diff --git a/naxsi_src/naxsi_net.h b/naxsi_src/naxsi_net.h index 34e9be2f..11be14b6 100644 --- a/naxsi_src/naxsi_net.h +++ b/naxsi_src/naxsi_net.h @@ -8,9 +8,9 @@ #define __NAXSI_NET_H__ #if defined(__FreeBSD__) - #include - #include - #include +#include +#include +#include #endif #include diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c index 28ed8a9e..b7a44781 100644 --- a/naxsi_src/naxsi_runtime.c +++ b/naxsi_src/naxsi_runtime.c @@ -2031,8 +2031,7 @@ ngx_http_basestr_ruleset_n(ngx_pool_t* pool, */ if ((zone == HEADERS && r[i].br->headers) || (zone == URL && r[i].br->url) || (zone == ARGS && r[i].br->args) || (zone == BODY && r[i].br->raw_body) || - (zone == BODY && r[i].br->body && !r[i].br->file_ext) || - (zone == FILE_EXT && r[i].br->file_ext)) { + (zone == BODY && r[i].br->body) || (zone == FILE_EXT && r[i].br->file_ext)) { /* ** If the Rule **specifically** targets name (ie. mz:BODY|NAME), only diff --git a/t/00naxsi_base.t b/t/00naxsi_base.t index 1be4ef9c..872e2edc 100644 --- a/t/00naxsi_base.t +++ b/t/00naxsi_base.t @@ -1204,5 +1204,95 @@ GET /z?&yesonea --- error_code: 412 +=== TEST 37: multipart, MainRule BODY|FILE_EXT blocked +--- user_files +>>> foobar +eh yo +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +MainRule "id:4241" "s:DROP" "str:matchme" "mz:BODY|FILE_EXT"; +--- config +location / { + #LearningMode; + SecRulesEnabled; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$UPLOAD >= 8" BLOCK; + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; + error_page 405 = $uri; +} +location /RequestDenied { + return 412; +} +--- raw_request eval +"POST /foobar HTTP/1.1\r +Host: 127.0.0.1\r +Connection: Close\r +User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10\r +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r +Accept-Language: en-us,en;q=0.5\r +Accept-Encoding: gzip, deflate\r +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r +Referer: http://127.0.0.1/\r +Content-Type: application/x-www-form-urlencoded\r +Content-Length: 38\r +\r +txtName=matchme&btnSign=Sign+Guestbook\r +" +--- error_code: 412 + + +=== TEST 37: multipart, BasicRule BODY|FILE_EXT blocked +--- user_files +>>> foobar +eh yo +--- main_config +load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so; +--- http_config +include /tmp/naxsi_ut/naxsi_core.rules; +--- config +location / { + #LearningMode; + SecRulesEnabled; + DeniedUrl "/RequestDenied"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + CheckRule "$UPLOAD >= 8" BLOCK; + BasicRule "id:4241" "s:DROP" "str:matchme" "mz:BODY|FILE_EXT"; + + + root $TEST_NGINX_SERVROOT/html/; + index index.html index.htm; + error_page 405 = $uri; +} +location /RequestDenied { + return 412; +} +--- raw_request eval +"POST /foobar HTTP/1.1\r +Host: 127.0.0.1\r +Connection: Close\r +User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10\r +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r +Accept-Language: en-us,en;q=0.5\r +Accept-Encoding: gzip, deflate\r +Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r +Referer: http://127.0.0.1/\r +Content-Type: application/x-www-form-urlencoded\r +Content-Length: 38\r +\r +txtName=matchme&btnSign=Sign+Guestbook\r +" +--- error_code: 412 + +