Naxsi IgnoreIP and IgnoreCIDR

[rickygm]

Hi, sorry for putting as an issue, but here I have a question, I am using a whitelist with naxsi, using the geo variable, something like that:

nginx.conf 
# geo must be in http { ... }
# whitelist 127.0.0.1
geo $naxsi_wl {
    #ranges;
    default 0;

    127.0.0.1 1;

this works fine, the problem is when I add an entire network like: 192.168.20.0/24, looking at the documentation, I see that they added IgnoreCIDR "192.168.0.0/24"; (https://github.com/nbs-system/naxsi/wiki/IgnoreIP-and-IgnoreCIDR) , but it is not clear to me where I should go? , nginx.conf or in each site.conf.

I always miss being able to add or whitelist, both ip and patterns within a db, like mysql, postgresql or another and that naxsi can be integrated.

I think the json part of naxsi doesn't help much, if I'm wrong correct me.

[wargio]

this is a good issue. this goes into the location scope.
like here: https://github.com/nbs-system/naxsi/blob/master/t/34ignorecidr.t#L23

i'll update the wiki. thanks again.

[wargio]

wiki updated.

[rickygm]

wiki updated.

thank , was this added in version 1.0? , any plan / roadmap to make the whitelist work with any db?

[wargio]

wiki updated.

thank , was this added in version 1.0? , any plan / roadmap to make the whitelist work with any db?

No, in 1.1. i do not see any need to have a db. you can use the nginx include keyword with a list of ips/cidrs.

[rickygm]

sorry if I insist on this again, but it is not working, according to my tests:

first tests:
I made an include / etc / nginx / ip_libre

ip_libre contains
1.1.1.1

it does not work

second test:

ip_libre contains
IgnoreIP "1.1.1.1";

it doesn't work either

third test:

in each site defined in my vhost add inside location:
IgnoreIP "1.1.1.1";

it doesn't work either

location / {

include / etc / nginx / ip_libre;
include /etc/nginx/naxsi.rules;
include /etc/nginx/wordpress.rules;
include /etc/nginx/naxsi_whitelist.rules;

let me know if i'm doing something wrong, or if you need any log