5
# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
6
# La même sur des arguments :)
9
use Test::Nginx::Socket;
11
plan tests => repeat_each(2) * blocks();
14
$ENV{TEST_NGINX_SERVROOT} = server_root();
17
=== WL TEST 1.0: [ARGS zone WhiteList] Adding a test rule in http_config (ARGS zone) and disable rule.
19
include /etc/nginx/naxsi_core.rules;
20
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
25
DeniedUrl "/RequestDenied";
26
CheckRule "$SQL >= 8" BLOCK;
27
CheckRule "$RFI >= 8" BLOCK;
28
CheckRule "$TRAVERSAL >= 4" BLOCK;
29
CheckRule "$XSS >= 8" BLOCK;
30
root $TEST_NGINX_SERVROOT/html/;
31
index index.html index.htm;
34
location /RequestDenied {
40
=== WL TEST 1.1: Adding a test rule in http_config (ARGS zone) and WL it on arg name only.
42
include /etc/nginx/naxsi_core.rules;
43
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
48
DeniedUrl "/RequestDenied";
49
CheckRule "$SQL >= 8" BLOCK;
50
CheckRule "$RFI >= 8" BLOCK;
51
CheckRule "$TRAVERSAL >= 4" BLOCK;
52
CheckRule "$XSS >= 8" BLOCK;
53
root $TEST_NGINX_SERVROOT/html/;
54
index index.html index.htm;
55
BasicRule wl:1999 "mz:$ARGS_VAR:a";
57
location /RequestDenied {
63
=== WL TEST 1.2: Adding a test rule in http_config (ARGS zone) and WL it on arg name only (case sensitiveness check).
65
include /etc/nginx/naxsi_core.rules;
66
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
71
DeniedUrl "/RequestDenied";
72
CheckRule "$SQL >= 8" BLOCK;
73
CheckRule "$RFI >= 8" BLOCK;
74
CheckRule "$TRAVERSAL >= 4" BLOCK;
75
CheckRule "$XSS >= 8" BLOCK;
76
root $TEST_NGINX_SERVROOT/html/;
77
index index.html index.htm;
78
BasicRule wl:1999 "mz:$ARGS_VAR:AbCd";
80
location /RequestDenied {
86
=== WL TEST 1.3: Adding a test rule in http_config (ARGS zone) and WL it on arg name only (case sensitiveness check #2).
88
include /etc/nginx/naxsi_core.rules;
89
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
94
DeniedUrl "/RequestDenied";
95
CheckRule "$SQL >= 8" BLOCK;
96
CheckRule "$RFI >= 8" BLOCK;
97
CheckRule "$TRAVERSAL >= 4" BLOCK;
98
CheckRule "$XSS >= 8" BLOCK;
99
root $TEST_NGINX_SERVROOT/html/;
100
index index.html index.htm;
101
BasicRule wl:1999 "mz:$ARGS_VAR:abcd";
103
location /RequestDenied {
109
=== WL TEST 1.4: Adding a test rule in http_config (ARGS zone) and WL it on $URL + ZONE.
111
include /etc/nginx/naxsi_core.rules;
112
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
117
DeniedUrl "/RequestDenied";
118
CheckRule "$SQL >= 8" BLOCK;
119
CheckRule "$RFI >= 8" BLOCK;
120
CheckRule "$TRAVERSAL >= 4" BLOCK;
121
CheckRule "$XSS >= 8" BLOCK;
122
root $TEST_NGINX_SERVROOT/html/;
123
index index.html index.htm;
124
BasicRule wl:1999 "mz:$URL:/|ARGS";
126
location /RequestDenied {
132
=== WL TEST 1.5: Adding a test rule in http_config (ARGS zone) and WL it on $URL + ZONE (wrong URL).
