Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chaitin/lua-resty-t1k
Lua implementation of the T1K protocol for Chaitin/SafeLine WAF
https://github.com/chaitin/lua-resty-t1k
lua openresty protocol security waf
Last synced: about 3 hours ago
JSON representation
Lua implementation of the T1K protocol for Chaitin/SafeLine WAF
- Host: GitHub
- URL: https://github.com/chaitin/lua-resty-t1k
- Owner: chaitin
- License: apache-2.0
- Created: 2023-05-23T07:18:36.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-11-02T11:54:42.000Z (4 days ago)
- Last Synced: 2024-11-02T12:27:46.327Z (4 days ago)
- Topics: lua, openresty, protocol, security, waf
- Language: Raku
- Homepage:
- Size: 71.3 KB
- Stars: 60
- Watchers: 5
- Forks: 10
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# lua-resty-t1k
[](https://luarocks.org/modules/blaisewang/lua-resty-t1k)
[](https://github.com/chaitin/lua-resty-t1k/releases)
[](https://github.com/chaitin/lua-resty-t1k/blob/main/LICENSE)
## Name
Lua implementation of the T1K protocol for [Chaitin/SafeLine](https://github.com/chaitin/safeline) Web Application Firewall.
## Status
Production ready.
[](https://github.com/chaitin/lua-resty-t1k/actions)
## Installation
```bash
luarocks install lua-resty-t1k
```
If you are in Mainland China
```bash
luarocks install lua-resty-t1k --server https://luarocks.cn
```
## Synopsis
```lua
location / {
access_by_lua_block {
local t1k = require "resty.t1k"
local t = {
mode = "block", -- block or monitor or off, default off
host = "unix:/workdir/snserver.sock", -- required, SafeLine WAF detection service host, unix domain socket, IP, or domain is supported, string
port = 8000, -- required when the host is an IP or domain, SafeLine WAF detection service port, integer
connect_timeout = 1000, -- connect timeout, in milliseconds, integer, default 1s (1000ms)
send_timeout = 1000, -- send timeout, in milliseconds, integer, default 1s (1000ms)
read_timeout = 1000, -- read timeout, in milliseconds, integer, default 1s (1000ms)
req_body_size = 1024, -- request body size, in KB, integer, default 1MB (1024KB)
keepalive_size = 256, -- maximum concurrent idle connections to the SafeLine WAF detection service, integer, default 256
keepalive_timeout = 60000, -- idle connection timeout, in milliseconds, integer, default 60s (60000ms)
remote_addr = "http_x_forwarded_for: 1", -- remote address from ngx.var.VARIABLE, string, default from ngx.var.remote_addr
}
local ok, err, _ = t1k.do_access(t, true)
if not ok then
ngx.log(ngx.ERR, err)
end
}
header_filter_by_lua_block {
local t1k = require "resty.t1k"
t1k.do_header_filter()
}
}
```
## Lua Resty T1K vs. C T1K
[C T1K](https://t1k.chaitin.com/), as part of SafeLine's enterprise edition, is a deployment mode crafted in C language for enhanced performance.
It is compatible with all versions of Nginx and does not require deployment via OpenResty (lua_nginx_module).
| | Lua Resty T1K | C T1K |
|-----------------------|---------------|-------|
| Request Detection | ✅ | ✅ |
| Response Detection | ❌ | ✅ |
| Health Checks* | ❌ | ✅ |
| Cookie Protection | ❌ | ✅ |
| Bot Protection | ❌ | ✅ |
| Proxy-side Statistics | ❌ | ✅ |
* APISIX implements health check functionality for the `chaitin-waf` plugin. For more information, please see the [chaitin-waf documentation](https://apisix.apache.org/docs/apisix/next/plugins/chaitin-waf/).