Links

Agent Fails to Recognize HTTP Transactions with NGINX

If you're experiencing issues with your WAF agent not recognizing traffic, follow these steps to troubleshoot and resolve the problem
1. Check Your NGINX Proxy Configuration
Ensure that you have correctly configured an NGINX proxy in front of your web application. The NGINX proxy serves as a reverse proxy and plays a crucial role in routing traffic through the open-appsec agent. Here's how to check your NGINX proxy configuration:
a. Open your NGINX configuration file, typically located in /etc/nginx/nginx.conf or /etc/nginx/sites-available/
b. Confirm that you have defined a location block that proxies traffic to your web application. It should look something like this:
location / {
proxy_pass http://your-web-application;
# Additional proxy settings if needed
}
If NGINX also hosts the protected website on the same Linux host or container, the port of the existing web server should change, e.g. from 80 to 81 and/or 443 to 444, and the reverse proxy should be configured to listening on 80/443 pointing to 81/444
Replace http://your-web-application with the actual address of your web application.
c. Save the configuration file and exit.
2. Restart NGINX
After making changes to the NGINX configuration, you'll need to restart NGINX to apply the changes. Use the following command to restart NGINX:
sudo service nginx restart
3. Test Traffic Flow
To confirm that traffic is correctly passing through the open-appsec agent, perform the following tests:
a. mimic an attack on your web application and observe whether the open-appsec agent logs any activity, you can use the following attack to test.
http://<IP>:<PORT>/?shell_cmd=cat/etc/passwd