ADD-SP/ngx_waf v10.0.0 on GitHub

[10.0.0] - 2021-11-30 UTC+0800

New directive waf_zone, used to declare a piece of shared memory that will be used for other directives, such as waf_cc_deny.
New directive waf_action, used to set actions after intercepting a request, such as returning a specific status code or challenging the client with a captcha.
New directive waf_block_page, used to set the blocking page to return the specified HTML file when the request is blocked.
A new embedded variable, $waf_rate, is used to indicate the number of accesses to the current IP in a period. The period is determined by the parameter rate of the directive waf_cc_deny, or by the parameter duration if the IP has been blacked out.
The directive waf_captcha has a new parameter max_fails, which sets the maximum number of attempts for the captcha and the blocking time after it is exceeded.
The directive waf_captcha has a new parameter zone that specifies a piece of shared memory, which needs to be set if and only if the parameter max_fails is set.
The directive waf_captcha has a new parameter sitekey, which needs to be set if and only if the parameter file is omitted.
When you reload nginx, the module keeps as much information in shared memory as possible so that it is not emptied, such as statistics used by CC protection.

The directive waf_http_status has been removed and the related features have been merged into the directive waf_action.
The parameter size of the directive waf_cc_deny has been removed and zone is now used instead.

You can omit the parameter file of the directive waf_under_attack; omitting this parameter will use a built-in file from assets/under_attack.html.
You can omit the argument file to the directive waf_captcha, which when omitted will use a built-in file based on the value of the argument prov, which comes from the directory assets/.

新指令 waf_zone，用来声明一块共享内存，这块内存将被用于其他的指令，比如 waf_cc_deny。
新指令 waf_action，用于设置拦截请求后的动作，比如返回特定的状态码或者使用验证码对客户端做人机认证。
新指令 waf_block_page，用于设置拦截页面，当请求被拦截后将指定的 HTML 文件返回。
新内置变量 $waf_rate，用来表示一个统计周期内当前 IP 的访问次数。统计周期由指令 waf_cc_deny 的参数 rate 决定，如果 IP 已经被拉黑，则由参数 duration 决定。
指令 waf_captcha 增加了一个参数 max_fails，用来设置验证码最大试错次数和超出后的拉黑时间。
指令 waf_captcha 增加了一个参数 zone，用来指定一块共享内存，当且仅当设置了参数 max_fails 时才需要设置。
指令 waf_captcha 增加了一个参数 sitekey，当且仅当省略了参数 file 时才需要设置。
当你重载 nginx 时，模块会尽可能地保留共享内存中的信息，使其不被清空，比如 CC 防护的拉黑列表。

允许省略指令 waf_under_attack 的参数 file，省略此参数时将使用一个内置的文件，它来自 assets/under_attack.html。
允许省略指令 waf_captcha 的参数 file，省略此参数时将根据参数 prov 的值使用一个内置的文件，这些文件来自目录 assets/。
更多的调试日志。