Internal rules are rules that can be fired by naxsi, when request is incorrect or extremely unusual - or naxsi is not able to parse the request (ie. unknown content-type).
Please note that those rules do not set an internal score, but usually just set the block flag of the request to 1.
You can whitelist those, but you should never have to do so. When whitelisting an internal rule, you might be disabling naxsi at least partially, so think twice about it.
A request that cannot be understood by naxsi. When whitelisting this one, you are telling naxsi to blindly accept the request and not to parse it.
A request that is buffered on file system because it’s too big. Naxsi doesn’t parse buffered requests. You can always increase client_body_buffer_size in nginx’s config.
Hex encoding that is not valid, and that naxsi cannot “url decode”.
A content-type unknown to naxsi. Meaning naxsi cannot parse the body. However, if id:11 is whitelisted and >= 0.55rc2, RAW_BODY rules can be used.
An URL that is not standard (ie. ?x=foo&z=bar). Can lead to uncorrectly parsed arguments when whitelisted.
POST body is malformed, ie.
POST body is malformed, ie.
JSON is malformed (ie. missing } ]).
Raised when body is empty and/or content-length is zero.
See libinjection.
See libinjection.
Raised when naxsi isn’t configured with any MainRules.
Raised when surrogate utf8 is detected.