_upstream_check_module-master.tar.gz
^
|
|
|
Deleted |
ngx_http_substitutions_filter_module-master.zip
^
|
|
|
Added |
ngx_pagespeed-1.12.34.3-stable.zip
^
|
|
|
Added |
ngx_pagespeed-1.13.35.1-beta.zip
^
|
|
|
Deleted |
ngx_pagespeed-1.13.35.2-stable.zip
^
|
|
|
Added |
openssl-1.1.0f.tar.gz
^
|
|
|
Added |
openssl-1.1.0g.tar.gz
^
|
|
[-]
[+]
|
Added |
removed_link
^
|
| @@ -0,0 +1,5 @@
+<link project="internetx:projects:http" baserev="237c0be32f188ec780a60222265cfcb9">
+ <patches>
+ <branch/>
+ </patches>
+</link>
|
|
[-]
[+]
|
Changed |
ssl-ciphersample
^
|
| @@ -1,15 +1,3 @@
-## IX Examples from https://ssl-config.mozilla.org
-
-## intermediate configuration
-#ssl_protocols TLSv1.2 TLSv1.3;
-#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-#ssl_prefer_server_ciphers off;
-
-## modern configuration
-#ssl_protocols TLSv1.3;
-#ssl_prefer_server_ciphers off;
-
-## old configuration
-#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
-#ssl_prefer_server_ciphers on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
+ssl_prefer_server_ciphers on;
|