137
include /etc/nginx/naxsi_core.rules;
138
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
143
DeniedUrl "/RequestDenied";
144
CheckRule "$SQL >= 8" BLOCK;
145
CheckRule "$RFI >= 8" BLOCK;
146
CheckRule "$TRAVERSAL >= 4" BLOCK;
147
CheckRule "$XSS >= 8" BLOCK;
148
root $TEST_NGINX_SERVROOT/html/;
149
index index.html index.htm;
150
BasicRule wl:1999 "mz:$URL:/|ARGS";
152
location /RequestDenied {
158
=== WL TEST 1.6: Adding a test rule in http_config (ARGS zone) and WL it on $URL + $ARG_VAR.
163
include /etc/nginx/naxsi_core.rules;
164
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
169
DeniedUrl "/RequestDenied";
170
CheckRule "$SQL >= 8" BLOCK;
171
CheckRule "$RFI >= 8" BLOCK;
172
CheckRule "$TRAVERSAL >= 4" BLOCK;
173
CheckRule "$XSS >= 8" BLOCK;
174
root $TEST_NGINX_SERVROOT/html/;
175
index index.html index.htm;
176
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:AbCd";
178
location /RequestDenied {
182
GET /index2?ABCD=foobar
184
=== WL TEST 2.0: Adding a rule that will match on headers
186
include /etc/nginx/naxsi_core.rules;
187
MainRule "str:foobar" "msg:foobar test pattern" "mz:HEADERS" "s:$SQL:42" id:1999;
192
DeniedUrl "/RequestDenied";
193
CheckRule "$SQL >= 8" BLOCK;
194
CheckRule "$RFI >= 8" BLOCK;
195
CheckRule "$TRAVERSAL >= 4" BLOCK;
196
CheckRule "$XSS >= 8" BLOCK;
197
root $TEST_NGINX_SERVROOT/html/;
198
index index.html index.htm;
200
location /RequestDenied {
208
=== WL TEST 2.1: Adding a rule that will match on headers, WL it on $HEADERS_VAR
210
include /etc/nginx/naxsi_core.rules;
211
MainRule "str:foobar" "msg:foobar test pattern" "mz:HEADERS" "s:$SQL:42" id:1999;
219
DeniedUrl "/RequestDenied";
220
CheckRule "$SQL >= 8" BLOCK;
221
CheckRule "$RFI >= 8" BLOCK;
222
CheckRule "$TRAVERSAL >= 4" BLOCK;
223
CheckRule "$XSS >= 8" BLOCK;
224
root $TEST_NGINX_SERVROOT/html/;
225
index index.html index.htm;
226
BasicRule wl:1999 "mz:$HEADERS_VAR:cookie";
228
location /RequestDenied {
236
=== WL TEST 2.2: Adding a rule that will match on headers specific header name
238
include /etc/nginx/naxsi_core.rules;
239
MainRule "str:foobar" "msg:foobar test pattern" "mz:$HEADERS_VAR:cookie" "s:$SQL:42" id:1999;
247
DeniedUrl "/RequestDenied";
248
CheckRule "$SQL >= 8" BLOCK;
249
CheckRule "$RFI >= 8" BLOCK;
250
CheckRule "$TRAVERSAL >= 4" BLOCK;
251
CheckRule "$XSS >= 8" BLOCK;
252
root $TEST_NGINX_SERVROOT/html/;
253
index index.html index.htm;
255
location /RequestDenied {
263
=== WL TEST 2.3: Adding a rule that will match on headers, WL it by $URL + zone
265
include /etc/nginx/naxsi_core.rules;
266
MainRule "str:foobar" "msg:foobar test pattern" "mz:HEADERS" "s:$SQL:42" id:1999;
274
DeniedUrl "/RequestDenied";
275
CheckRule "$SQL >= 8" BLOCK;
276
CheckRule "$RFI >= 8" BLOCK;
277
CheckRule "$TRAVERSAL >= 4" BLOCK;
278
CheckRule "$XSS >= 8" BLOCK;
279
root $TEST_NGINX_SERVROOT/html/;
280
index index.html index.htm;
281
BasicRule "wl:1999" "mz:$URL:/another-page|HEADERS";
283
location /RequestDenied {
291
=== WL TEST 2.4 : Adding a rule that will match on headers, WL it by $URL + $HEADERS_VAR
293
