Skip to content

Lua implementation of the T1K protocol for Chaitin/SafeLine WAF

License

Notifications You must be signed in to change notification settings

chaitin/lua-resty-t1k

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

lua-resty-t1k

LuaRocks Releases License

Name

Lua implementation of the T1K protocol for Chaitin/SafeLine Web Application Firewall.

Status

Production ready.

Test

Installation

luarocks install lua-resty-t1k

If you are in Mainland China

luarocks install lua-resty-t1k --server https://luarocks.cn

Synopsis

 location / {
     access_by_lua_block {
         local t1k = require "resty.t1k"

         local t = {
             mode = "block",                            -- block or monitor or off, default off
             host = "unix:/workdir/snserver.sock",      -- required, SafeLine WAF detection service host, unix domain socket, IP, or domain is supported, string
             port = 8000,                               -- required when the host is an IP or domain, SafeLine WAF detection service port, integer
             connect_timeout = 1000,                    -- connect timeout, in milliseconds, integer, default 1s (1000ms)
             send_timeout = 1000,                       -- send timeout, in milliseconds, integer, default 1s (1000ms)
             read_timeout = 1000,                       -- read timeout, in milliseconds, integer, default 1s (1000ms)
             req_body_size = 1024,                      -- request body size, in KB, integer, default 1MB (1024KB)
             keepalive_size = 256,                      -- maximum concurrent idle connections to the SafeLine WAF detection service, integer, default 256
             keepalive_timeout = 60000,                 -- idle connection timeout, in milliseconds, integer, default 60s (60000ms)
             remote_addr = "http_x_forwarded_for: 1",   -- remote address from ngx.var.VARIABLE, string, default from ngx.var.remote_addr
         }

         local ok, err, _ = t1k.do_access(t, true)
         if not ok then
             ngx.log(ngx.ERR, err)
         end
     }

     header_filter_by_lua_block {
        local t1k = require "resty.t1k"
        t1k.do_header_filter()
     }
 }