Parameters
See plugin common configurations for configuration options available to all plugins.
mode
string
default:
blockvaild vaule:
off,monitor, orblockMode to determine how the plugin behaves for matched requests.
In
offmode, WAF checks are skipped. Inmonitormode, requests with potential threats are logged but not blocked. Inblockmode, requests with threats are blocked as determined by the WAF service.match
array[object]
An array of matching rules. The plugin uses these rules to decide whether to perform a WAF check on a request. If the list is empty, all requests are processed.
vars
array[array]
An array of one or more matching conditions in the form of APISIX expressions to conditionally execute the plugin.
append_waf_resp_header
boolean
default:
trueIf true, add response headers
X-APISIX-CHAITIN-WAF,X-APISIX-CHAITIN-WAF-TIME,X-APISIX-CHAITIN-WAF-ACTION, andX-APISIX-CHAITIN-WAF-STATUS.append_waf_debug_header
boolean
default:
falseIf true, add debugging headers
X-APISIX-CHAITIN-WAF-ERRORandX-APISIX-CHAITIN-WAF-SERVERto the response. Effective only whenappend_waf_resp_headeristrue.config
object
Chaitin WAF service configurations. These settings override the corresponding metadata defaults when specified.
connect_timeout
integer
default:
1000The connection timeout to the WAF service, in milliseconds.
send_timeout
integer
default:
1000The sending timeout for transmitting data to the WAF service, in milliseconds.
read_timeout
integer
default:
1000The reading timeout for receiving data from the WAF service, in milliseconds.
req_body_size
integer
default:
1024The maximum allowed request body size, in KB.
keepalive_size
integer
default:
256The maximum number of idle connections to the WAF detection service that can be maintained concurrently.
keepalive_timeout
integer
default:
60000The idle connection timeout for the WAF service, in milliseconds.
real_client_ip
boolean
default:
trueIf true, the client IP is obtained from the
X-Forwarded-Forheader. If false, the plugin uses the client IP from the connection.
Plugin Metadata
nodes
array[object]
required
An array of addresses for the Chaitin WAF service.
host
string
required
Address of Chaitin WAF service. Supports IPv4, IPv6, Unix Socket, etc.
port
integer
default:
80Port of Chaitin WAF service.
mode
string
default:
blockMode to determine how the plugin behaves for matched requests.
In
offmode, WAF checks are skipped. Inmonitormode, requests with potential threats are logged but not blocked. Inblockmode, requests with threats are blocked as determined by the WAF service.config
object
Chaitin WAF service configurations.
connect_timeout
integer
default:
1000The connection timeout to the WAF service, in milliseconds.
send_timeout
integer
default:
1000The sending timeout for transmitting data to the WAF service, in milliseconds.
read_timeout
integer
default:
1000The reading timeout for receiving data from the WAF service, in milliseconds.
req_body_size
integer
default:
1024The maximum allowed request body size, in KB.
keepalive_size
integer
default:
256The maximum number of idle connections to the WAF detection service that can be maintained concurrently.
keepalive_timeout
integer
default:
60000The idle connection timeout for the WAF service, in milliseconds.
real_client_ip
boolean
default:
trueIf true, the client IP is obtained from the
X-Forwarded-Forheader. If false, the plugin uses the client IP from the connection.