Hello.

With enabled naxsi I recieve http 405 in empty (no POST params) POST request. GET request and non-empty POST request gives correct expected output.

What steps will reproduce the problem?

root@development:/etc/nginx/sites-enabled# curl --data "" -v http://gate2.development * About to connect() to gate2.development port 80 (#0) * Trying 192.168.100.4... connected > POST / HTTP/1.1 > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 > Host: gate2.development > Accept: / > Content-Length: 0 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 405 Not Allowed < Server: nginx/1.2.7 < Date: Thu, 04 Apr 2013 11:42:54 GMT < Content-Type: text/html < Content-Length: 172 < Connection: keep-alive * HTTP error before end of send, stop sending < <html> <head><title>405 Not Allowed</title></head> <body bgcolor="white"> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx/1.2.7</center> </body> </html> * Closing connection #0

What is the expected output? What do you see instead?

expected: http 403 forbidden (disabling naxsi in vhost gives expected output) actual: http 405

What version of the product are you using? On what operating system?

1) Ubuntu 12.04 LTS 2) Nginx 1.2.7 with naxsi (http://ppa.launchpad.net/nginx/stable/ubuntu precise main)

Please provide your nginx configuration any additional information below.

nginx.conf:

user www-data; worker_processes 4; pid /run/nginx.pid;

events { worker_connections 768; }

http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "msie6";

    include /etc/nginx/naxsi_core.rules;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}

vhost:

server { listen 80; server_name gate2.development; root /var/www/projects/gate/www;

    access_log  /var/log/nginx/gate.development.access.log;
    error_log  /var/log/nginx/gate.development.error.log;

    location / {
           include    /etc/nginx/naxsi.rules;
    }

}

With best regards, Sergey Galkin

Nginx error log entry is following:

2013/04/04 15:36:11 [error] 29763#0: *32 NAXSI_FMT: ip=192.168.100.23&server=gate2.development&uri=/&total_processed=17&total_blocked=4&zone0=BODY&id0=11&var_name0=, client: 192.168.100.23, server: gate2.development, request: "POST /?object=Session&action=getSalt HTTP/1.1", host: "gate2.development"

I haven't found what id0=11 mean.

Hello,

Rules with IDs lower than 1000 are naxsi internal rules. You can find them in your naxsi_core.rules :

@MainRule "msg:weird/incorrect request" id:1;

@MainRule "msg:big request, unparsed" id:2;

@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10;

@MainRule "msg:uncommon/empty content-type in POST" id:11;

@MainRule "msg:uncommon/malformed URL" id:12;

Here, it it because your POST has apparently no content, which sounds weird to naxsi, triggering an internal rule. You can whitelist it as any other rule.