need help with TWAF for nginx (php-fpm)

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
imadsani
Forum Regular
Forum Regular
Posts: 112
Joined: Mon Sep 16, 2013 10:10 am
Location: Lahore

need help with TWAF for nginx (php-fpm)

Unread post by imadsani »

I can't get the TWAF entry for nginx to work on my latest install. I've added a proxy under WAF Configuration but the real time web scanner isn't detecting any attacks. I'm testing the system with a url like: test.com/index.php?foo=www.example.com. I've read that this should trip the system and cause a Forbidden page but nothing.

Help please.

BTW, PHP is being processed by PHP-FPM and not apache.


Edit: I just performed the following test

Code: Select all

wget http://localhost/foo.php?foo=http://www.example.com
--2015-02-20 01:28:36--  http://localhost/foo.php?foo=http://www.example.com
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2015-02-20 01:28:36 ERROR 403: Forbidden.
But when I substitute localhost with a domain hosted on the server it gives a 404 error instead of the 403 Forbidden.

Here is the result of nginx -V

Code: Select all

nginx -V
nginx version: nginx/1.6.0
TLS SNI support enabled
configure arguments: --prefix=/usr/share --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-ipv6 --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_gzip_static_module --with-http_stub_status_module
yum list nginx

Code: Select all

yum list nginx
Loaded plugins: priorities
211 packages excluded due to repository priority protections
Available Packages
nginx.x86_64                       1.6.2-23.el6.art                       atomic

scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: need help with TWAF for nginx (php-fpm)

Unread post by scott »

what happens when you use the IP of the system
imadsani
Forum Regular
Forum Regular
Posts: 112
Joined: Mon Sep 16, 2013 10:10 am
Location: Lahore

Re: need help with TWAF for nginx (php-fpm)

Unread post by imadsani »

Code: Select all

wget http://aaa.aaa.aaa.aaa/foo.php?foo=http://www.example.com
--2015-02-23 11:53:23--  http://aaa.aaa.aaa.aaa/foo.php?foo=http://www.example.com
Connecting to aaa.aaa.aaa.aaa:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2015-02-23 11:53:23 ERROR 403: Forbidden.
The following is when i use the domain hosted on the IP I tested above:

Code: Select all

 wget http://test.xyz.com/foo.php?foo=http://www.example.com
--2015-02-23 11:57:33--  http://test.xyz.com/foo.php?foo=http://www.example.com
Resolving test.xyz.com... 217.172.189.141
Connecting to test.xyz.com|217.172.189.141|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2015-02-23 11:57:33 ERROR 404: Not Found.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: need help with TWAF for nginx (php-fpm)

Unread post by scott »

Open a case about it, there is something missing in this I think
Post Reply