nginx: [emerg] "BasicRule" directive is not allowed here in whitelist rules

[vncloudsco]

i am trying to configure the following but am getting an error how can i fix it

Vhost myconfig:

    location / {
         include /etc/nginx/naxsi-rules/rules/block.rules;
........

block.rules file:

#Enable naxsi
   SecRulesEnabled;
   #Enable learning mode
   # LearningMode;
   #Define where blocked requests go
   DeniedUrl "/50x.html"; 
   #CheckRules, determining when naxsi needs to take action
   CheckRule "$SQL >= 8" BLOCK;
   CheckRule "$RFI >= 8" BLOCK;
   CheckRule "$TRAVERSAL >= 4" BLOCK;
   CheckRule "$EVADE >= 4" BLOCK;
   CheckRule "$XSS >= 8" BLOCK;
   LibInjectionXss;
   CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
   LibInjectionSql;
   CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
   CheckRule "$EVADE >= 4" BLOCK;
   CheckRule "$ATTACK >= 8" BLOCK;
   CheckRule "$UWA >= 8" BLOCK;
   #naxsi logs goes there
# include /etc/nginx/naxsi-rules/rules/whitelist.rules;

 if ($host = yyyyyy.com ) {
        include /etc/nginx/naxsi-rules/rules/yyyyyy.com.rules;
 }
 if ($host = xxxxxx.com ) {
        include /etc/nginx/naxsi-rules/rules/xxxxxx.com.rules;;
}

nginx check:

nginx: [emerg] "BasicRule" directive is not allowed here in /etc/nginx/naxsi-rules/rules/yyyyyy.com.rules:1
nginx: configuration file /etc/nginx/nginx.conf test failed

if I configure the block file like this, it works again

block.rules file:

#Enable naxsi
   SecRulesEnabled;
   #Enable learning mode
   # LearningMode;
   #Define where blocked requests go
   DeniedUrl "/50x.html"; 
   #CheckRules, determining when naxsi needs to take action
   CheckRule "$SQL >= 8" BLOCK;
   CheckRule "$RFI >= 8" BLOCK;
   CheckRule "$TRAVERSAL >= 4" BLOCK;
   CheckRule "$EVADE >= 4" BLOCK;
   CheckRule "$XSS >= 8" BLOCK;
   LibInjectionXss;
   CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
   LibInjectionSql;
   CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
   CheckRule "$EVADE >= 4" BLOCK;
   CheckRule "$ATTACK >= 8" BLOCK;
   CheckRule "$UWA >= 8" BLOCK;
   #naxsi logs goes there
include /etc/nginx/naxsi-rules/rules/yyyyyy.com.rules;

nginx check:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

how can i use if check host with nginx here?

[vncloudsco]

I changed the configuration to the following:

location / {
     if ($host = xxxxxxxxxxxxxx ) {
         include /etc/nginx/naxis-rules/rules/block.rules;
    }

but i still get the error

nginx: [emerg] "BasicRule" directive is not allowed here in /etc/nginx/naxis-rules/rules/block.rules:1
nginx: configuration file /etc/nginx/nginx.conf test failed

We see this as a bug @wargio you can check. problem software did not read nginx configuration

[wargio]

Rules are not supported within an if block. if you have multiple hosts, etc.. i suggest to have a different http configuration

[vncloudsco]

@wargio How do configure it? I have to include files one by one in each vhost? this is a really bad idea.

[wargio]

there is a PR for that actually.

[wargio]

nbs-system/naxsi#562

[vncloudsco]

@wargio i have some questions.

• why is the if block not supported and will it be supported in the future?
• I have read the PR you sent but I still don't understand how to configure it?

[wargio]

that PR actually allows to setup naxsi at config and server level, this means that you need to include the naxsi configuration only once. i can't answer to the when and why because i do not know the reasons.

[vncloudsco]

that PR actually allows to setup naxsi at config and server level

what does this mean? actually I don't understand how configuring it will be, because there is not description there is no documentation about the configuration?

this means that you need to include the naxsi configuration only once

means now we just need to include the file in nginx.conf? but i want to manage vhost in a simpler way through if block or $host in nginx,