Pages

Bài đăng phổ biến

Sunday, October 2, 2022

Solved : nginx: [emerg] Naxsi-Config : Incorrect line MainRule rx:select in /etc/nginx/waf/naxsi_core.rules:23

If you see this error on Redhat( or Centos) when you are testing config with nginx ( nginx -t or reload config) : 

nginx: [emerg] Naxsi-Config : Incorrect line MainRule rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile (./naxsi/naxsi_src/naxsi_skeleton.c/973)... in /etc/nginx/waf/naxsi_core.rules:23

This is solution to solved it : 

1. Get naxsi from this url: https://github.com/wargio/naxsi by cmd: 
git clone --recurse-submodules https://github.com/wargio/naxsi.git

2. Then re-compile modules follow the steps below: 

- first cd into nginx directory then : 

./configure  --with-compat --add-dynamic-module=./naxsi/naxsi_src 

 - and run : 

make modules      

 - After that copy module file into nginx modules directory: cp objs/ngx_http_naxsi_module.so /usr/lib64/nginx/modules/

Thanks Wargio ! 

Done ! 

Posted by at 3 comments:
Labels:

Saturday, October 1, 2022

Create nginx systemd file

create file : /lib/systemd/system/nginx.service with below content: 

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

then run :

systemctl daemon-reload && systemctl enable nginx && systemctl start nginx 

Done ! 

Posted by at No comments:
Labels:

Resolved: ./naxsi/naxsi_src/naxsi_runtime.c:188:8: error: unknown type name ‘pcre2_match_data’

When you use naxsi from : https://github.com/nbs-system/naxsi and compile it on ubuntu you would see this error: 

./naxsi/naxsi_src/naxsi_runtime.c:188:8: error: unknown type name ‘pcre2_match_data

  188 | static pcre2_match_data       *ngx_pcre2_match_data;

      |        ^~~~~~~~~~~~~~~~

./naxsi/naxsi_src/naxsi_runtime.c: In function ‘ngx_pcre2_exec’:

./naxsi/naxsi_src/naxsi_runtime.c:216:13: error: implicit declaration of function ‘pcre2_match_data_free’ [-Werror=implicit-function-declaration]

  216 |             pcre2_match_data_free(ngx_pcre2_match_data);

      |             ^~~~~~~~~~~~~~~~~~~~~

./naxsi/naxsi_src/naxsi_runtime.c:220:32: error: implicit declaration of function ‘pcre2_match_data_create’ [-Werror=implicit-function-declaration]

  220 |         ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);

      |                                ^~~~~~~~~~~~~~~~~~~~~~~

./naxsi/naxsi_src/naxsi_runtime.c:220:30: error: assignment to ‘int *’ from ‘int’ makes pointer from integer without a cast [-Werror=int-conversion]

  220 |         ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);

      |                              ^

./naxsi/naxsi_src/naxsi_runtime.c:223:18: error: PCRE2_ERROR_NOMEMORY’ undeclared (first use in this function); did you mean ‘PCRE_ERROR_NOMEMORY’?

  223 |             rc = PCRE2_ERROR_NOMEMORY;

      |                  ^~~~~~~~~~~~~~~~~~~~

      |                  PCRE_ERROR_NOMEMORY

./naxsi/naxsi_src/naxsi_runtime.c:223:18: note: each undeclared identifier is reported only once for each function it appears in

./naxsi/naxsi_src/naxsi_runtime.c:228:10: error: implicit declaration of function ‘pcre2_match’ [-Werror=implicit-function-declaration]

  228 |     rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);

      |          ^~~~~~~~~~~

./naxsi/naxsi_src/naxsi_runtime.c:234:9: error: implicit declaration of function ‘pcre2_get_ovector_count’ [-Werror=implicit-function-declaration]

  234 |     n = pcre2_get_ovector_count(ngx_pcre2_match_data);

      |         ^~~~~~~~~~~~~~~~~~~~~~~

./naxsi/naxsi_src/naxsi_runtime.c:235:10: error: implicit declaration of function ‘pcre2_get_ovector_pointer’ [-Werror=implicit-function-declaration]

  235 |     ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);

      |          ^~~~~~~~~~~~~~~~~~~~~~~~~

./naxsi/naxsi_src/naxsi_runtime.c:235:8: error: assignment to ‘size_t *’ {aka ‘long unsigned int *’} from ‘int’ makes pointer from integer without a cast [-Werror=int-conversion]

  235 |     ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);

      |        ^



To resolved this error , you should use naxsi from : https://github.com/wargio/naxsi  by this cmd below : 

git clone --recurse-submodules https://github.com/wargio/naxsi.git

Then compile it again , It should be ok ! Thanks wargio ! 
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)