Nginx

whitelist incorrect rule

Bug #1168720 reported by Pierre Schweitzer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Nginx
Won't Fix
Undecided
Unassigned

Bug Description

Hi,

when importing this wl rule into naxsi:
# total_count:2186 (1.37%), peer_count:297 (25.94%) | sql keywords
BasicRule wl:1000 "mz:$URL_VAR:cookie";

nginx can't be restarted anylonger and displays the error:
Restarting nginx: nginx: [emerg] Naxsi-Config : Incorrect line BasicRule wl:1000 (/build/buildd/nginx-1.1.19/debian/modules/naxsi/naxsi_src/naxsi_skeleton.c/329)... in /etc/nginx/mynaxsi.rules:7
nginx: configuration file /etc/nginx/nginx.conf test failed

This rule was generated by nx_util.py.

nginx release in use is the one in Ubuntu 12.04LTS, fully updated.
# nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-cache-purge --add-module=/build/buildd/nginx-1.1.19/debian/modules/naxsi/naxsi_src

This looks similar to: https://code.google.com/p/naxsi/issues/detail?id=30

Regards,

See original description
Pierre Schweitzer (pierre-jean-schweitzer)
description: updated
Revision history for this message
Ove Jobring (ovejo) wrote :

This is probably caused by the issues described in bug #1313224

nx_util.py is the learning/white-list tool for the latest stable naxsi version, 0.53-X

The naxsi version 0.50.0 is included in the nginx-naxsi package.

Revision history for this message
Pierre Schweitzer (pierre-jean-schweitzer) wrote :

There's no such file included in nginx-naxsi package on Precise:

# dpkg-deb -c /var/cache/apt/archives/nginx-naxsi_1.1.19-1ubuntu0.5_amd64.deb
drwxr-xr-x root/root 0 2013-11-22 03:14 ./
drwxr-xr-x root/root 0 2013-11-22 03:14 ./usr/
drwxr-xr-x root/root 0 2013-11-22 03:14 ./usr/share/
drwxr-xr-x root/root 0 2013-11-22 03:14 ./usr/share/doc/
drwxr-xr-x root/root 0 2013-11-22 03:15 ./usr/share/doc/nginx-naxsi/
-rw-r--r-- root/root 6277 2012-04-13 09:06 ./usr/share/doc/nginx-naxsi/copyright
-rw-r--r-- root/root 2029 2013-11-22 03:15 ./usr/share/doc/nginx-naxsi/changelog.Debian.gz
drwxr-xr-x root/root 0 2013-11-22 03:14 ./usr/sbin/
-rwxr-xr-x root/root 642440 2013-11-22 03:14 ./usr/sbin/nginx
lrwxrwxrwx root/root 0 2013-11-22 03:14 ./usr/share/doc/nginx-naxsi/CHANGES.gz -> changelog.gz

Revision history for this message
Thomas Ward (teward) wrote :

Pierre, this bug here, 1168720, is against nginx upstream and the PPAs. If you are not using the PPAs, as you are on 1.1.19, then this bug is Incomplete against the nginx ppa/project until you've checked the stable PPAs.

The Ubuntu package bug on this is #1170585 if you want to make comments there on the Ubuntu Repository package.

Changed in nginx:
status: New → Incomplete
Revision history for this message
Thomas Ward (teward) wrote :

Marking Won't Fix. Please see https://bugs.launchpad.net/nginx/+bug/1313224 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746199#18 for details.

Changed in nginx:
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.