-
Notifications
You must be signed in to change notification settings - Fork 606
internal rules
Internal rules are rules that can be fired by naxsi, when request is incorrect or extremely unusual - or naxsi is not able to parse the request (ie. unknown content-type).
Please note that those rules do not set an internal score, but usually just set the block
flag of the request to 1
.
You can whitelist those, but you should never have to do so. When whitelisting an internal rule, you might be disabling naxsi at least partially, so think twice about it.
- id: 1
- action: block
- impact: pass-thru
A request that cannot be understood by naxsi. When whitelisting this one, you are telling naxsi to blindly accept the request and not to parse it.
- id: 2
- action: block
- impact : pass-thru
A request that is buffered on file system because it's too big. Naxsi doesn't parse buffered requests. You can always increase client_body_buffer_size in nginx's config.
- id: 10
- action: block
- impact : partial loss of decoding
Hex encoding that is not valid, and that naxsi cannot "url decode".
- id: 11
- action: block
- impact : pass-thru on BODY
A content-type unknown to naxsi. Meaning naxsi cannot parse the body. However, if id:11 is whitelisted and >= 0.55rc2, RAW_BODY rules can be used.
- id: 12
- action: block
- impact: partial pass-thru on GET args
An URL that is not standard (ie. ?x=foo&z=bar
). Can lead to uncorrectly parsed arguments when whitelisted.
- id: 13
- action: block
- impact: pass-thru on BODY
POST body is malformed, ie.
- bad content-disposition
- no variable name
- malformed attached file content-type
- id: 14
- action: block
- impact: pass-thru on BODY
POST body is malformed, ie.
- bad content-type
- bad boundary (too short, too long, not rfc compliant)
- id: 15
- action: block
- impact: pass-thru on BODY (json)
JSON is malformed (ie. missing } ]
).
- id: 16
- action: block
- impact: pass-thru on BODY
Raised when body is empty and/or content-length is zero.
- id: 17
- action: ??
See libinjection.
- id: 18
- action: ??
See libinjection.