Naxsi 1.7

What's New

• Release of the new documentation (available here: https://wargio.github.io/naxsi/)
• Various fixes when parsing malformed arguments
• Fixes for PCRE integration
• Bump of libinjection to libinjection/libinjection@b9fcaaf
• Fixed whitelists checks in special conditions.
• Fixed $naxsi_request_id not being populated.
• Refactored logging code for better maintainability and performance
• Matchzone FILE_EXT now can be used with $URL_X:<regex>

What's Changed

• Fix ignore weird args by @lubomudr in #118
• Add specific pcre lib for each nginx build. by @wargio in #106
• Bump version to 1.7 and updated libinjection by @wargio in #119
• Tests for #118 by @lubomudr in #120
• Fix premature completion of checks for whitelisted internal rules by @lubomudr in #141
• Fixed: $naxsi_request_id (issue #142) by @lubomudr in #154
• Fix: "application/reports+json" request parsing as JSON by @lubomudr in #155
• Refactor logging by @wargio in #157
• Allow FILE_EXT to be mixed with URL_X by @wargio in #161

Changes on rules:

• Fix wrong coment on rule by @wargio in #122
• Add extra web security & php rules by @wargio in #124
• Block EgyScan security scanner via rule 10000040 by @wargio in #147
• Add new rules by @wargio in #156

Changes on Documentation:

• Fix docs link by @selivan in #107
• Add explicit .md to all docs links by @selivan in #108
• Fix documentation by @wargio in #143
• Rewrite more documentation by @wargio in #144
• Change markdown in pages by @wargio in #145
• Internal rules pages by @wargio in #146
• Add rule chapter to new Documents & add IgnoreIP and IgnoreCIDR directives by @wargio in #148
• Moved old wiki and new wiki by @wargio in #149
• Add Packaging Naxsi to Docs by @wargio in #151
• Add whitelist to docs by @wargio in #152
• Fix grammar in whitelist.md by @wargio in #153
• Add matchzone chapter by @wargio in #162
• Add docs about decoding of values before matching by @wargio in #164
• Add documentation on logs by @wargio in #165
• Fix typo and updated instruction for Arch Linux by @wargio in #166

Repository maintenance (workflows, readme, etc..):

• Update README.md by @wargio in #111
• Add bug template by @wargio in #116
• Update bug_report.md by @wargio in #117
• Add NGINX 1.26.1 and 1.27.0 to workflow by @wargio in #140
• Dist fixes by @wargio in #163

Full Changelog: 1.6...1.7

Naxsi 1.6 (Security Update)

This release fixes a high security vulnerability

What's Changed

• Remove X-Forwarded-For header special processing by @lubomudr in #103
• Update libinjection and bump version to 1.6 by @wargio in #104

Full Changelog: 1.5...1.6

Naxsi 1.5

What's Changed

• Rename FILENAME to NAXSI_FILENAME by @wargio in #73
• Update libinjection to latest version by @wargio in #77
• Fix CI build and added check for future changes. by @wargio in #78
• Dist create tarball by @wargio in #80
• Fix linguist-vendored as git attribs by @wargio in #81
• Fix language on gh by @wargio in #82
• [Rule] Path traversal in nuxt/framework when in dev mode by @wargio in #85
• Add alpine release by @wargio in #87
• Add back bookworm by @wargio in #88
• Fix whitelist inheritance by @lubomudr in #89
• Bump version and add wafefficacy in CI by @wargio in #90
• Use system libinjection when possible by @wargio in #92
• Fix IgnoreIP/IgnoreCIDR inheritance by @lubomudr in #93
• docs: move old naxsi wiki to docs directory and comb it up a little by @selivan in #94
• Fix reuse job by @wargio in #97
• IgnoreIP/IgnoreCIDR and internal rules by @lubomudr in #96
• Remove unnecessary logging of ignorable requests by @lubomudr in #99
• Fix arch build by @wargio in #102

New Contributors

• @lubomudr made their first contribution in #89
• @selivan made their first contribution in #94

Full Changelog: 1.4...1.5

Naxsi 1.5 RC1

What's Changed

• Rename FILENAME to NAXSI_FILENAME by @wargio in #73
• Update libinjection to latest version by @wargio in #77
• Fix CI build and added check for future changes. by @wargio in #78
• Dist create tarball by @wargio in #80
• Fix linguist-vendored as git attribs by @wargio in #81
• Fix language on gh by @wargio in #82
• [Rule] Path traversal in nuxt/framework when in dev mode by @wargio in #85
• Add alpine release by @wargio in #87
• Add back bookworm by @wargio in #88
• Fix whitelist inheritance by @lubomudr in #89
• Bump version and add wafefficacy in CI by @wargio in #90
• Use system libinjection when possible by @wargio in #92
• Fix IgnoreIP/IgnoreCIDR inheritance by @lubomudr in #93
• docs: move old naxsi wiki to docs directory and comb it up a little by @selivan in #94
• Fix reuse job by @wargio in #97
• IgnoreIP/IgnoreCIDR and internal rules by @lubomudr in #96
• Remove unnecessary logging of ignorable requests by @lubomudr in #99
• Fix arch build by @wargio in #102

New Contributors

• @lubomudr made their first contribution in #89
• @selivan made their first contribution in #94