include /etc/nginx/naxsi_core.rules;
294
MainRule "str:foobar" "msg:foobar test pattern" "mz:HEADERS" "s:$SQL:42" id:1999;
302
DeniedUrl "/RequestDenied";
303
CheckRule "$SQL >= 8" BLOCK;
304
CheckRule "$RFI >= 8" BLOCK;
305
CheckRule "$TRAVERSAL >= 4" BLOCK;
306
CheckRule "$XSS >= 8" BLOCK;
307
root $TEST_NGINX_SERVROOT/html/;
308
index index.html index.htm;
309
BasicRule wl:1999 "mz:$URL:/another-page|$HEADERS_VAR:cookie";
311
location /RequestDenied {
319
=== WL TEST 2.5 : Adding a rule that will match on headers, WL it by $URL + $HEADERS_VAR (WRONG URL)
321
include /etc/nginx/naxsi_core.rules;
322
MainRule "str:foobar" "msg:foobar test pattern" "mz:HEADERS" "s:$SQL:42" id:1999;
330
DeniedUrl "/RequestDenied";
331
CheckRule "$SQL >= 8" BLOCK;
332
CheckRule "$RFI >= 8" BLOCK;
333
CheckRule "$TRAVERSAL >= 4" BLOCK;
334
CheckRule "$XSS >= 8" BLOCK;
335
root $TEST_NGINX_SERVROOT/html/;
336
index index.html index.htm;
337
BasicRule wl:1999 "mz:$URL:/another-page|$HEADERS_VAR:cookie";
339
location /RequestDenied {
347
=== WL TEST 2.6 : Adding a rule that will match on headers, WL it by $URL + $HEADERS_VAR (WRONG HEADER NAME)
349
include /etc/nginx/naxsi_core.rules;
350
MainRule "str:foobar" "msg:foobar test pattern" "mz:HEADERS" "s:$SQL:42" id:1999;
358
DeniedUrl "/RequestDenied";
359
CheckRule "$SQL >= 8" BLOCK;
360
CheckRule "$RFI >= 8" BLOCK;
361
CheckRule "$TRAVERSAL >= 4" BLOCK;
362
CheckRule "$XSS >= 8" BLOCK;
363
root $TEST_NGINX_SERVROOT/html/;
364
index index.html index.htm;
365
BasicRule wl:1999 "mz:$URL:/another-page|$HEADERS_VAR:cookie";
367
location /RequestDenied {
375
=== URL WL TEST 3.0: Adding a test rule on ARGS (testing case sensitivness)
380
include /etc/nginx/naxsi_core.rules;
381
MainRule "str:bra" "msg:test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
386
DeniedUrl "/RequestDenied";
387
CheckRule "$SQL >= 8" BLOCK;
388
CheckRule "$RFI >= 8" BLOCK;
389
CheckRule "$TRAVERSAL >= 4" BLOCK;
390
CheckRule "$XSS >= 8" BLOCK;
391
root $TEST_NGINX_SERVROOT/html/;
392
index index.html index.htm;
394
location /RequestDenied {
400
=== URL WL TEST 3.1: Adding a test rule on ARGS (testing case sensitivness #2)
405
include /etc/nginx/naxsi_core.rules;
406
MainRule "str:BrA" "msg:test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
411
DeniedUrl "/RequestDenied";
412
CheckRule "$SQL >= 8" BLOCK;
413
CheckRule "$RFI >= 8" BLOCK;
414
CheckRule "$TRAVERSAL >= 4" BLOCK;
415
CheckRule "$XSS >= 8" BLOCK;
416
root $TEST_NGINX_SERVROOT/html/;
417
index index.html index.htm;
419
location /RequestDenied {
425
=== URL WL TEST 3.2: Adding a test rule on URI (testing case sensitivness #2)
430
include /etc/nginx/naxsi_core.rules;
431
MainRule "str:BrA" "msg:test pattern" "mz:$URL:/foobar|ARGS" "s:$SQL:42" id:1999;
436
DeniedUrl "/RequestDenied";
437
CheckRule "$SQL >= 8" BLOCK;
438
CheckRule "$RFI >= 8" BLOCK;
439
CheckRule "$TRAVERSAL >= 4" BLOCK;
440
CheckRule "$XSS >= 8" BLOCK;
441
root $TEST_NGINX_SERVROOT/html/;
442
index index.html index.htm;
444
location /RequestDenied {
450
=== WL TEST 5.0: Testing the POST content-type rule !
