🐛 Segmentation fault.

🚩 Change rule priority.

🔧 Update tests.

CHANGES-ZH-CN.md

@@ -5,16 +5,18 @@
 ### 新增
 
 * 新增了模式 `CACHE`，启用此模式后会缓存每次检查的结果，提高性能。
-* 新增了配置项 `waf_cache_size` 用于设置缓存检查结果的内存的大小。
+* 新增了配置项 `waf_cache` 用于设置缓存相关的参数。
 
 ### 移除
 
 ### 变动
 
-* 互换了 CC 保护和 IP 白名单检查的优先级。
+* 互换了 CC 防护和 IP 白名单检查的优先级。
 
 ### 修复
 
+* 修复了当 worker 进程数量大于一时的段错误。
+
 ***
 
 ## [4.0.0] - 2021-03-22 GMT+0800

CHANGES.md

@@ -5,7 +5,8 @@
 ### Added
 
 * A new mode `CACHE` has been added, enabling this mode will cache the results of each inspection to improve performance.
-* New configuration `waf_cache_size` has been added to set the size of the memory for caching inspection results.
+
+* New configuration `waf_cache` has been added to set parameters related to cache.
 
 ### Removed
 
@@ -15,6 +16,8 @@
 
 ### Fixed
 
+* Fixed a segmentation fault when the number of worker processes is greater than one.
+
 ***
 
 ## [4.0.0] - 2021-03-22 GMT+0800

docs/advance/changes.md

@@ -10,7 +10,8 @@ lang: en
 ### Added
 
 * A new mode `CACHE` has been added, enabling this mode will cache the results of each inspection to improve performance.
-* New configuration `waf_cache_size` has been added to set the size of the memory for caching inspection results.
+
+* New configuration `waf_cache` has been added to set parameters related to cache.
 
 ### Removed
 
@@ -20,6 +21,8 @@ lang: en
 
 ### Fixed
 
+* Fixed a segmentation fault when the number of worker processes is greater than one.
+
 ***
 
 ## [4.0.0] - 2021-03-22 GMT+0800

docs/advance/issue.md

@@ -6,4 +6,15 @@ lang: en
 # Known Issues
 
 Bugs that exist in the latest stable release are listed here, 
-bugs that have been fixed in the latest stable release are not listed here.
+bugs that have been fixed in the latest stable release are not listed here.
+
+## segmentation fault
+
+When the number of worker processes in nginx is greater than one, the module will throw a segmentation fault. 
+
+* Severity: Critical.
+* Affected versions of ngx_waf: v3.1.0 ~ v4.1.0-beta.1
+* Status: Fixed
+* Priority: Highest
+* Note: It has been fixed in the latest development version.
+

docs/advance/syntax.md

@@ -103,28 +103,23 @@ Set the parameters related to CC protection.
 
 ## `waf_cache_size`
 
-* syntax: `waf_cache_size <buffer_size> [interval] [percent];`
+* syntax: `waf_cache_size <capacity> [interval] [percent];`
 * default: ——
 * context: server
 
 Set parameters related to caching rule inspection results.
 
-* `buffer_size`: Set the size of the memory used to cache the inspection results. For example `10m`, `10240k`, must not be smaller than `10m`.
+* `capacity`: For some inspections with the caching mechanism enabled, the maximum number of inspection results for each inspection target is cached.
 * `interval`: Sets the period of the batch cache phase-out in minutes. If not specified, the default is `60`, which is 60 minutes.
 * `percent`: what percentage of the cache will be eliminated each time the cache is eliminated in bulk. You need to specify an integer greater than 0 and less than or equal to 100. A setting of 50 means that half of the cache is eliminated. If not specified, the default is `50`.
 
-::: tip NOTE
 
-It is recommended to set the size of the cache space according to the actual situation. If the memory space is not large enough, the cache will be deleted frequently, which will reduce the performance.
+::: tip Cache-enabled inspections
 
-You can check if the following line appears frequently by looking at the [debug log](log.md).
-If it appears almost every request, please increase the size of the cache space appropriately.
+Cache-enabled inspections refer to all inspections except CC protection, IP black and white list inspection, and POST inspection.
 
-```
-ngx_slab_alloc() failed: no memory
-```
+:::
 
-Translated with www.DeepL.com/Translator (free version)
 
 ::: warning WARNING
 

docs/guide/configuration.md

@@ -31,8 +31,10 @@ http {
 
         # The following directives are for the development version only.
 
-        # The size of the memory space used to cache the check results is set to 10 MB.
-        waf_cache_size 10m;
+        # Cache the results of up to as many inspection targets as possible, 
+        # effective for all inspections 
+        # except IP black and white list inspection, CC protection and POST inspection.
+        waf_cache 60;
         ...
     }
     ...

docs/guide/overview.md

@@ -7,6 +7,12 @@ lang: en
 
 A web application firewall module for nginx without complex configuration.
 
