Exposing the usedRules Variable to Enable Support for Mimicking Naxsi's No-Rules Functionality
#1347
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Naxsi implements a safeguard to ensure that its security rules cannot be entirely disabled or overlooked, as detailed in the following link: https://github.com/nbs-system/naxsi/wiki/internal-rules#no_rules.
It may be beneficial to replicate this behavior using a SecRule to prevent scenarios where the commands ctl:removeRuleBy(Id|Tag|Msg) could potentially eliminate all rules related to threat detection. By utilizing the usedRules variable within a SecRule, we can mimic the behavior established by the Naxsi internal rule.
Please note that, at present, it appears that usedRules is not being utilized, as indicated in the following link:
coraza/internal/corazawaf/rulegroup.go
Line 127 in ad40dcb
Beta Was this translation helpful? Give feedback.
All reactions