nginx not starting when NAXSI=YES - may be NAXSI WAF ACCEPT error ?

[EdNett]

root@server1:# service nginx status
/etc/init.d/nginx: You don't have permissions to execute nginx.
root@server1:#

NginX won't start and it gives me this bizare error; Why? and What to do?

boa info more here: https://gist.github.com/EdNett/e862f0760cf3ec37bcae6a767051050f

Best,

Ed

[EdNett]

I'm just going to reinstall the entire server - this thing has never woked properly!

[EdNett]

This error arises when I set:

_NGINX_NAXSI=YES

in the barracuda.cnf file

I am checking if a full ngx reinstall with those set to NO will allow Nginx to be restarted. It does, so it must be NAXSI - Is libpcre installed? NAXSI depends on it. Here is libpcre:

root@server1:# whereis libpcre
libpcre: /usr/lib/x86_64-linux-gnu/libpcre32.a /usr/lib/x86_64-linux-gnu/libpcre.so /usr/lib/x86_64-linux-gnu/libpcre16.so /usr/lib/x86_64-linux-gnu/libpcre32.so /usr/lib/x86_64-linux-gnu/libpcre16.a /usr/lib/x86_64-linux-gnu/libpcre.a
root@server1:#

[EdNett]

By the way, NAXSI is a very nice feature - rather than experimental - I think we should be using it by default - unless it slows down the web server or uses resources too much - but I don't think that it does. This feature has always worked until now.

[omega8cc]

_NGINX_NAXSI was not tested for years, please avoid in production any feature not enabled by default.

[omega8cc]

By the way, perhaps /etc/init.d/nginx is not executable so you can't use it.

Please check ll /etc/init.d/nginx

[EdNett]

Hello, No there is nothing wrong with the permissions of that file. I checked that first thing of course.

Naxsi behaves like a DROP-by-default firewall, the only task is to add required ACCEPT rules for the target website to work properly. Are the ACCEPT rules being added?

[omega8cc]

This experimental feature is not supported currently. We may review it at some point in the future, though.

_{Sent with GitHawk}