starred/ngx_waf
1
0
Fork 0
mirror of https://github.com/ADD-SP/ngx_waf.git synced 2026-04-26 14:05:52 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #34] waf_cc_deny 和 waf_cache capacity错误 #18

New issue
Closed
opened 2026-03-04 12:18:03 +03:00 by kerem · 6 comments
kerem commented 2026-03-04 12:18:03 +03:00
Owner
Copy link

Originally created by @hkmjj on GitHub (Apr 12, 2021).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/34

请问该如何配置下面规制
waf on;
waf_rule_path /usr/local/nginx/conf/rules/;
waf_mode FULL;
waf_cc_deny rate=1000r/m;
waf_cache capacity=50;
使用nginx -t显示一下错误
nginx: [emerg] unknown directive "waf_cc_deny" in /usr/local/nginx/conf/nginx.conf:95
nginx: [emerg] unknown directive " waf_cache capacity" in /usr/local/nginx/conf/nginx.conf:95

Originally created by @hkmjj on GitHub (Apr 12, 2021). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/34 请问该如何配置下面规制 waf on; waf_rule_path /usr/local/nginx/conf/rules/; waf_mode FULL; waf_cc_deny rate=1000r/m; waf_cache capacity=50; 使用nginx -t显示一下错误 nginx: [emerg] unknown directive "waf_cc_deny" in /usr/local/nginx/conf/nginx.conf:95 nginx: [emerg] unknown directive " waf_cache capacity" in /usr/local/nginx/conf/nginx.conf:95
kerem 2026-03-04 12:18:03 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-03-04 12:18:04 +03:00
Author
Owner
Copy link

@ADD-SP commented on GitHub (Apr 12, 2021):

麻烦发一下命令 nginx -V 的输出,以及 ngx_waf 的版本。如果使用的是动态模块请确保已经通过 load_module 指令加载本模块。

<!-- gh-comment-id:817764718 --> @ADD-SP commented on GitHub (Apr 12, 2021): 麻烦发一下命令 `nginx -V` 的输出,以及 ngx_waf 的版本。如果使用的是动态模块请确保已经通过 `load_module` 指令加载本模块。
kerem commented 2026-03-04 12:18:04 +03:00
Author
Owner
Copy link

@hkmjj commented on GitHub (Apr 12, 2021):

ngx_waf的版本是git clone下载源码
未使用动态编译安装ngx_waf 采用静态编译
nginx -V 显示如下:
root@VPS:~# nginx -V
nginx version: nginx/1.19.9
built by gcc 8.3.0 (Debian 8.3.0-6)
built with OpenSSL 1.1.1k 25 Mar 2021 (running with OpenSSL 1.1.1d 10 Sep 2019)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_v2_hpack_enc --with-http_ssl_module --with-http_gzip_static_module --with-http_gunzip_module --with-zlib=../zlib --with-http_realip_module --with-http_flv_module --with-threads --with-file-aio --with-http_mp4_module --without-http_scgi_module --without-http_uwsgi_module --with-http_degradation_module --with-http_dav_module --with-http_secure_link_module --with-openssl=../openssl --add-module=../ngx_waf

<!-- gh-comment-id:818314219 --> @hkmjj commented on GitHub (Apr 12, 2021): ngx_waf的版本是git clone下载源码 未使用动态编译安装ngx_waf 采用静态编译 nginx -V 显示如下: root@VPS:~# nginx -V nginx version: nginx/1.19.9 built by gcc 8.3.0 (Debian 8.3.0-6) built with OpenSSL 1.1.1k 25 Mar 2021 (running with OpenSSL 1.1.1d 10 Sep 2019) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_v2_hpack_enc --with-http_ssl_module --with-http_gzip_static_module --with-http_gunzip_module --with-zlib=../zlib --with-http_realip_module --with-http_flv_module --with-threads --with-file-aio --with-http_mp4_module --without-http_scgi_module --without-http_uwsgi_module --with-http_degradation_module --with-http_dav_module --with-http_secure_link_module --with-openssl=../openssl --add-module=../ngx_waf
kerem commented 2026-03-04 12:18:04 +03:00
Author
Owner
Copy link

@ADD-SP commented on GitHub (Apr 13, 2021):

可否上传出错的配置文件?我看两行报错指向的都是第 95 行,如果是本模块的问题起码应该报错两行。因此我怀疑可能是配置文件里有什么奇怪的错误。

<!-- gh-comment-id:818378891 --> @ADD-SP commented on GitHub (Apr 13, 2021): 可否上传出错的配置文件?我看两行报错指向的都是第 95 行,如果是本模块的问题起码应该报错两行。因此我怀疑可能是配置文件里有什么奇怪的错误。
kerem commented 2026-03-04 12:18:04 +03:00
Author
Owner
Copy link

@hkmjj commented on GitHub (Apr 13, 2021):

当时是直接复制的上一行没有改.
nginx.conf配置:
server {
listen 80;
server_name _;
index index.html index.htm index.php;
#error_page 404 /404.html;
#error_page 502 /502.html;
waf on;
waf_rule_path /usr/local/nginx/conf/rules/;
waf_mode FULL;
waf_cc_deny rate=1000r/m;
waf_cache capacity=50;
显示错误:
root@VPS:/usr/local/nginx/conf# nginx -t
nginx: [emerg] unknown directive "waf_cc_deny" in /usr/local/nginx/conf/nginx.conf:95
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
root@VPS:/usr/local/nginx/conf# nginx -t
nginx: [emerg] unknown directive "waf_cache" in /usr/local/nginx/conf/nginx.conf:96
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

