Skip to content

v10.0.0 Current
Compare
Choose a tag to compare
@ADD-SP ADD-SP released this 30 Nov 13:07
· 27 commits to current since this release
v10.0.0
7e58776
This commit was signed with the committer’s verified signature. The key has expired.
ADD-SP Qi
GPG key ID: 2F785760F02D757C
Expired
Learn about vigilant mode.

[10.0.0] - 2021-11-30 UTC+0800

Added

  • New directive waf_zone, used to declare a piece of shared memory that will be used for other directives, such as waf_cc_deny.

  • New directive waf_action, used to set actions after intercepting a request, such as returning a specific status code or challenging the client with a captcha.

  • New directive waf_block_page, used to set the blocking page to return the specified HTML file when the request is blocked.

  • A new embedded variable, $waf_rate, is used to indicate the number of accesses to the current IP in a period. The period is determined by the parameter rate of the directive waf_cc_deny, or by the parameter duration if the IP has been blacked out.

  • The directive waf_captcha has a new parameter max_fails, which sets the maximum number of attempts for the captcha and the blocking time after it is exceeded.

  • The directive waf_captcha has a new parameter zone that specifies a piece of shared memory, which needs to be set if and only if the parameter max_fails is set.

  • The directive waf_captcha has a new parameter sitekey, which needs to be set if and only if the parameter file is omitted.

  • When you reload nginx, the module keeps as much information in shared memory as possible so that it is not emptied, such as statistics used by CC protection.

Removed

  • The directive waf_http_status has been removed and the related features have been merged into the directive waf_action.

  • The parameter size of the directive waf_cc_deny has been removed and zone is now used instead.

Changed

  • You can omit the parameter file of the directive waf_under_attack; omitting this parameter will use a built-in file from assets/under_attack.html.

  • You can omit the argument file to the directive waf_captcha, which when omitted will use a built-in file based on the value of the argument prov, which comes from the directory assets/.

[10.0.0] - 2021-11-30 UTC+0800

新增

  • 新指令 waf_zone,用来声明一块共享内存,这块内存将被用于其他的指令,比如 waf_cc_deny

  • 新指令 waf_action,用于设置拦截请求后的动作,比如返回特定的状态码或者使用验证码对客户端做人机认证。

  • 新指令 waf_block_page,用于设置拦截页面,当请求被拦截后将指定的 HTML 文件返回。

  • 新内置变量 $waf_rate,用来表示一个统计周期内当前 IP 的访问次数。统计周期由指令 waf_cc_deny 的参数 rate 决定,如果 IP 已经被拉黑,则由参数 duration 决定。

  • 指令 waf_captcha 增加了一个参数 max_fails,用来设置验证码最大试错次数和超出后的拉黑时间。

  • 指令 waf_captcha 增加了一个参数 zone,用来指定一块共享内存,当且仅当设置了参数 max_fails 时才需要设置。

  • 指令 waf_captcha 增加了一个参数 sitekey,当且仅当省略了参数 file 时才需要设置。

  • 当你重载 nginx 时,模块会尽可能地保留共享内存中的信息,使其不被清空,比如 CC 防护的拉黑列表。

移除

  • 移除了指令 waf_http_status,相关的功能合并到指令 waf_action

  • 移除了指令 waf_cc_deny 的参数 size,现在使用 zone 代替。

变动

  • 允许省略指令 waf_under_attack 的参数 file,省略此参数时将使用一个内置的文件,它来自 assets/under_attack.html

  • 允许省略指令 waf_captcha 的参数 file,省略此参数时将根据参数 prov 的值使用一个内置的文件,这些文件来自目录 assets/

  • 更多的调试日志。

Assets 2
Loading