[GH-ISSUE #94] waf_rule_path in http context works improperly #207

New issue

Closed

opened 2026-03-13 17:02:46 +03:00 by kerem · 6 comments

kerem commented 2026-03-13 17:02:46 +03:00

Owner

Copy link

Originally created by @ononoki1 on GitHub (May 9, 2022).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/94

Problem

The following config will not work:

http {
  waf_rule_path /path/to/rule/;
  server {
    waf on;
  }
}

While the following one works:

http {
  server {
    waf on;
    waf_rule_path /path/to/rule/;
  }
}

And this one also works:

http {
  waf on;
  waf_rule_path /path/to/rule/;
  server {
  }
}

Technically, NGINX's current context's config should inherit its parent's one, which is not the case in this particular circumstance. I think this should be a bug instead of a feature.

Originally created by @ononoki1 on GitHub (May 9, 2022). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/94 ## Problem The following config will not work: ```txt http { waf_rule_path /path/to/rule/; server { waf on; } } ``` While the following one works: ```txt http { server { waf on; waf_rule_path /path/to/rule/; } } ``` And this one also works: ```txt http { waf on; waf_rule_path /path/to/rule/; server { } } ``` Technically, NGINX's current context's config should inherit its parent's one, which is not the case in this particular circumstance. I think this should be a bug instead of a feature.

kerem 2026-03-13 17:02:46 +03:00

• closed this issue
• added the
  needs-investigation
  label

kerem commented 2026-03-13 17:03:02 +03:00

Author

Owner

Copy link

@ononoki1 commented on GitHub (May 9, 2022):

The ngx_waf version is latest current branch.

<!-- gh-comment-id:1121341351 --> @ononoki1 commented on GitHub (May 9, 2022): The ngx_waf version is latest current branch.

kerem commented 2026-03-13 17:03:07 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (May 18, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

<!-- gh-comment-id:1129485090 --> @stale[bot] commented on GitHub (May 18, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

kerem commented 2026-03-13 17:03:12 +03:00

Author

Owner

Copy link

@ononoki1 commented on GitHub (May 18, 2022):

What can I do to help investigate this issue?

<!-- gh-comment-id:1129535743 --> @ononoki1 commented on GitHub (May 18, 2022): What can I do to help investigate this issue?

kerem commented 2026-03-13 17:03:17 +03:00

Author

Owner

Copy link

@ADD-SP commented on GitHub (May 22, 2022):

There may be some bugs here, I'm not sure.

github.com/ADD-SP/ngx_waf@107cca9dec/src/ngx_http_waf_module_config.c (L1761-L1774)

github.com/ADD-SP/ngx_waf@107cca9dec/src/ngx_http_waf_module_config.c (L187-L203)

<!-- gh-comment-id:1133880645 --> @ADD-SP commented on GitHub (May 22, 2022): There may be some bugs here, I'm not sure. https://github.com/ADD-SP/ngx_waf/blob/107cca9dec00edf97a9cd9f18cca465284e044bc/src/ngx_http_waf_module_config.c#L1761-L1774 https://github.com/ADD-SP/ngx_waf/blob/107cca9dec00edf97a9cd9f18cca465284e044bc/src/ngx_http_waf_module_config.c#L187-L203

kerem commented 2026-03-13 17:03:22 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (May 29, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

<!-- gh-comment-id:1140442058 --> @stale[bot] commented on GitHub (May 29, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

kerem commented 2026-03-13 17:03:27 +03:00

Author

Owner

Copy link

@ononoki1 commented on GitHub (May 29, 2022):

Since it's not a security bug and has a workaround, I just close it. You can reopen it when having time to solve.

<!-- gh-comment-id:1140445355 --> @ononoki1 commented on GitHub (May 29, 2022): Since it's not a security bug and has a workaround, I just close it. You can reopen it when having time to solve.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

lts

lts-dev

add_sp/refactor-replace-libcurl-with-subreq

current-dev

current

current-dev-backup

v6.1.10

v10.1.2

v6.1.9

v6.1.8

v10.1.1

v10.1.0

v6.1.7

v10.0.1

v10.0.0

v9.0.6

v9.0.5

v6.1.6

v6.1.5

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.0.3

v6.1.4

v8.0.2

v8.0.1

v6.1.3

v8.0.0

v7.1.0

v6.1.2

v7.0.1

v7.0.0

v6.1.1

v6.1.0

v6.0.3

v6.0.2

v6.0.2-beta.1

v6.0.1

v6.0.1-beta.2

v6.0.1-beta.1

v6.0.0

v6.0.0-beta.4

v5.5.1

v6.0.0-beta.2

v6.0.0.beta.3

v6.0.0-beta.1

v5.5.0

v5.4.2

v5.4.2-beta.2

v5.4.2-beta.1

v5.4.1

v5.4.1-beta.1

v5.4.0

v5.4.0-beta.1

v5.3.2

v5.3.1

v5.3.0

v5.3.0-beta.4

v5.3.0-beta.3

v5.3.0-beta.2

v5.3.0-beta.1

v5.2.0

v5.2.0-beta.2

v5.2.0-beta.1

v5.1.1

v5.1.1-beta.1

v5.1.0

v5.0.0

v5.0.0-beta.5

v5.0.0-beta.4

v5.0.0-beta.3

v5.0.0-beta.2

v5.0.0-beta.1

v4.1.0-beta.4

v4.1.0-beta.3

v4.1.0-beta.2

v4.1.0-beta.1

v4.0.0

v4.0.0-beta.2

v3.1.6

v3.2.0-beta.1

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.1.0-beta-1

v3.0.3-beta-3

v3.0.2

v3.0.3-beta-2

v3.0.3-beta-1

v3.0.2-beta-2

v3.0.2-beta-1

v3.0.1

v3.0.0

v3.0.0-beta-2

v3.0.0-beta-1

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.1-beta-1

v2.0.0

v2.0.0-beta.1

v1.0.1

v1.0.0

v1.0.0-RC2

v1.0.0-RC1

Labels

Clear labels   

MacOS

  

Nginx

  

OpenResty

  

Tengine

  

bug

  

documentation

  

enhancement

  

needs-investigation

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

stale

  

stale

  

timeout

  

wontfix

No labels

MacOS

Nginx

OpenResty

Tengine

bug

documentation

enhancement

needs-investigation

pull-request

question

stale

stale

stale

timeout

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ngx_waf#207

No description provided.