+::: danger CRITICAL BUG
+
+When the number of worker processes in nginx is greater than one, the current stable version of the module will throw a segment error. Please use the latest development version.
+
+:::
+
 ## Function
 
 * IPV4 and IPV6 support.

docs/zh-cn/advance/changes.md

@@ -10,16 +10,18 @@ lang: zh-CN
 ### 新增
 
 * 新增了模式 `CACHE`，启用此模式后会缓存每次检查的结果，提高性能。
-* 新增了配置项 `waf_cache_size` 用于设置缓存检查结果的内存的大小。
+* 新增了配置项 `waf_cache` 用于设置缓存相关的参数。
 
 ### 移除
 
 ### 变动
 
-* 互换了 CC 保护和 IP 白名单检查的优先级。
+* 互换了 CC 防护和 IP 白名单检查的优先级。
 
 ### 修复
 
+* 修复了当 worker 进程数量大于一时的段错误。
+
 ***
 
 ## [4.0.0] - 2021-03-22 GMT+0800

docs/zh-cn/advance/issue.md

@@ -5,4 +5,14 @@ lang: zh-CN
 
 # 已知问题
 
-这里只会列出存在于最新的稳定版的问题，已经在最新的稳定版中修复的问题不会列出。
+这里只会列出存在于最新的稳定版的问题，已经在最新的稳定版中修复的问题不会列出。
+
+## 段错误
+
+当 nginx 的 worker 进程数量大于一时，模块会出现段错误。
+
+* 严重性：致命性错误
+* 受影响的 ngx_waf 版本：v3.1.0 ~ v4.1.0-beta.1
+* 状态：已修复
+* 优先级：最高
+* 备注：已经在最新的开发版中修复。

docs/zh-cn/advance/syntax.md

@@ -102,26 +102,19 @@ waf_mode STD !UA;
 
 ## `waf_cache_size`
 
-* 配置语法: `waf_cache_size <buffer_size> [interval] [percent];`
+* 配置语法: `waf_cache_size <capacity> [interval] [percent];`
 * 默认配置：——
 * 配置段: server
 
 设置缓存规则检查结果相关的参数。
 
-* `buffer_size`：设置用于缓存检查结果的内存的大小。如 `10m`、`10240k`，不得小于 `10m`。
+* `capacity`：对于一些启用了缓存机制的检测项目，每个检测项目最多缓存多少个检测目标的检测结果。
 * `interval`：用于设置批量淘汰缓存的周期，单位为分钟。如不指定则默认为 `60`，即 60 分钟。
 * `percent`：每次批量淘汰缓存时淘汰掉多少比例的缓存。需要指定一个大于 0 小于等于 100 的整数。若设置为 50 则代表淘汰掉一半的缓存。如不指定则默认为 `50`。
 
-::: tip 注意
-
-建议根据实际情况设置缓存空间的大小。因为如果内存空间不够大会会频繁删除缓存，反而降低了性能。
-
-您可以通过观察[调试日志](log.md)，检查下面这一行日志是否经常出现。
-如果几乎每次请求都会出现请适当增加缓存空间的大小。
+::: tip 启用了缓存机制的检测项目
 
-```
-ngx_slab_alloc() failed: no memory
-```
+启用了缓存机制的检测项目指除了 CC 防护、IP 黑白名单检测和 POST 检测之外的所有的检测项。
 
 :::
 

docs/zh-cn/guide/configuration.md

@@ -33,8 +33,8 @@ http {
 
         # 下面的配置仅开发版可用。
 
-        # 用于缓存检查结果的内存空间的大小，设置为 10 MB。
-        waf_cache_size 10m;
+        # 最多缓存多少个检测目标的检测结果，对除了 IP 黑白名单检测、CC 防护和 POST 检测以外的所有检测生效。
+        waf_cache 50;
         ...
     }
     ...

docs/zh-cn/guide/overview.md

@@ -7,6 +7,12 @@ lang: zh-CN
 
 一个用于 nginx 的没有复杂配置的 Web 应用防火墙模块。
 
+::: danger 重大缺陷
+
+当 nginx 的 worker 进程数量大于一时，当前稳定版的模块会出现段错误。请使用最新的开发版。
+
+:::
+
 ## 功能
 
 * 支持 IPV4 和 IPV6。