diff --git a/README.md b/README.md index 29ff1a9..cda6d8e 100644 --- a/README.md +++ b/README.md @@ -29,32 +29,48 @@ luarocks install lua-resty-t1k --server https://luarocks.cn ## Synopsis ```lua - location / { - access_by_lua_block { - local t1k = require "resty.t1k" - - local t = { - mode = "block", -- block or monitor or off, default off - host = "unix:/workdir/snserver.sock", -- required, SafeLine WAF detection service host, unix domain socket, IP, or domain is supported, string - port = 8000, -- required when the host is an IP or domain, SafeLine WAF detection service port, integer - connect_timeout = 1000, -- connect timeout, in milliseconds, integer, default 1s (1000ms) - send_timeout = 1000, -- send timeout, in milliseconds, integer, default 1s (1000ms) - read_timeout = 1000, -- read timeout, in milliseconds, integer, default 1s (1000ms) - req_body_size = 1024, -- request body size, in KB, integer, default 1MB (1024KB) - keepalive_size = 256, -- maximum concurrent idle connections to the SafeLine WAF detection service, integer, default 256 - keepalive_timeout = 60000, -- idle connection timeout, in milliseconds, integer, default 60s (60000ms) - remote_addr = "http_x_forwarded_for: 1", -- remote address from ngx.var.VARIABLE, string, default from ngx.var.remote_addr - } - - local ok, err, _ = t1k.do_access(t, true) - if not ok then - ngx.log(ngx.ERR, err) - end - } - - header_filter_by_lua_block { +location / { + access_by_lua_block { + local t1k = require "resty.t1k" + + local t = { + mode = "block", -- block or monitor or off, default off + host = "unix:/workdir/snserver.sock", -- required, SafeLine WAF detection service host, unix domain socket, IP, or domain is supported, string + port = 8000, -- required when the host is an IP or domain, SafeLine WAF detection service port, integer + connect_timeout = 1000, -- connect timeout, in milliseconds, integer, default 1s (1000ms) + send_timeout = 1000, -- send timeout, in milliseconds, integer, default 1s (1000ms) + read_timeout = 1000, -- read timeout, in milliseconds, integer, default 1s (1000ms) + req_body_size = 1024, -- request body size, in KB, integer, default 1MB (1024KB) + keepalive_size = 256, -- maximum concurrent idle connections to the SafeLine WAF detection service, integer, default 256 + keepalive_timeout = 60000, -- idle connection timeout, in milliseconds, integer, default 60s (60000ms) + remote_addr = "http_x_forwarded_for: 1", -- remote address from ngx.var.VARIABLE, string, default from ngx.var.remote_addr + } + + local ok, err, _ = t1k.do_access(t, true) + if not ok then + ngx.log(ngx.ERR, err) + end + } + + header_filter_by_lua_block { local t1k = require "resty.t1k" t1k.do_header_filter() - } - } + } +} ``` + +## Lua Resty T1K vs. C T1K + +[C T1K](https://t1k.chaitin.com/), as part of SafeLine's enterprise edition, is a deployment mode crafted in C language for enhanced performance. +It is compatible with all versions of Nginx and does not require deployment via OpenResty (lua_nginx_module). + +| | Lua Resty T1K | C T1K | +|-----------------------|---------------|-------| +| Request Detection | ✅ | ✅ | +| Response Detection | ❌ | ✅ | +| Health Checks* | ❌ | ✅ | +| Cookie Protection | ❌ | ✅ | +| Bot Protection | ❌ | ✅ | +| Proxy-side Statistics | ❌ | ✅ | + +* APISIX implements health check functionality for the `chaitin-waf` plugin. For more information, please see the [chaitin-waf documentation](https://apisix.apache.org/docs/apisix/next/plugins/chaitin-waf/).