2015/12/28 14:09:06 [debug] 14757#0: *4924 is rule [1007] whitelisted in zone ARGS for item attack
2015/12/28 14:09:06 [debug] 14757#0: *4924 extra: exception happened in |NAME
2015/12/28 14:09:06 [debug] 14757#0: *4924 rule 1007 is disabled somewhere
2015/12/28 14:09:06 [debug] 14757#0: *4924 hashing varname [attack]
2015/12/28 14:09:06 [debug] 14757#0: *4924 hashing varname attack - 'wl:X_VAR:attack'
2015/12/28 14:09:06 [debug] 14757#0: *4924 hashing varname attack - 'wl:X_VAR:attack|NAME'
2015/12/28 14:09:06 [debug] 14757#0: *4924 hashing uri#1 / ($URL:X|URI)
2015/12/28 14:09:06 [debug] 14757#0: *4924 hashing uri#3 #/ ($URL:X|ZONE|NAME)
2015/12/28 14:09:06 [debug] 14757#0: *4924 hashing MIX #/#attack or ($URL:x|$X_VAR:y|NAME)
2015/12/28 14:09:06 [error] 14757#0: *4924 NAXSI_FMT: ip=1.1.1.1&server=www.x.com&uri=/&learning=0&vers=0.54&total_processed=726&total_blocked=10&block=1&cscore0=$SQL&score0=8&zone0=ARGS|NAME&id0=1007&var_name0=attack, client: 1.1.1.1, server: localhost, request: "HEAD /?attack=1 HTTP/1.0", host: "www. x.com"
MainRule "str:attack" "msg:ddos" "mz:ARGS|BODY" "s:$SQL:8" id:1007;
BasicRule wl:1007;
白名单无效, nginx 版本是 1.8.0
naxsi
https://github.com/nbs-system/naxsi