Releases · ADD-SP/ngx_waf · GitHub

25 Jan 03:10

ADD-SP

v6.1.10 LTS Latest

Latest

[6.1.10] - 2025-01-25 UTC+0800

Fixed

Fix compile error caused by changed build process of libinjection (#119).

[6.1.10] - 2025-01-25 UTC+0800

修复

修复因 libinjection 引起的编译错误，此依赖曾经改变了构建流程，导致了编译错误 (#119)。

Assets 2

09 Jul 02:58

ADD-SP

v10.1.2 Current

[10.1.2] - 2022-07-09 UTC+0800

Fixed

compatible with nginx-1.23.0

[10.1.2] - 2022-07-09 UTC+0800

修复

兼容 nginx-1.23.0。

Assets 2

09 Jul 02:57

ADD-SP

v6.1.9 LTS

[6.1.9] - 2022-07-09 UTC+0800

Fixed

compatible with nginx-1.23.0

[6.1.9] - 2022-07-09 UTC+0800

修复

兼容 nginx-1.23.0。

Assets 2

07 Jan 04:13

ADD-SP

v10.1.1 Current | Nice to meet you

[10.1.1] - 2022-01-07 UTC+0800

Nice to meet you :).

Added

PCRE2 library support.

Fixed

Memory leak.
CAPTCHA and Under-Attack-Mode sometimes cause infinite page refreshes.

[10.1.1] - 2022-01-07 UTC+0800

奈斯兔米兔！

新增

支持 PCRE2。

修复

内存泄漏。
验证码和 Under Attack Mode（五秒盾）有时会无限刷新。

Assets 2

07 Jan 04:03

ADD-SP

v6.1.8 LTS

[6.1.8] - 2022-01-07 UTC+0800

Fixed

Memory leak.

[6.1.8] - 2022-01-07 UTC+0800

修复

内存泄漏。

Assets 2

14 Dec 12:36

ADD-SP

v10.1.0 Current

[10.1.0] - 2021-12-14 UTC+0800

Added

You can set the directive waf to bypass, in which case no requests will be intercepted, but ngx_waf will still do the detection and logging.
The directive waf_verify_bot has a new parameter SogouSpider, which is used to verify if it is a Sogou crawler.

Fixed

Garbage collection is not running, which does not lead to memory leaks, but does lead to performance problems.
Sometimes the [FAKE-BOT] log is printed incorrectly.

[10.1.0] - 2021-12-14 UTC+0800

新增

指令 waf 可以设置为 bypass 模式，即仅检测并记录日志，但不会拦截任何请求。
指令 waf_verify_bot 新增了参数 SogouSpider，用于验证是否为搜狗爬虫。

修复

内存回收机制并未正常运行，这虽然不会造成内存泄漏，但会导致内存占用居高不下，并引发性能问题。
友好爬虫验证功能会错误地打印拦截日志。

Assets 2

05 Dec 13:00

ADD-SP

v10.0.1 Current

[10.0.1] - 2021-12-05 UTC+0800

Added

Added two Easter eggs, which you can find clues in the documentation. These two eggs are not triggered automatically and need to be enabled manually.

Fixed

All parameters of the directive waf_mode corresponding to the request method are not working.

[10.0.1] - 2021-12-05 UTC+0800

新增

添加了两个彩蛋，你可以在文档中找到相关的线索。这两个彩蛋不会自动触发，所以不会影响正常使用。

修复

指令 waf_mode 中所有与请求方法对应的参数均失效。

Assets 2

05 Dec 13:00

ADD-SP

v6.1.7 LTS

[6.1.7] - 2021-12-05 UTC+0800

Fixed

All parameters of the directive waf_mode corresponding to the request method are not working.

[6.1.7] - 2021-12-05 UTC+0800

修复

指令 waf_mode 中所有与请求方法对应的参数均失效。

Assets 2

30 Nov 13:07

ADD-SP

v10.0.0 Current

[10.0.0] - 2021-11-30 UTC+0800

Added

New directive waf_zone, used to declare a piece of shared memory that will be used for other directives, such as waf_cc_deny.
New directive waf_action, used to set actions after intercepting a request, such as returning a specific status code or challenging the client with a captcha.
New directive waf_block_page, used to set the blocking page to return the specified HTML file when the request is blocked.
A new embedded variable, $waf_rate, is used to indicate the number of accesses to the current IP in a period. The period is determined by the parameter rate of the directive waf_cc_deny, or by the parameter duration if the IP has been blacked out.
The directive waf_captcha has a new parameter max_fails, which sets the maximum number of attempts for the captcha and the blocking time after it is exceeded.
The directive waf_captcha has a new parameter zone that specifies a piece of shared memory, which needs to be set if and only if the parameter max_fails is set.
The directive waf_captcha has a new parameter sitekey, which needs to be set if and only if the parameter file is omitted.
When you reload nginx, the module keeps as much information in shared memory as possible so that it is not emptied, such as statistics used by CC protection.

Removed

The directive waf_http_status has been removed and the related features have been merged into the directive waf_action.
The parameter size of the directive waf_cc_deny has been removed and zone is now used instead.

Changed

You can omit the parameter file of the directive waf_under_attack; omitting this parameter will use a built-in file from assets/under_attack.html.
You can omit the argument file to the directive waf_captcha, which when omitted will use a built-in file based on the value of the argument prov, which comes from the directory assets/.

[10.0.0] - 2021-11-30 UTC+0800

新增

新指令 waf_zone，用来声明一块共享内存，这块内存将被用于其他的指令，比如 waf_cc_deny。
新指令 waf_action，用于设置拦截请求后的动作，比如返回特定的状态码或者使用验证码对客户端做人机认证。
新指令 waf_block_page，用于设置拦截页面，当请求被拦截后将指定的 HTML 文件返回。
新内置变量 $waf_rate，用来表示一个统计周期内当前 IP 的访问次数。统计周期由指令 waf_cc_deny 的参数 rate 决定，如果 IP 已经被拉黑，则由参数 duration 决定。
指令 waf_captcha 增加了一个参数 max_fails，用来设置验证码最大试错次数和超出后的拉黑时间。
指令 waf_captcha 增加了一个参数 zone，用来指定一块共享内存，当且仅当设置了参数 max_fails 时才需要设置。
指令 waf_captcha 增加了一个参数 sitekey，当且仅当省略了参数 file 时才需要设置。
当你重载 nginx 时，模块会尽可能地保留共享内存中的信息，使其不被清空，比如 CC 防护的拉黑列表。

移除

移除了指令 waf_http_status，相关的功能合并到指令 waf_action。
移除了指令 waf_cc_deny 的参数 size，现在使用 zone 代替。

变动

允许省略指令 waf_under_attack 的参数 file，省略此参数时将使用一个内置的文件，它来自 assets/under_attack.html。
允许省略指令 waf_captcha 的参数 file，省略此参数时将根据参数 prov 的值使用一个内置的文件，这些文件来自目录 assets/。
更多的调试日志。

Assets 2

11 Oct 02:51

ADD-SP

v9.0.6 Current

[9.0.6] - 2021-10-10 UTC+0800

Fixed

If the directive try_files is executed, CAPTCHA may fail.

[9.0.6] - 2021-10-10 UTC+0800

修复

当指令 try_files 生效时无法完成 CAPTCHA 的验证。

Assets 2