455
include /etc/nginx/naxsi_core.rules;
456
MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-typz" "s:BLOCK" id:1402;
461
DeniedUrl "/RequestDenied";
462
CheckRule "$SQL >= 8" BLOCK;
463
CheckRule "$RFI >= 8" BLOCK;
464
CheckRule "$TRAVERSAL >= 4" BLOCK;
465
CheckRule "$XSS >= 8" BLOCK;
466
root $TEST_NGINX_SERVROOT/html/;
467
index index.html index.htm;
468
error_page 405 = $uri;
470
location /RequestDenied {
474
Content-Typz: application/x-www-form-urlencoded
475
Content-Type: application/x-www-form-urlencoded
481
=== WL TEST 5.1: Testing the POST content-type rule #2
486
include /etc/nginx/naxsi_core.rules;
487
MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:content-typz" "s:BLOCK" id:1999;
492
DeniedUrl "/RequestDenied";
493
CheckRule "$SQL >= 8" BLOCK;
494
CheckRule "$RFI >= 8" BLOCK;
495
CheckRule "$TRAVERSAL >= 4" BLOCK;
496
CheckRule "$XSS >= 8" BLOCK;
497
root $TEST_NGINX_SERVROOT/html/;
498
index index.html index.htm;
499
error_page 405 = $uri;
501
location /RequestDenied {
505
Content-Type: application/x-www-form-urlencoded
506
Content-Typz: application/z-www-form-urlencoded
512
=== WL TEST 5.1: Testing the POST content-type rule #3
517
include /etc/nginx/naxsi_core.rules;
518
MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:content-typz" "s:BLOCK" id:1999;
523
DeniedUrl "/RequestDenied";
524
CheckRule "$SQL >= 8" BLOCK;
525
CheckRule "$RFI >= 8" BLOCK;
526
CheckRule "$TRAVERSAL >= 4" BLOCK;
527
CheckRule "$XSS >= 8" BLOCK;
528
root $TEST_NGINX_SERVROOT/html/;
529
index index.html index.htm;
530
error_page 405 = $uri;
532
location /RequestDenied {
536
Content-Type: application/x-www-form-urlencoded
537
cOnTeNT-TYpZ: application/x-www-form-evilencoded
543
=== WL TEST 5: Adding a test rule in http_config (ARGS zone) and WL it on url + wrong arg name.
548
include /etc/nginx/naxsi_core.rules;
549
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
554
DeniedUrl "/RequestDenied";
555
CheckRule "$SQL >= 8" BLOCK;
556
CheckRule "$RFI >= 8" BLOCK;
557
CheckRule "$TRAVERSAL >= 4" BLOCK;
558
CheckRule "$XSS >= 8" BLOCK;
559
root $TEST_NGINX_SERVROOT/html/;
560
index index.html index.htm;
561
BasicRule wl:1999 "mz:$URL:/foobar|$ARGS_VAR:barone";
563
location /RequestDenied {
567
GET /foobar?baron=foobar
569
=== WL TEST 6: Adding a test rule in http_config (ARGS zone) and WL it.
571
include /etc/nginx/naxsi_core.rules;
572
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
577
DeniedUrl "/RequestDenied";
578
CheckRule "$SQL >= 8" BLOCK;
579
CheckRule "$RFI >= 8" BLOCK;
580
CheckRule "$TRAVERSAL >= 4" BLOCK;
581
CheckRule "$XSS >= 8" BLOCK;
582
root $TEST_NGINX_SERVROOT/html/;
583
index index.html index.htm;
586
location /RequestDenied {
592
=== WL TEST 7: Adding a test rule in http_config (URL zone) and WL it on url + zone.
