Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

olds deniedurl

Jump to bottom
bui edited this page Jul 15, 2016 · 1 revision

DeniedUrl is used to indicate a location where blocked requests will be redirected (internally).

In version before 0.49, by default, naxsi forwards blocked request there while in learning mode. Upon "real" request termination, using nginx's post_action mechanism.

This was due to usage of nx_intercept, which could intercept learning traffic in live.

As the request might be modified during redirect (url & arguments), extra http headers orig_url (original url), orig_args (original GET args) and naxsi_sig (NAXSI_FMT) are added.

If $naxsi_flag_post_action is set to "1", naxsi will perform post_action (while in learning) even in versions '''> 0.49'''.

The headers that are forwarded to the location denied page are :

./naxsi_runtime.c:  #define NAXSI_HEADER_ORIG_URL "x-orig_url"
./naxsi_runtime.c:  #define NAXSI_HEADER_ORIG_ARGS "x-orig_args"
./naxsi_runtime.c:  #define NAXSI_HEADER_NAXSI_SIG "x-naxsi_sig"
Clone this wiki locally