Different Naxsi rulesets

Jean-Paul Hemelaar hemelaar at desikkel.nl
Sun Nov 12 14:16:23 UTC 2017


Hi Aziz,

True; this got lost during my copy-anonymize-paste process. The real config
doesn't have this.

Thanks so far,

JP

On Sun, Nov 12, 2017 at 2:34 PM, Aziz Rozyev <arozyev at nginx.com> wrote:

> at least you’re missing or (|) operator between
>
> > TRUSTED_CC_2  and TRUSTED_CC_3
>
>
>
> br,
> Aziz.
>
>
>
>
>
> > On 12 Nov 2017, at 14:03, Jean-Paul Hemelaar <hemelaar at desikkel.nl>
> wrote:
> >
> > Hi!
> >
> > I'm using Nginx together with Naxsi; so not sure it this is the correct
> place for this post, but I'll give it a try.
> >
> > I want to configure two detection thresholds: a strict detection
> threshold for 'far away countries', and a less-strict set
> > for local countries. I'm using a setup like:
> >
> > location /strict/ {
> >      include /usr/local/nginx/naxsi.rules.strict;
> >
> >      proxy_pass  http://app-server/;
> > }
> >
> > location /not_so_strict/ {
> >      include /usr/local/nginx/naxsi.rules.not_so_strict;
> >
> >      proxy_pass  http://app-server/;
> > }
> >
> > location / {
> >      # REMOVED BUT THIS WORKS:
> >      # include /usr/local/nginx/naxsi.rules.not_so_strict;
> >      set $ruleSet "strict";
> >      if ( $geoip_country_code ~ (TRUSTED_CC_1|TRUSTED_CC_2TRUSTED_CC_3)
> ) {
> >         set $ruleSet "not_so_strict";
> >      }
> >
> >      rewrite ^(.*)$ /$ruleSet$1 last;
> > }
> >
> > location /RequestDenied {
> >     return 403;
> > }
> >
> >
> > The naxsi.rules.strict file contains the check rules:
> > CheckRule "$SQL >= 8" BLOCK;
> > etc.
> >
> > For some reason this doesn't work. The syntax is ok, and I can reload
> Nginx. However the firewall never triggers. If I uncomment the include in
> the location-block / it works perfectly.
> > Any idea's why this doesn't work, or any better setup to use different
> rulesets based on some variables?
> >
> > Thanks,
> >
> > JP
> >
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171112/05bb1d8b/attachment.html>


More information about the nginx mailing list