English | 简体中文
Handy, High performance Nginx firewall module.
- Full-featured: The basic functions of the web application firewall are available.
- Easy to install: In most cases you can download and use pre-built modules instead of compiling the code.
- Easy to use: directives are easy to understand and you can probably guess what they mean without reading the documentation.
- Flexible rules: Provide advanced rules that combine actions (such as block or allow) with multiple conditional expressions.
- High performance: In more extreme tests, QPS(Queries Per Second) is reduced by about 4% after starting this module. See the documentation for details of the tests.
- Anti SQL injection (powered by libinjection).
- Anti XSS (powered by libinjection).
- IPV4 and IPV6 support.
- Support for enabling CAPTCHAs, including hCaptcha, reCAPTCHAv2 and reCAPTCHAv3. This feature is only available in the latest
Currentversion. - Support authentication-friendly crawlers (based on user agent and IP identification) to avoid blocking of these crawlers (e.g. GoogleBot). This feature is only available in the latest
Currentversion. - Anti Challenge Collapsar, it can automatically block malicious IP.
- Exceptional allow on specific IP address.
- Block the specified IP address.
- Block the specified request body.
- Exceptional allow on specific URL.
- Block the specified URL.
- Block the specified query string.
- Block the specified UserAgent.
- Block the specified Cookie.
- Exceptional allow on specific Referer.
- Block the specified Referer.
- Advanced rules that combine actions (such as block or allow) with multiple conditional expressions.
- Recommended link: https://docs.addesp.com/ngx_waf/
- Alternate link 1: https://add-sp.github.io/ngx_waf-docs/
- Alternate link 2: https://ngx-waf-docs.pages.dev/
- Telegram Channel: https://t.me/ngx_waf
- Telegram Group (English): https://t.me/group_ngx_waf
- Telegram Group (Chinese): https://t.me/group_ngx_waf_cn
- uthash: C macros for hash tables and more.
- libinjection: SQL / SQLI tokenizer parser analyzer.
- libsodium: A modern, portable, easy to use crypto library.
- lastversion: A command line tool that helps you download or install a specific version of a project.
- ngx_lua_waf: A web application firewall based on the lua-nginx-module (openresty).
- nginx-book: The Chinese language development guide for nginx.
- nginx-development-guide: The Chinese language development guide for nginx.