597
include /etc/nginx/naxsi_core.rules;
598
MainRule "str:foobar" "msg:foobar test pattern" "mz:URL" "s:$SQL:42" id:1999;
603
DeniedUrl "/RequestDenied";
604
CheckRule "$SQL >= 8" BLOCK;
605
CheckRule "$RFI >= 8" BLOCK;
606
CheckRule "$TRAVERSAL >= 4" BLOCK;
607
CheckRule "$XSS >= 8" BLOCK;
608
root $TEST_NGINX_SERVROOT/html/;
609
index index.html index.htm;
610
BasicRule wl:1999 "mz:$URL:/foobar|URL";
612
location /RequestDenied {
618
=== WL TEST 8: Adding a test rule in http_config (URL zone).
623
include /etc/nginx/naxsi_core.rules;
624
MainRule "str:foobar" "msg:foobar test pattern" "mz:URL" "s:$SQL:42" id:1999;
629
DeniedUrl "/RequestDenied";
630
CheckRule "$SQL >= 8" BLOCK;
631
CheckRule "$RFI >= 8" BLOCK;
632
CheckRule "$TRAVERSAL >= 4" BLOCK;
633
CheckRule "$XSS >= 8" BLOCK;
634
root $TEST_NGINX_SERVROOT/html/;
635
index index.html index.htm;
637
location /RequestDenied {
643
=== WL TEST 8.1 : Adding a test rule in http_config (URL zone) and whitelist it with $URL:|URL.
648
include /etc/nginx/naxsi_core.rules;
649
MainRule "str:foobar" "msg:foobar test pattern" "mz:URL" "s:$SQL:42" id:1999;
654
DeniedUrl "/RequestDenied";
655
CheckRule "$SQL >= 8" BLOCK;
656
CheckRule "$RFI >= 8" BLOCK;
657
CheckRule "$TRAVERSAL >= 4" BLOCK;
658
CheckRule "$XSS >= 8" BLOCK;
659
root $TEST_NGINX_SERVROOT/html/;
660
index index.html index.htm;
661
BasicRule wl:1999 "mz:$URL:/foobar|URL";
663
location /RequestDenied {
669
=== WL TEST 8.2 : Adding a test rule in http_config (URL zone) and whitelist it with URL and no $URL.
674
include /etc/nginx/naxsi_core.rules;
675
MainRule "str:foobar" "msg:foobar test pattern" "mz:URL" "s:$SQL:42" id:1999;
680
DeniedUrl "/RequestDenied";
681
CheckRule "$SQL >= 8" BLOCK;
682
CheckRule "$RFI >= 8" BLOCK;
683
CheckRule "$TRAVERSAL >= 4" BLOCK;
684
CheckRule "$XSS >= 8" BLOCK;
685
root $TEST_NGINX_SERVROOT/html/;
686
index index.html index.htm;
687
BasicRule wl:1999 "mz:URL";
689
location /RequestDenied {
695
=== WL TEST 8: Adding a test rule in http_config (ARGS zone) and WL it on url + arg name.
700
include /etc/nginx/naxsi_core.rules;
701
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
706
DeniedUrl "/RequestDenied";
707
CheckRule "$SQL >= 8" BLOCK;
708
CheckRule "$RFI >= 8" BLOCK;
709
CheckRule "$TRAVERSAL >= 4" BLOCK;
710
CheckRule "$XSS >= 8" BLOCK;
711
root $TEST_NGINX_SERVROOT/html/;
712
index index.html index.htm;
713
BasicRule wl:1999 "mz:$URL:/foobar|$ARGS_VAR:barone";
715
location /RequestDenied {
719
GET /foobar?barone=foobar
721
=== WL TEST 9: Adding a test rule in http_config (ARGS zone) and WL it on $ARGS_VAR only.
