[GH-ISSUE #84] waf_cc_deny rate 語法錯誤 #199

New issue

Closed

opened 2026-03-13 17:01:02 +03:00 by kerem · 3 comments

kerem commented

2026-03-13 17:01:02 +03:00

Owner

Originally created by @ADeeeee on GitHub (Jan 19, 2022).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/84

測試環境：
Ubuntu 20.04.3 LTS

nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled

ngx_waf: 自己照文件流程 compile 出來的 LTS 1.18 版

問題：
設定為 200r/10m 時，下 nginx -t 確認會出現語法錯誤

waf_cc_deny rate=200r/10m duration=10m;
nginx: [emerg] ngx_waf: invalid value (22: Invalid argument) in /etc/nginx/sites-enabled/example:14

我看 https://docs.addesp.com/ngx_waf/advance/directive.html#waf-cc-deny 文件範例上寫到可以自訂後面的時間長度，但我照著設置 200r/60m 也是不行，想請問 lts 版是不是還不支援自訂時間區間？

rate: indicates the upper rate of requests, such as 500r/s, 500r/60s, 500r/m, 500r/60m, 500r/h, 500r/60h and 500r/d. Exceeding the limit returns a 503 status code (opens new window)with a Retry-After (opens new window)response header.

許願：

希望可以自訂時間區間，就像 fail2ban 一樣彈性，畢竟每個網頁專案所遇到的情況不太一樣，如果只能設定一分鐘幾次，有時會被突然瞬間大量正常的 request 觸發，造成不必要的麻煩，因此會傾向設定長一點的時間累積以防誤擋
另外希望官方可以提供 compile 好的版本有支援到 1.18，畢竟 Ubuntu 20.04 應還算是蠻熱門的 distro，應該還是大眾常用的版本

Originally created by @ADeeeee on GitHub (Jan 19, 2022). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/84 測試環境： Ubuntu 20.04.3 LTS nginx version: nginx/1.18.0 (Ubuntu) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled ngx_waf: 自己照文件流程 compile 出來的 LTS 1.18 版問題：設定為 200r/10m 時，下 nginx -t 確認會出現語法錯誤 ``` waf_cc_deny rate=200r/10m duration=10m; nginx: [emerg] ngx_waf: invalid value (22: Invalid argument) in /etc/nginx/sites-enabled/example:14 ``` 我看 https://docs.addesp.com/ngx_waf/advance/directive.html#waf-cc-deny 文件範例上寫到可以自訂後面的時間長度，但我照著設置 200r/60m 也是不行，想請問 lts 版是不是還不支援自訂時間區間？ ``` rate: indicates the upper rate of requests, such as 500r/s, 500r/60s, 500r/m, 500r/60m, 500r/h, 500r/60h and 500r/d. Exceeding the limit returns a 503 status code (opens new window)with a Retry-After (opens new window)response header. ``` 許願： 1. 希望可以自訂時間區間，就像 fail2ban 一樣彈性，畢竟每個網頁專案所遇到的情況不太一樣，如果只能設定一分鐘幾次，有時會被突然瞬間大量正常的 request 觸發，造成不必要的麻煩，因此會傾向設定長一點的時間累積以防誤擋 2. 另外希望官方可以提供 compile 好的版本有支援到 1.18，畢竟 Ubuntu 20.04 應還算是蠻熱門的 distro，應該還是大眾常用的版本

kerem

2026-03-13 17:01:02 +03:00

closed this issue
added the
enhancement

question
labels

kerem commented

2026-03-13 17:01:18 +03:00

Author

Owner

@ADD-SP commented on GitHub (Jan 19, 2022):

The LTS version only supports the syntax like xr/m .

The LTS version is focused on stability, so no new features will be added, only bug fixes.

I was considering providing pre-built modules a long time ago, but it didn't work out for many reasons. For example, some dependencies could not be statically linked into the module, and binary compatibility between different implementations of libc was not possible.

After encountering these difficulties, I intended to create several .rpm and .deb files to do the build automatically, but I didn't know much about these things, so I put them on hold.

@ADD-SP commented on GitHub (Jan 19, 2022): The LTS version only supports the syntax like `xr/m` . The LTS version is focused on stability, so no new features will be added, only bug fixes. *** I was considering providing pre-built modules a long time ago, but it didn't work out for many reasons. For example, some dependencies could not be statically linked into the module, and binary compatibility between different implementations of libc was not possible. After encountering these difficulties, I intended to create several `.rpm` and `.deb` files to do the build automatically, but I didn't know much about these things, so I put them on hold.

kerem commented

2026-03-13 17:01:23 +03:00

Author

Owner

@ADeeeee commented on GitHub (Jan 20, 2022):

合理，感謝解答，希望這個功能可以盡快併進 LTS 版本

關於 waf_cc_deny 的部份暫時沒有什麼問題了，請問我有另外關於 rule 的問題方不方便另開 issue 詢問？

@ADeeeee commented on GitHub (Jan 20, 2022): 合理，感謝解答，希望這個功能可以盡快併進 LTS 版本關於 waf_cc_deny 的部份暫時沒有什麼問題了，請問我有另外關於 rule 的問題方不方便另開 issue 詢問？

kerem commented

2026-03-13 17:01:28 +03:00

Author

Owner

@ADD-SP commented on GitHub (Jan 20, 2022):

The cycle of LTS versions can be found at https://add-sp.github.io/ngx_waf-docs/changes/overview.html.

Asking some rule-related questions can create a new issue.

@ADD-SP commented on GitHub (Jan 20, 2022): The cycle of LTS versions can be found at https://add-sp.github.io/ngx_waf-docs/changes/overview.html. Asking some rule-related questions can create a new issue.