[6.0.0] - 2021-07-21 UTC+0800
NOTE
-
This release contains some breaking changes.
-
Advanced rules have a high performance cost because the principle is to compile the rules into a series of instructions that are then executed by the VM.
Upgrade from 5.x.x to 6.x.x
-
Create a new empty file named
advancedin the rules directory. -
If the directive
waf_priorityis used, you can delete it or modify it according to the directive in the documentation.
Pre-built modules
We now provide pre-compiled modules that can be used as long as the following requirements are met.
- The version of nginx must be the latest stable or mainline version.
- The C standard library implementation must be the GNU implementation or the MUSL implementation.
The download script will automatically check if the second condition is met.
You can execute assets/download.sh to download the corresponding version of the module and save it to the current directory. Here is the use case.
# nginx-stable ngx_waf-stable
sh assets/download stable stable
# nginx-mainline ngx_waf-stable
sh assets/download mainline stable
# nginx-stable ngx_waf-beta
sh assets/download stable beta
# nginx-mainline ngx_waf-beta
sh assets/download mainline betaEach update takes about an hour and a half to compile the module, so it is recommended that you download the updated module more than two hours after the update, otherwise you may download the old module.
Added
- Advanced rules are supported, see the documentation for details.
Removed
- Remove mode
COMPAT, no longer fully compatible withngx_http_rewrite_module.
Changed
-
Updated the directive
waf_priority, see the documentation for details. -
You can now use all the directives of this module in blocks
http,serverandlocation
[6.0.0] - 2021-07-21 UTC+0800
注意
-
本次更新有一些不向下兼容的改动。
-
高级规则的执行速度较慢,因为其原理是将规则编译成一系列指令,然后由虚拟机执行。
预构建模块
现在我们提供了提前编译好的模块,只要满足了下列要求即可使用。
- nginx 的版本必须是最新的 stable 或 mainline 版本。
- 您使用的 C 语言的标准库实现必须是 GNU 实现或者 musl 实现。
下载脚本会自动检查是否满足第二个条件。
您可以执行 assets/download.sh 来下载对应版本的模块并保存到当前目录。下面是用例。
# nginx-stable ngx_waf-stable
sh assets/download stable stable
# nginx-mainline ngx_waf-stable
sh assets/download mainline stable
# nginx-stable ngx_waf-beta
sh assets/download stable beta
# nginx-mainline ngx_waf-beta
sh assets/download mainline beta每次更新都需要花费约一个半小时的时间来编译模块,所以推荐在更新超过两个小时后再下载更新后的模块,否则可能会下载到旧的模块。
从 5.x.x 升级到 6.x.x
- 在规则目录下新建一个名为
advanced的空文件。 - 如果使用了配置项
waf_priority,可以将其删除或者按照文档中对该配置项的说明进行修改。
新增
- 支持了高级规则,详情见文档。
移除
- 移除
COMPAT模式,不再完全兼容ngx_http_rewrite_module。
变动
-
更新了配置项
waf_priority,详情见文档。 -
现在你可以在
http、server和location块中使用本模块的所有配置项。