726
include /etc/nginx/naxsi_core.rules;
727
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
732
DeniedUrl "/RequestDenied";
733
CheckRule "$SQL >= 8" BLOCK;
734
CheckRule "$RFI >= 8" BLOCK;
735
CheckRule "$TRAVERSAL >= 4" BLOCK;
736
CheckRule "$XSS >= 8" BLOCK;
737
root $TEST_NGINX_SERVROOT/html/;
738
index index.html index.htm;
739
BasicRule wl:1999 "mz:$ARGS_VAR:barone";
741
location /RequestDenied {
745
GET /foobar?barone=foobar
747
=== WL TEST 10: Adding a test rule in http_config (ARGS zone) and WL it on url + wrong arg name.
752
include /etc/nginx/naxsi_core.rules;
753
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
758
DeniedUrl "/RequestDenied";
759
CheckRule "$SQL >= 8" BLOCK;
760
CheckRule "$RFI >= 8" BLOCK;
761
CheckRule "$TRAVERSAL >= 4" BLOCK;
762
CheckRule "$XSS >= 8" BLOCK;
763
root $TEST_NGINX_SERVROOT/html/;
764
index index.html index.htm;
765
BasicRule wl:1999 "mz:$URL:/foobar|$ARGS_VAR:barone";
767
location /RequestDenied {
771
GET /foobar?baron=foobar
773
=== WL TEST 11: Adding a test rule in http_config (ARGS zone) and WL it on url + wrong URL.
778
include /etc/nginx/naxsi_core.rules;
779
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
784
DeniedUrl "/RequestDenied";
785
CheckRule "$SQL >= 8" BLOCK;
786
CheckRule "$RFI >= 8" BLOCK;
787
CheckRule "$TRAVERSAL >= 4" BLOCK;
788
CheckRule "$XSS >= 8" BLOCK;
789
root $TEST_NGINX_SERVROOT/html/;
790
index index.html index.htm;
791
BasicRule wl:1999 "mz:$URL:/foobar|$ARGS_VAR:barone";
793
location /RequestDenied {
797
GET /foobarx?baron=foobar
799
=== WL TEST 12: Adding a test rule in http_config (ARGS zone) and WL it on url + wrong arg name.
804
include /etc/nginx/naxsi_core.rules;
805
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
810
DeniedUrl "/RequestDenied";
811
CheckRule "$SQL >= 8" BLOCK;
812
CheckRule "$RFI >= 8" BLOCK;
813
CheckRule "$TRAVERSAL >= 4" BLOCK;
814
CheckRule "$XSS >= 8" BLOCK;
815
root $TEST_NGINX_SERVROOT/html/;
816
index index.html index.htm;
817
BasicRule wl:1999 "mz:$URL:/foobar|$ARGS_VAR:barone";
819
location /RequestDenied {
823
GET /foobar?baron=foobar
825
=== WL TEST 13: Whitelisting multiple rules in one WL.
830
include /etc/nginx/naxsi_core.rules;
831
MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1999;
832
MainRule "str:yestwo" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1998;
837
DeniedUrl "/RequestDenied";
838
CheckRule "$SQL >= 8" BLOCK;
839
CheckRule "$RFI >= 8" BLOCK;
840
CheckRule "$TRAVERSAL >= 4" BLOCK;
841
CheckRule "$XSS >= 8" BLOCK;
842
root $TEST_NGINX_SERVROOT/html/;
843
index index.html index.htm;
845
location /RequestDenied {
849
GET /?a=yesone&b=yestwo
851
=== WL TEST 14 : Whitelist on ARG_NAME.
856
include /etc/nginx/naxsi_core.rules;
857
MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1999;
862
DeniedUrl "/RequestDenied";
863
BasicRule wl:1999 "mz:$ARGS_VAR:b";
864
CheckRule "$SQL >= 8" BLOCK;
865
CheckRule "$RFI >= 8" BLOCK;
866
CheckRule "$TRAVERSAL >= 4" BLOCK;
867
CheckRule "$XSS >= 8" BLOCK;
868
root $TEST_NGINX_SERVROOT/html/;
869
index index.html index.htm;
871
location /RequestDenied {
877
=== WL TEST 14.1 : Whitelist on ARG_NAME.
