{"id":15020831,"url":"https://github.com/add-sp/ngx_waf","last_synced_at":"2025-05-14T15:06:49.052Z","repository":{"id":37907750,"uuid":"286048802","full_name":"ADD-SP/ngx_waf","owner":"ADD-SP","description":"Handy, High performance, ModSecurity compatible Nginx firewall module \u0026 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块","archived":false,"fork":false,"pushed_at":"2025-01-25T08:32:04.000Z","size":2345,"stargazers_count":1552,"open_issues_count":13,"forks_count":194,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-04-12T01:49:55.961Z","etag":null,"topics":["captcha","hcaptcha","modsecurity","modsecurity-nginx","nginx","nginx-modules","openresty","recaptcha","waf","web-application-firewall"],"latest_commit_sha":null,"homepage":"https://add-sp.github.io/ngx_waf-docs/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ADD-SP.png","metadata":{"files":{"readme":"README-ZH-CN.md","changelog":"CHANGES-ZH-CN.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-08T13:30:39.000Z","updated_at":"2025-03-28T06:37:14.000Z","dependencies_parsed_at":"2024-03-02T06:22:58.906Z","dependency_job_id":"d865821e-843a-477b-aa82-a844f4789449","html_url":"https://github.com/ADD-SP/ngx_waf","commit_stats":{"total_commits":379,"total_committers":5,"mean_commits":75.8,"dds":0.01846965699208447,"last_synced_commit":"f97a4399dcc47f449254fff2f2fa6526dfbcbd81"},"previous_names":[],"tags_count":105,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADD-SP%2Fngx_waf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADD-SP%2Fngx_waf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADD-SP%2Fngx_waf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADD-SP%2Fngx_waf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ADD-SP","download_url":"https://codeload.github.com/ADD-SP/ngx_waf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248505872,"owners_count":21115354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["captcha","hcaptcha","modsecurity","modsecurity-nginx","nginx","nginx-modules","openresty","recaptcha","waf","web-application-firewall"],"created_at":"2024-09-24T19:55:44.363Z","updated_at":"2025-04-12T01:50:10.880Z","avatar_url":"https://github.com/ADD-SP.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ngx_waf\n\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://cdn.jsdelivr.net/gh/ADD-SP/ngx_waf@master/assets/logo.png\" width=200 height=200/\u003e\n\u003c/p\u003e\n\n\n[![test](https://github.com/ADD-SP/ngx_waf/actions/workflows/test.yml/badge.svg)](https://github.com/ADD-SP/ngx_waf/actions/workflows/test.yml)\n\n[![Notification](https://img.shields.io/badge/Notification-Telegram%20Channel-blue)](https://t.me/ngx_waf)\n[![Discussion EN](https://img.shields.io/badge/Discussion%20EN-Telegram%20Group-blue)](https://t.me/group_ngx_waf)\n[![Discussion CN](https://img.shields.io/badge/Discussion%20CN-Telegram%20Group-blue)](https://t.me/group_ngx_waf_cn)\n\n[English](README.md) | 简体中文\n\n方便且高性能的 Nginx 防火墙模块。\n\n## 为什么选择 ngx_waf\n\n* 基础防护：如 IP 或 IP 网段的黑白名单、URI 黑白名单和请求体黑名单等。\n* 使用简单：配置文件和规则文件书写简单，可读性强。\n* 高性能：使用高效的 IP 检查算法和缓存机制。\n* 高级防护：兼容 [ModSecurity](https://github.com/SpiderLabs/ModSecurity)，因此你可以使用[开放式网络应用安全项目（OWASP）® 的核心规则库](https://owasp.org/www-project-modsecurity-core-rule-set/)。