<!-- gh-comment-id:818743990 --> @hkmjj commented on GitHub (Apr 13, 2021): 当时是直接复制的上一行没有改. nginx.conf配置: server { listen 80; server_name _; index index.html index.htm index.php; #error_page 404 /404.html; #error_page 502 /502.html; waf on; waf_rule_path /usr/local/nginx/conf/rules/; waf_mode FULL; waf_cc_deny rate=1000r/m; waf_cache capacity=50; 显示错误: root@VPS:/usr/local/nginx/conf# nginx -t nginx: [emerg] unknown directive "waf_cc_deny" in /usr/local/nginx/conf/nginx.conf:95 nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed root@VPS:/usr/local/nginx/conf# nginx -t nginx: [emerg] unknown directive "waf_cache" in /usr/local/nginx/conf/nginx.conf:96 nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
kerem commented 2026-03-04 12:18:04 +03:00
Author
Owner
Copy link

@ADD-SP commented on GitHub (Apr 13, 2021):

看起来应该是使用了旧版本的源码,因为 v5.0.0 之前的稳定版是不支持 waf_cc_denywaf_cache 这两个指令的。

需要提供的信息

请进入 ngx_waf 源码目录,然后提供下面三个命令的输出,以便定位具体原因。

# 需要提供全部的输出
git tag

# 提供前 10 行的输出
git log

# 提供全部的输出
git remote -v

解决方法

提供了上文所提到的信息后请进入 ngx_waf 的源码目录,依次执行下面的命令,然后重新编译模块检查是否出错。

# 删除现有的 clone 源
git remote remove origin

# 添加 Github 上的 clone 源
git remote add origin https://github.com/ADD-SP/ngx_waf.git

# 切换到稳定版分支
git checkout master

# 强制更新到最新的稳定版源码
git pull origin master --rebase --force
<!-- gh-comment-id:818769344 --> @ADD-SP commented on GitHub (Apr 13, 2021): 看起来应该是使用了旧版本的源码,因为 v5.0.0 之前的稳定版是不支持 `waf_cc_deny` 和 `waf_cache` 这两个指令的。 ## 需要提供的信息 请进入 ngx_waf 源码目录,然后提供下面三个命令的输出,以便定位具体原因。 ```sh # 需要提供全部的输出 git tag # 提供前 10 行的输出 git log # 提供全部的输出 git remote -v ``` ## 解决方法 提供了上文所提到的信息后请进入 ngx_waf 的源码目录,依次执行下面的命令,然后重新编译模块检查是否出错。 ```sh # 删除现有的 clone 源 git remote remove origin # 添加 Github 上的 clone 源 git remote add origin https://github.com/ADD-SP/ngx_waf.git # 切换到稳定版分支 git checkout master # 强制更新到最新的稳定版源码 git pull origin master --rebase --force ```
kerem commented 2026-03-04 12:18:04 +03:00
Author
Owner
Copy link

@hkmjj commented on GitHub (Apr 14, 2021):

感谢支持,问题已解决

<!-- gh-comment-id:819435396 --> @hkmjj commented on GitHub (Apr 14, 2021): 感谢支持,问题已解决
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
lts
lts-dev
add_sp/refactor-replace-libcurl-with-subreq
current-dev
current
current-dev-backup
v6.1.10
v10.1.2
v6.1.9
v6.1.8
v10.1.1
v10.1.0
v6.1.7
v10.0.1
v10.0.0
v9.0.6
v9.0.5
v6.1.6
v6.1.5
v9.0.4
v9.0.3
v9.0.2
v9.0.1
v9.0.0
v8.0.3
v6.1.4
v8.0.2
v8.0.1
v6.1.3
v8.0.0
v7.1.0
v6.1.2
v7.0.1
v7.0.0
v6.1.1
v6.1.0
v6.0.3
v6.0.2
v6.0.2-beta.1
v6.0.1
v6.0.1-beta.2
v6.0.1-beta.1
v6.0.0
v6.0.0-beta.4
v5.5.1
v6.0.0-beta.2
v6.0.0.beta.3
v6.0.0-beta.1
v5.5.0
v5.4.2
v5.4.2-beta.2
v5.4.2-beta.1
v5.4.1
v5.4.1-beta.1
v5.4.0
v5.4.0-beta.1
v5.3.2
v5.3.1
v5.3.0
v5.3.0-beta.4
v5.3.0-beta.3
v5.3.0-beta.2
v5.3.0-beta.1
v5.2.0
v5.2.0-beta.2
v5.2.0-beta.1
v5.1.1
v5.1.1-beta.1
v5.1.0
v5.0.0
v5.0.0-beta.5
v5.0.0-beta.4
v5.0.0-beta.3
v5.0.0-beta.2
v5.0.0-beta.1
v4.1.0-beta.4
v4.1.0-beta.3
v4.1.0-beta.2
v4.1.0-beta.1
v4.0.0
v4.0.0-beta.2
v3.1.6
v3.2.0-beta.1
v3.1.5
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.1.0-beta-1
v3.0.3-beta-3
v3.0.2
v3.0.3-beta-2
v3.0.3-beta-1
v3.0.2-beta-2
v3.0.2-beta-1
v3.0.1
v3.0.0
v3.0.0-beta-2
v3.0.0-beta-1
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.1-beta-1
v2.0.0
v2.0.0-beta.1
v1.0.1
v1.0.0
v1.0.0-RC2
v1.0.0-RC1
Labels
Clear labels   
MacOS

   
Nginx

   
OpenResty

   
Tengine

   
bug

   
documentation

   
enhancement

   
needs-investigation

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
stale

   
stale

   
timeout

   
wontfix
No labels
MacOS
Nginx
OpenResty
Tengine
bug
documentation
enhancement
needs-investigation
pull-request
question
stale
stale
stale
timeout
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ngx_waf#18
No description provided.