naxsi

BasicRule(s) are present at the location’s configuration level. It is (most of the time) used to create whitelists. BasicRule syntax is :

BasicRule wl:ID [mz:[$URL:target_url]|[match_zone]|[$ARGS_VAR:varname]|[$BODY_VAR:varname]|[$HEADERS_VAR:varname]|[NAME]]

Which rule ID(s) are whitelisted. Possible syntax are:

Specify the zones (see below) in which the exception is allowed. Existing Zones are the following :

Totally disable rule #1000 for this location, matchzone is empty, so the whitelist always matches.

BasicRule wl:1000;

Disable rule #1000 on all url in GET argument named foo:

BasicRule wl:1000 "mz:$ARGS_VAR:foo";

Disable rule #1000 in GET argument named foo for url /bar:

BasicRule wl:1000 "mz:$ARGS_VAR:foo|$URL:/bar";

Disable rule #1000 in all GET arguments for url /bar:

BasicRule wl:1000 "mz:$URL:/bar|ARGS";

Disable rule #1000 in all GET argument NAMES (only name, not content):

BasicRule wl:1000 "mz:ARGS|NAME";

A zone can be suffixed with |NAME, meaning the rule matched in the name of the variable, but not its content.
Both matchzone content and patterns (rx:/str:) must be in lower-case, as naxsi is case insensitive
RAW_BODY whitelists are written just as any BODY whitelist, see [[rulessyntax]]
A whitelist can’t mix _X elements with _VAR or $URL items. ie:

$URL_X:/foo|$ARGS_VAR:bar : WRONG
$URL_X:^/foo$|$ARGS_VAR_X:^bar$ : GOOD

Available only in naxsi 0.52 and later.

Disable rule #1000 in all GET arguments containing meh:

BasicRule wl:1000 "mz:$ARGS_VAR_X:meh";

Disable rule #1000 in GET argument named meh:

BasicRule wl:1000 "mz:$ARGS_VAR_X:^meh";

Disable rule #1000 in all GET arguments matching meh_<number>:

BasicRule wl:1000 "mz:$ARGS_VAR_X:^meh_[0-9]+$"

This site is open source. Improve this page.