882
include /etc/nginx/naxsi_core.rules;
883
MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:BLOCK" id:1999;
888
DeniedUrl "/RequestDenied";
889
CheckRule "$SQL >= 8" BLOCK;
890
CheckRule "$RFI >= 8" BLOCK;
891
CheckRule "$TRAVERSAL >= 4" BLOCK;
892
CheckRule "$XSS >= 8" BLOCK;
893
root $TEST_NGINX_SERVROOT/html/;
894
index index.html index.htm;
895
BasicRule wl:1002 "mz:ARGS";
897
location /RequestDenied {
903
=== WL TEST 15 : Whitelisting multiple rules in one WL.
908
include /etc/nginx/naxsi_core.rules;
909
MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1999;
910
MainRule "str:yestwo" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1998;
915
DeniedUrl "/RequestDenied";
916
CheckRule "$SQL >= 8" BLOCK;
917
CheckRule "$RFI >= 8" BLOCK;
918
CheckRule "$TRAVERSAL >= 4" BLOCK;
919
CheckRule "$XSS >= 8" BLOCK;
920
root $TEST_NGINX_SERVROOT/html/;
921
index index.html index.htm;
922
BasicRule wl:1999,1998;
924
location /RequestDenied {
928
GET /?a=yesone&b=yestwo
930
=== WL TEST 16 : Whitelisting all rules on one arg (wl:0).
935
include /etc/nginx/naxsi_core.rules;
936
MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1999;
937
MainRule "str:yestwo" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1998;
942
DeniedUrl "/RequestDenied";
943
CheckRule "$SQL >= 8" BLOCK;
944
CheckRule "$RFI >= 8" BLOCK;
945
CheckRule "$TRAVERSAL >= 4" BLOCK;
946
CheckRule "$XSS >= 8" BLOCK;
947
BasicRule wl:0 "mz:$ARGS_VAR:a";
948
root $TEST_NGINX_SERVROOT/html/;
949
index index.html index.htm;
951
location /RequestDenied {
957
=== WL TEST 17 : Whitelisting all rules on one arg (wl:0) NOT.
962
include /etc/nginx/naxsi_core.rules;
963
MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1999;
964
MainRule "str:yestwo" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:4" id:1998;
969
DeniedUrl "/RequestDenied";
970
CheckRule "$SQL >= 8" BLOCK;
971
CheckRule "$RFI >= 8" BLOCK;
972
CheckRule "$TRAVERSAL >= 4" BLOCK;
973
CheckRule "$XSS >= 8" BLOCK;
974
root $TEST_NGINX_SERVROOT/html/;
975
index index.html index.htm;
977
location /RequestDenied {
984
=== WL TEST 18 : Whitelisting rule id 1
989
include /etc/nginx/naxsi_core.rules;
994
DeniedUrl "/RequestDenied";
995
CheckRule "$SQL >= 8" BLOCK;
996
CheckRule "$RFI >= 8" BLOCK;
997
CheckRule "$TRAVERSAL >= 4" BLOCK;
998
CheckRule "$XSS >= 8" BLOCK;
999
root $TEST_NGINX_SERVROOT/html/;
1000
index index.html index.htm;
1001
error_page 405 = $uri;
1003
location /RequestDenied {
1010
=== WL TEST 18.1 : Whitelisting rule id 1
1015
include /etc/nginx/naxsi_core.rules;
1020
DeniedUrl "/RequestDenied";
1021
CheckRule "$SQL >= 8" BLOCK;
1022
CheckRule "$RFI >= 8" BLOCK;
1023
CheckRule "$TRAVERSAL >= 4" BLOCK;
1024
CheckRule "$XSS >= 8" BLOCK;
1025
root $TEST_NGINX_SERVROOT/html/;
1026
index index.html index.htm;
1027
BasicRule wl:1 "mz:$URL:/|BODY";
1028
error_page 405 = $uri;
1030
location /RequestDenied {