\n* 友好爬虫验证：支持验证 Google、Bing、Baidu 和 Yandex 的爬虫并自动放行，避免错误拦截。\n* 验证码：支持三种验证码：hCaptcha、reCAPTCHAv2 和 reCAPTCHAv3。\n\n## 功能\n\n* 兼容 [ModSecurity](https://github.com/SpiderLabs/ModSecurity)。此功能仅限最新的 Current 版本。\n* SQL 注入防护（Powered By [libinjection](https://github.com/libinjection/libinjection)）。\n* XSS 攻击防护（Powered By [libinjection](https://github.com/libinjection/libinjection)）。\n* 支持 IPV4 和 IPV6。\n* 支持开启验证码（CAPTCHA)，支持 [hCaptcha](https://www.hcaptcha.com/)、[reCAPTCHAv2](https://developers.google.com/recaptcha) 和 [reCAPTCHAv3](https://developers.google.com/recaptcha)。此功能仅限最新的 Current 版本。\n* 支持识别友好爬虫（如 BaiduSpider）并自动放行（基于 User-Agent 和 IP 的识别）。此功能仅限最新的 Current 版本。\n* CC 防御，超出限制后自动拉黑对应 IP 一段时间。\n* IP 黑白名单，同时支持类似 `192.168.0.0/16` 和 `fe80::/10`，即支持点分十进制和冒号十六进制表示法和网段划分。\n* POST 黑名单。\n* URL 黑白名单\n* 查询字符串（Query String）黑名单。\n* UserAgent 黑名单。\n* Cookie 黑名单。\n* Referer 黑白名单。\n\n## 使用文档\n\n* 推荐链接：[https://docs.addesp.com/ngx_waf/zh-cn/](https://docs.addesp.com/ngx_waf/zh-cn/)\n* 备用链接 1：[https://add-sp.github.io/ngx_waf-docs/zh-cn/](https://add-sp.github.io/ngx_waf-docs/zh-cn/)\n* 备用链接 2：[https://ngx-waf-docs.pages.dev/zh-cn/](https://ngx-waf-docs.pages.dev/zh-cn/)\n\n## 联系方式\n\n* Telegram 频道: [https://t.me/ngx_waf](https://t.me/ngx_waf)\n* Telegram 群组（英文）: [https://t.me/group_ngx_waf](https://t.me/group_ngx_waf)\n* Telegram 群组（中文）：[https://t.me/group_ngx_waf_cn](https://t.me/group_ngx_waf_cn)\n\n## 打赏\n\n打赏就算了，如果您愿意，您可以帮助宣传一下本项目。比如发个贴，推荐给身边有需求的人什么的。\n\n\u003cdel\u003e我从来没碰过钱，我对钱没有兴趣。\u003c/del\u003e\n\n## 测试套件\n\n本项目使用一个 Perl 开发的数据驱动型的测试套件进行测试。\n感谢项目 [Test::Nginx](http://search.cpan.org/perldoc?Test::Nginx) 及其开发者们。\n\n你可以通过下列命令来运行测试。\n\n```shell\n# 这行命令的执行时间比较长，但是以后再测试的时候就不需要运行了。\ncpan Test::Nginx\n\n# 你需要指定一个临时目录。\n# 如果目录不存在会自动创建。\n# 如果目录已经会被存在则会先**删除**再创建。\nexport MODULE_TEST_PATH=/path/to/temp/dir\n\n# 如果你安装了动态模块则需要指定动态模块的绝对路径，反之则无需执行这行命令。\nexport MODULE_PATH=/path/to/ngx_http_waf_module.so\n\ncd ./test/test-nginx\nsh ./init.sh\nsh ./start.sh ./t/*.t\n```\n\n\n## 开源许可证\n\n[BSD 3-Clause License](LICENSE)\n\n## 感谢\n\n* [ModSecurity](https://github.com/SpiderLabs/ModSecurity)：开源且跨平台的 WAF 引擎。\n* [uthash](https://github.com/troydhanson/uthash)：C 语言的哈希表、数组、链表等容器库。\n* [libcurl](https://curl.se/libcurl/)：支持多种协议文件传输库。\n* [cJSON](https://github.com/DaveGamble/cJSON)：C 语言的轻量级 JSON 解析库。\n* [libinjection](https://github.com/libinjection/libinjection)：SQL 注入检测库。\n* [libsodium](https://github.com/jedisct1/libsodium)：C 语言密码函数库。\n* [test-nginx](https://github.com/openresty/test-nginx): 数据驱动的 nginx 测试套件，可用于 nginx C 模块的开发和 OpenResty Lua 库的开发。 \n* [lastversion](https://github.com/dvershinin/lastversion)：一个轻巧的命令行工具，帮助你下载或安装一个项目的特定版本。\n* [ngx_lua_waf](https://github.com/loveshell/ngx_lua_waf)：一个基于 lua-nginx-module (openresty) 的 web 应用防火墙。\n* [nginx-book](https://github.com/taobao/nginx-book)：Nginx开发从入门到精通 \n* [nginx-development-guide](https://github.com/baishancloud/nginx-development-guide)：Nginx 开发指南。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadd-sp%2Fngx_waf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadd-sp%2Fngx_waf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadd-sp%2Fngx_waf/lists"}