Whitelist rule syntax:
basicrule wl:id [negative] [mz:[$url:target_url]|[match_zone]|[$args_var:varname]|[$ body_vars:varname]|[$headers_var:varname]|[name]]
Which interception rules will enter Whitelist | |
Add all interception rules to the whitelist | |
Add the interception rule with ID 42 to the whitelist | |
Add the interception rule with IDs 42, 41 and 43 to the whitelist | |
Add all interception rules to the whitelist, except the interception rule with id 42 |
get’s entire parameters, such as: foo=bar&in= | |
Get the parameter name of the parameter, such as foo and in in foo=bar&in= | |
The parameter name of the regular matching get parameter | |
The entire http protocol header | |
The name of the http protocol header | |
The name of the regular matching http protocol header | |
The entire parameter content of post | |
The parameter name of post parameter | |
Parameter name of the regular matching post parameter | |
#url (before ?) | |
Regular matching url (before ?) | |
File name (the file name uploaded when uploading a file in post) |
Take rule #1000 as an example: Rule #1000 filters out select, update, delete, insert Rules for sql keywords
Description | |
Completely disable interception rule #1000 in this sub-rule. Because there is no specified area, all are added to the whitelist. | |
Disable interception rules in all get parameter values named foo#1000 |
Requests like http://mike.hi-linux.com/?foo=select * from demo will not be filtered. |
In the get request with url /bar Parameter disable interception rule #1000 |
The following similar requests will not be filtered: http://mike.hi-linux.com/bar?my=select * from demohttp:// mike.hi-linux.com/bar?from=weibo |
at Disable interception rules for all parameter names (just names, not including parameter values) in all get requests #1000 |
The following requests will not be filtered: http://mike.hi-linux .com/bar?from=weibo The following requests will be filtered: http://mike.hi-linux.com/bar?foo=select Because select It is a parameter value and is not in the whitelist range. |
Disable all interception rules for URLs that match ^/upload/(.*).(.*)$ regular rules in all requests |
Similar to http://mike.hi-linux.com/upload The /select.db request will not be filtered (it would have triggered the #1000 interception rule). |
The above is the detailed content of What are the nginx-naxsi whitelist rules?. For more information, please follow other related articles on the PHP Chinese website!