✨ Advanced rules.

.github/workflows/test.yml

@@ -48,11 +48,12 @@ jobs:
       - name: Install dependencies
         run: |
           sudo apt-get --yes update
-          sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev
+          sudo apt-get install --yes libsodium23 libsodium-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libgd-dev libperl-dev uthash-dev flex bison
           sudo pip install lastversion
       - name: Download ${{ matrix.nginx-version }}
         run: |
           chmod 777 -R ${{ github.workspace }}
+          sudo make parser
           sudo git clone https://github.com/libinjection/libinjection.git inc/libinjection
           if [ ${{ matrix.nginx-version }} = 'stable nginx' ] ; then  \
             version='stable' ;\
@@ -70,7 +71,7 @@ jobs:
           else \
             opt='--add-dynamic-module' ;\
           fi
-          ./configure ${opt}=.. --with-cc-opt='-fstack-protector'
+          ./configure ${opt}=.. --with-cc-opt='-Wno-unused-but-set-variable -Wno-unused-function -fstack-protector-strong'
       - name: Install ${{ matrix.nginx-version }}
         run: |
           cd nginx-src

.gitignore

@@ -4,4 +4,8 @@ docs/.vuepress/dist
 yarn.lock
 package-lock.json
 inc/libinjection
-inc/libsodium
+inc/libsodium
+inc/ngx_http_waf_module_lexer.h
+inc/ngx_http_waf_module_parser.tab.h
+src/ngx_http_waf_module_lexer.c
+src/ngx_http_waf_module_parser.tab.c

Makefile

@@ -0,0 +1,3 @@
+parser: flex/lexer.lex bison/parser.yacc
+	@flex flex/lexer.lex
+	@bison --defines=inc/ngx_http_waf_module_parser.tab.h -L C -o src/ngx_http_waf_module_parser.tab.c bison/parser.yacc

README-ZH-CN.md

@@ -25,6 +25,7 @@
 * 功能齐全：「网络应用防火墙」的基本功能都有。
 * 安装方便：缺少依赖项时会自动提供解决方法。
 * 使用方便：配置指令简单易懂，不用看文档都能猜到大概是什么意思。
+* 规则灵活：提供高级规则，将动作（如拦截或放行）和多个条件表达式组合起来。
 * 高性能：经过较为极限的测试，启动本模块后 RPS（每秒请求数） 降低约 4%。测试说明和结果见使用文档。
 
 ## 功能
@@ -40,6 +41,7 @@
 * UserAgent 黑名单。
 * Cookie 黑名单。
 * Referer 黑白名单。
+* 高级规则，将动作（如拦截或放行）和多个条件表达式组合起来。
 
 ## 使用文档
 

README.md

@@ -23,6 +23,7 @@ Handy, High performance Nginx firewall module.
 * Full-featured: The basic functions of the web application firewall are available.
 * Easy to install: The solution is automatically provided when a dependency is missing.
 * Easy to use: directives are easy to understand and you can probably guess what they mean without reading the documentation.
+* Flexible rules: Provide advanced rules that combine actions (such as block or allow) with multiple conditional expressions.
 * High performance: In more extreme tests, QPS(Queries Per Second) is reduced by about 4% after starting this module. See the documentation for details of the tests.
 
 ## Function
@@ -41,6 +42,7 @@ Handy, High performance Nginx firewall module.
 * Block the specified Cookie.
 * Exceptional allow on specific Referer.
 * Block the specified Referer.
+* Advanced rules that combine actions (such as block or allow) with multiple conditional expressions.
 
 ## Docs