Directive Reference

basic_rule

The `basic_rule` directive from the NGINX Anti XSS & SQL Injection module defines security rules to filter requests based on predefined patterns.

NGINX Anti XSS & SQL Injection module · httpserverlocationlimit_except
Syntaxbasic_rule pattern1 [pattern2 ...];
Defaultnone
Contexthttp, server, location, limit_except
Arguments1+

Description

The basic_rule directive is a core component of the NGINX Anti XSS & SQL Injection module (NAXSI) designed to enhance security by allowing administrators to define rules that filter potentially malicious requests. Each rule specifies a pattern that matches a known injection attack vector, such as SQL injection or XSS payloads. When a request comes through the NGINX server, the basic_rule will evaluate the content of the request against the defined patterns and take action based on the match. If a request violates a rule, it can be dropped or reported based on the server’s configuration and the context within which the rule is applied.

This directive can accept one or more arguments, which represent the patterns to be matched. The flexible syntax allows for adding multiple rules across different contexts, such as http, server, or location, enabling fine-grained control over how requests are handled at various levels of the application architecture. Administrators can refine and expand their ruleset based on their application's specific needs, particularly during an initial learning phase where the rules can be adjusted based on legitimate traffic patterns observed in the logs.

Config Example

http {
    ...
    basic_rule "<";
    basic_rule "|";
}
server {
    ...
    location / {
        basic_rule "drop";
    }
}

Overly broad patterns can lead to false positives and block legitimate traffic.

When using multiple rules, ensure that they do not conflict with each other.

Be cautious with regex patterns as they may introduce performance overhead if not optimized.

Related Directives

whitelist_ruleblacklist_rulenaxsi_rules
← Back to all directives