ngx——naxsi——示例

1. 通用规则

查找 字符串 0x, 在 POST/PUT参数，URL任何部分，GET任何参数，或HTTP header 名称为 Cookie的header。如果匹配， $SQL 得分加2，规则可以 使用 id1002 设置白名单

MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;

2. 练习

组织自动化攻击

阻塞 w3af 代理

MainRule "str:w3af.sourceforge.net" "msg:DN SCAN w3af User Agent" "mz:$HEADERS_VAR:User-Agent" "s:$UWA:8" id:42000041 ;  

BasicRule "str:http://www.shadowysite.com/" "msg:Bad referer" "mz:$HEADERS_VAR:referer" "s:DROP" id:20001;

阻塞危险目录

MainRule "str:/magmi/" "msg:Access to magmi folder" "mz:URL" "s:$UWA:8" id:42000400;
MainRule "str:/magmi.php" "msg:Access to magmi.php" "mz:URL" "s:$UWA:8" id:42000401;

满足匹配域（GET有名为 foo的参数），则将请求交给 libjin_sql 处理，若发现sqli，执行drop

MainRule "id:4241" "s:DROP" "d:libinj_sql" "mz:$ARGS_VAR:foo";

不满足 ： url 以 /rest/开头的 请求 drop

MainRule "id:4241" negative "s:DROP" "rx:^/rest/" "mz:URL";