Full Changelog: 1.4...1.5rc1

Naxsi 1.4

What's Changed

• Cleanup and added CI by @wargio in #3
• Fixes for nginx 1.20.2+ by @wargio in #4
• Moved all rules in the same repository by @wargio in #5
• Create codeql-analysis.yml by @wargio in #6
• libpcre compat by @vvvllll in #7
• Added arch linux PKGBUILD by @wargio in #8
• Build deb files by @wargio in #9
• Move nginx specific files by @wargio in #10
• Removed escaped values by @wargio in #11
• Moved rules depending if blocking or whitelist by @wargio in #12
• [Rule] Cleanup rules and added new rules + linter by @wargio in #13
• [Rule] More rules cleanup by @wargio in #15
• [Rule] Added generic.rules file by @wargio in #16
• [Rule] Add more rules by @wargio in #17
• Fix utf-8 check bug by @wargio in #20
• [Rule] Block any access to any dot file or dot folder. by @wargio in #21
• [Rule] SQL Injection additional rules by @wargio in #22
• [Rule] Extra rules by @wargio in #23
• Export variables by @wargio in #24
• [Rule] Additional SQL Admin Interface rules by @wargio in #25
• [Rule] Block additional scanners by @wargio in #26
• [Rule] Additional security rules by @wargio in #28
• [Rule] Add wpscan in scanner rules by @wargio in #29
• [Rule] Cleanup rules and added l9tcpid by @wargio in #31
• Windows support by @staticlibs in #33
• [Rule] Added WinHttpReq to scanner list by @wargio in #34
• Windows CI build support by @staticlibs in #35
• Windows CI enhancements by @staticlibs in #36
• Add libinjection modified sources to .gitignore by @staticlibs in #37
• [Rule] Block access to yaml & hcl & ctmpl files by @wargio in #38
• Generate python tests by @staticlibs in #41
• Windows warnings cleanup by @staticlibs in #42
• Fix response body read in test HTTP client by @staticlibs in #47
• Make sure IP address is null-terminated before passing it to inet_pton by @staticlibs in #48
• [Rule] Internal rule 21: illegal host header by @wargio in #52
• Added ANY matchzone by @wargio in #53
• Adds $naxsi_request_id and drops vers,total_processed and total_blocked by @wargio in #55
• Fix ANY when defining $URL/$URL_X by @wargio in #57
• Fixed json number validation loop to support properly exponentials by @wargio in #63
• Added some new sqli keywords with tests by @wargio in #64
• Support json extended logs on naxsi by @wargio in #65
• [Rule] Exposed AWS Elastic Beanstalk configuration by @wargio in #69
• [Rule] Malicious wp access to ALFA_DATA|alfacgiapi|cgialfa path by @wargio in #70
• [Rule] Block access to temporary backup files. by @wargio in #71
• Fix reserved identifier violation issue nbs-system/naxsi#626 by @wargio in #72

New Contributors

• @wargio made their first contribution in #3
• @vvvllll made their first contribution in #7
• @staticlibs made their first contribution in #33

Full Changelog: 1.3...1.4

Naxsi 1.4 RC1

What's Changed

• Cleanup + CI by @wargio in #3
• Fixes for nginx 1.20.2+ by @wargio in #4
• Moved all rules in the same repository by @wargio in #5
• Create codeql-analysis.yml by @wargio in #6
• libpcre compat by @vvvllll in #7
• Added arch linux PKGBUILD by @wargio in #8
• Build deb files by @wargio in #9
• Move nginx specific files by @wargio in #10
• Removed escaped values by @wargio in #11
• Moved rules depending if blocking or whitelist by @wargio in #12
• Cleanup rules and added new rules + linter by @wargio in #13
• More rules cleanup by @wargio in #15
• Added generic.rules file by @wargio in #16
• Add more rules by @wargio in #17
• Fix utf-8 check bug by @wargio in #20
• Block any access to any dot file or dot folder. by @wargio in #21
• SQL Injection additional rules by @wargio in #22
• Extra rules by @wargio in #23
• Export variables by @wargio in #24
• Additional SQL Admin Interface rules by @wargio in #25
• Block additional scanners by @wargio in #26
• Additional security rules by @wargio in #28
• Add wpscan in scanner rules by @wargio in #29
• Cleanup rules and added l9tcpid by @wargio in #31
• Windows support by @staticlibs in #33
• Added WinHttpReq to scanner list by @wargio in #34
• Windows CI build support by @staticlibs in #35
• Windows CI enhancements by @staticlibs in #36
• Add libinjection modified sources to .gitignore by @staticlibs in #37
• Block access to yaml & hcl & ctmpl files by @wargio in #38
• Generate python tests by @staticlibs in #41
• Windows warnings cleanup by @staticlibs in #42
• Fix response body read in test HTTP client by @staticlibs in #47
• Make sure IP address is null-terminated before passing it to inet_pton by @staticlibs in #48
• Internal rule 21: illegal host header by @wargio in #52
• Added ANY matchzone by @wargio in #53
• Adds $naxsi_request_id and drops vers,total_processed and total_blocked by @wargio in #55
• Fix ANY when defining $URL/$URL_X by @wargio in #57
• Fix ci build due changes in libinjection by @wargio in #60
• Fix CI build by using a specific libinjection commit by @wargio in #62
• Fixed json number validation loop to support properly exponentials by @wargio in #63
• Added some new sqli keywords with tests by @wargio in #64
• Support json extended logs on naxsi by @wargio in #65

New Contributors

• @wargio made their first contribution in #3
• @vvvllll made their first contribution in #7
• @staticlibs made their first contribution in #33

Full Changelog: https://github.com/wargio/naxsi/commits/1.4rc1