What steps will reproduce the problem? 1.starting nx_intercept.py -c naxsi-ui-learning.conf 2.starting nx_extract.py naxsi-ui-learning.conf 3. checking web ui

What is the expected output? What do you see instead? I see no datas/hits in my web interface

What version of the product are you using? On what operating system? ubuntu 12.04- naxsi: 0.46-1

Please provide any additional informatin below. nx_intercept seems running, but when I add -a ip:myip its just runs for a second then stops.

Also, learnign daemon nx_intercept starts when not entering ip, but doesn't populate my /tmp/naxsi_rules.tmp

Thank you for helping!

Hi,

Could you provide your nginx configuration ? Especially your DeniedUrl location. It's normal behavior for nx_intercept to exit after using the -a switch (it just adds the signature to monitor to the database). For now, the signature is only stocked in the database and nothing is displayed on the web interface, I'll try to add that to the web interface soon. nx_intercept doesn't populate /tmp/naxsi_rules.tmp anymore (we should probably remove this part from the wiki). Now, it will store all the exceptions in a database (naxsi_sig if you use the default settings), and you will be able to view the whitelist using nx_extract.

Hello!

Thank you for your quick answer I have attached both the nginx config and the /sites-enabled/default file.

So nx_intercept should store the exceptions in my mysql database or somewhere else?

Thanks again!

Comment deleted

when I start nx_intercept -c naxsi-ui-learning.conf -a ip:I - it stops and i see that the error log contains something like this: " [error] 10481#0: *10 connect() failed (111: Connection refused) while connecting to upstream | upstream: "http://127.0.0.1:8080/RequestDenied "

However when I exclude the - a it produces log like this but still no data to the mysql db: NAXSI_FMT: ip=85.67.16.131&server=domain.com&uri=/bblabla/&total_processed=8&total_blocked=1&zone0=ARGS&id0=1000&var_name0=a&zone1=ARGS ....

Hope I could provide more info about my issue.

Thank you!

when using the 0.47 code base on Ubuntu 12.04 the db populates after the first hit

Can we consider the issue as closed, or do you still face the problem ?

I have had same problem. Import command "python nx_intercept.py -c naxsi-ui-learning.conf -l /var/log/nginx/error.log" I tried on Debian, versions of nginx-naxsi-ui 1.2.1-2~bpo60+1 and 1.2.3-1~dotdeb.0. Import finished successfully, but MySQL haven't any data. During import, db was filled, after done was empty. Autoincrement in collums matches number of NAXSI_FMT's entries in nginx error log. According MySQl query log, import runs ok. If I rerun query from log, insert was successful.

Any help will be appreciated.

Hello,

Can you please provide your logfile ? I don't see what can happen here. Please as well give a try for 0.49rc1 if you still face the problem.

Thanks

I guess python script is not opening auto commit connection to mysql, as a result you need to do commit yourself.

Attached diff that adds COMMIT command after inserting rows into mysql. This will work on other databases as well.

Hello,

As far as I know, MySQL has auto-commit enabled by default, and we didn't explicitly ask for non auto-commit connection, so we shouldn't have to use commit statement.

Plus, I just did some test and I cannot reproduce your issue.

Could you please provide some more details about your configuration (debug, python, mysql, nginx etc.) and/or a reproducible test set ?

Anyway, thanks for the patch, but I'm a bit reluctant to apply it, I'd like to evaluate the possible implications of this first.

Best regards,