Agent Fails to Recognize HTTP Transactions with NGINX

If you're experiencing issues with your WAF agent not recognizing traffic, follow these steps to troubleshoot and resolve the problem

1. Check Your NGINX Proxy Configuration

Ensure that you have correctly configured an NGINX proxy in front of your web application. The NGINX proxy serves as a reverse proxy and plays a crucial role in routing traffic through the open-appsec agent. Here's how to check your NGINX proxy configuration:

a. Open your NGINX configuration file, typically located in /etc/nginx/nginx.conf or /etc/nginx/sites-available/

b. Confirm that you have defined a location block that proxies traffic to your web application. It should look something like this:

location / {
    proxy_pass http://your-web-application;
    # Additional proxy settings if needed
}

Replace http://your-web-application with the actual address of your web application.

c. Save the configuration file and exit.

If NGINX also hosts the protected website on the same Linux host or container, follow the instructions below:

Deploy open-appsec directly on the web server hosting the application to protect

2. Restart NGINX

After making changes to the NGINX configuration, you'll need to restart NGINX to apply the changes. Use the following command to restart NGINX:

sudo service nginx restart

3. Test Traffic Flow

To confirm that traffic is correctly passing through the open-appsec agent, perform the following tests:

a. mimic an attack on your web application and observe whether the open-appsec agent logs any activity, you can use the following attack to test.

http://<IP>:<PORT>/?shell_cmd=cat/etc/passwd 

Last updated