# Overview

Handy, High performance Nginx firewall module.

# Why ngx_waf

  • Basic protection: such as black and white list of IPs or IP range, uri black and white list, and request body black list, etc.
  • Easy to use: configuration files and rule files are easy to write and readable.
  • High performance: Efficient algorithms and caching.
  • Advanced protection: ModSecurity (opens new window) compatible, you can use OWASP(Open Web Application Security Project®) ModSecurity Core Rule Set (opens new window).
  • Friendly crawler verification: Supports verifying Google, Bing, Baidu and Yandex crawlers and allowing them automatically to avoid false positives.
  • Captcha: Supports three kinds of captchas: hCaptcha, reCAPTCHAv2 and reCAPTCHAv3.

# Features

  • ModSecurity (opens new window) compatible. This feature is only available in the latest Current version.
  • Anti SQL injection (powered by libinjection (opens new window)).
  • Anti XSS (powered by libinjection (opens new window)).
  • IPV4 and IPV6 support.
  • Support for enabling CAPTCHAs, including hCaptcha (opens new window), reCAPTCHAv2 (opens new window) and reCAPTCHAv3 (opens new window). This feature is only available in the latest Current version.
  • Support authentication-friendly crawlers (based on user agent and IP identification) to avoid blocking of these crawlers (e.g. GoogleBot). This feature is only available in the latest Current version.
  • CC protection, if the request rate exceeds the limit, the IP will be automatically banned for a period of time, or use CAPTCHA to do human identification and allow it if successful..
  • Exceptional allow on specific IP address.
  • Block the specified IP or IP range.
  • Block the specified request body.
  • Exceptional allow on specific URL.
  • Block the specified URL.
  • Block the specified query string.
  • Block the specified UserAgent.
  • Block the specified Cookie.
  • Exceptional allow on specific Referer.
  • Block the specified Referer.

# Contact

Hope you can help promote this project. The more stars got, the better this project is. 😃

# Test Suite

This module comes with a Perl-driven test suite. The test cases are declarative too. Thanks to the Test::Nginx (opens new window) module in the Perl world.

To run it on your side:

## It will take a lot of time, but it only needs to be run once.
cpan Test::Nginx

# You need to specify a temporary directory.
# If the directory does not exist it will be created automatically.
# If the directory already exists it will be **removed** first and then created.
export MODULE_TEST_PATH=/path/to/temp/dir

# You need to specify the absolute path to the dynamic module if you have it installed, 
# otherwise you do not need to run this line.
export MODULE_PATH=/path/to/ngx_http_waf_module.so

cd ./test/test-nginx
sh ./init.sh
sh ./start.sh ./t/*.t

Some parts of the test suite requires standard modules proxy, rewrite and SSI to be enabled as well when building Nginx.

# Performance Test

Performance Test

# Thanks