feat: 修改 nginx WAF

apps/nginx/versions/1.21.4/www/common/waf/.gitignore

@@ -0,0 +1,9 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+.idea
+
+

apps/nginx/versions/1.21.4/www/common/waf/LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

apps/nginx/versions/1.21.4/www/common/waf/README.md

@@ -0,0 +1,2 @@
+# waf
+waf 是一个基于 lua-nginx-module(openresty) 的 web 应用防火墙

apps/nginx/versions/1.21.4/www/common/waf/access.lua

@@ -56,21 +56,33 @@ local function log(method,url,data,ruletag)
     end
 end
 ------------------------------------规则读取函数-------------------------------------------------------------------
-local function read_rule(var)
+--local function read_rule(var)
-	file = io.open(rulepath..'/'..var,"r")
+--    file = io.open(rulepath..'/'..var,"r")
-	if file==nil then
+--    if file==nil then
-		return
+--        return
-	end
+--    end
-	t = {}
+--    t = {}
-	for line in file:lines() do
+--    for line in file:lines() do
-		table.insert(t,line)
+--        table.insert(t,line)
-	end
+--    end
-	file:close()
+--    file:close()
-	return(t)
+--    return(t)
-end
+--end
+
+--local function read_json(var)
+--    file = io.open(rulepath..'/'..var,"r")
+--    if file==nil then
+--        return
+--    end
+--    str = file:read("*a")
+--    file:close()
+--    list = cjson.decode(str)
+--    return list
+--end
+
 
 local function read_json(var)
-    file = io.open(rulepath..'/'..var,"r")
+    file = io.open(rulepath..'/'..var .. '.json',"r")
     if file==nil then
         return
     end
@@ -80,6 +92,19 @@ local function read_json(var)
     return list
 end
 
+
+local function select_rules(rules)
+    if not rules then return {} end
+    new_rules = {}
+    for i,v in ipairs(rules) do
+        if v[1] == 1 then
+            print("111")
+            table.insert(new_rules,v[2])
+        end
+    end
+    return new_rules
+end
+
 local function read_str(var)
     file = io.open(rulepath..'/'..var,"r")
     if file==nil then
@@ -90,20 +115,19 @@ local function read_str(var)
     return str
 end
 
+local argsCheckList=select_rules(read_json('args_check'))
+local postCheckList=select_rules(read_json('post_check'))
+local cookieBlockList=select_rules(read_json('cookie_block'))
+local uarules=select_rules(read_json('user_agent'))
 
+local urlWhiteList=read_json('url_white')
+local urlBlockList=read_json('url_block')
+local ipWhiteList=read_json('ip_white')
+local ipBlockList=read_json('ip_block')
+local fileExtBlockList = read_json('file_ext_block')
 
-local urlWhiteList=read_rule('urlWhiteList')
+local ccRate=read_str('cc.json')
-local urlBlockList=read_rule('urlBlockList')
-local argsCheckList=read_rule('argsCheckList')
-local postCheckList=read_rule('postCheckList')
-local cookieBlockList=read_rule('cookieBlockList')
-local ipWhiteList=read_json('ipWhiteList')
-local ipBlockList=read_json('ipBlockList')
-local ccRate=read_str('ccRate')
-local fileExtBlockList = read_json('fileExtBlockList')
-
 local html=read_str('html')
-local uarules=read_rule('user-agent')
 
 local function say_html()
     if Redirect then

apps/nginx/versions/1.21.4/www/common/waf/rules/argsCheckList

@@ -1,22 +0,0 @@
-\.\./
-\:\$
-\$\{
-select.+(from|limit)
-(?:(union(.*?)select))
-having|rongjitest
-sleep\((\s*)(\d*)(\s*)\)
-benchmark\((.*)\,(.*)\)
-base64_decode\(
-(?:from\W+information_schema\W)
-(?:(?:current_)user|database|schema|connection_id)\s*\(
-(?:etc\/\W*passwd)
-into(\s+)+(?:dump|out)file\s*
-group\s+by.+\(
-xwork.MethodAccessor
-(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
-xwork\.MethodAccessor
-(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
-java\.lang
-\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
-\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
-(onmouseover|onerror|onload)\=

apps/nginx/versions/1.21.4/www/common/waf/rules/args_check.json

@@ -0,0 +1,26 @@
+[
+  ["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1 ],
+  ["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1 ],
+  ["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1 ],
+  ["base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 1],
+  ["(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 1 ],
+  ["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 1],
+  ["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1 ],
+  ["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1 ],
+  ["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
+  ["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
+  ["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1 ],
+  ["\\<(iframe|script|body|img|layer|div|meta|style|base|object)", "XSS\u8fc7\u6ee41", 1],
+  ["(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 1 ],
+  ["^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 1],
+  ["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
+  ["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
+  ["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
+  ["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
+  ["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
+  ["(?:from.+?information_schema.+?)", "", 1],
+  ["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
+  ["'$", "test", 1],
+  ["\\${jndi:", "log4j2\u62e6\u622a", 1 ],
+  ["terrewrewrwr", "", 1]
+]

apps/nginx/versions/1.21.4/www/common/waf/rules/cookieBlockList

@@ -1,20 +0,0 @@
-\.\./
-\:\$
-\$\{
-select.+(from|limit)
-(?:(union(.*?)select))
-having|rongjitest
-sleep\((\s*)(\d*)(\s*)\)
-benchmark\((.*)\,(.*)\)
-base64_decode\(
-(?:from\W+information_schema\W)
-(?:(?:current_)user|database|schema|connection_id)\s*\(
-(?:etc\/\W*passwd)
-into(\s+)+(?:dump|out)file\s*
-group\s+by.+\(
-xwork.MethodAccessor
-(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
-xwork\.MethodAccessor
-(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
-java\.lang
-\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[

apps/nginx/versions/1.21.4/www/common/waf/rules/cookie_block.json

@@ -0,0 +1,12 @@
+[
+  ["base64_decode\\(","一句话木马过滤3",1],
+  ["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[","一句话木马过滤5",1],
+  ["select.+(from|limit)","SQL注入过滤2",1],
+  ["(?:(union(.*?)select))","SQL注入过滤3",1],
+  ["sleep\\((\\s*)(\\d*)(\\s*)\\)","SQL注入过滤5",1],
+  ["benchmark\\((.*)\\,(.*)\\)","SQL注入过滤6",1],
+  ["(?:from\\W+information_schema\\W)","SQL注入过滤7",1],
+  ["(?:(?:current_)user|database|schema|connection_id)\\s*\\(","SQL注入过滤8",1],
+  ["into(\\s+)+(?:dump|out)file\\s*","SQL注入过滤9",1],
+  ["group\\s+by.+\\(","SQL注入过滤10",1]
+]

apps/nginx/versions/1.21.4/www/common/waf/rules/ip_white.json

@@ -0,0 +1 @@
+["1.1.1.1"]

apps/nginx/versions/1.21.4/www/common/waf/rules/postCheckList

@@ -1,19 +0,0 @@
-select.+(from|limit)
-(?:(union(.*?)select))
-having|rongjitest
-sleep\((\s*)(\d*)(\s*)\)
-benchmark\((.*)\,(.*)\)
-base64_decode\(
-(?:from\W+information_schema\W)
-(?:(?:current_)user|database|schema|connection_id)\s*\(
-(?:etc\/\W*passwd)
-into(\s+)+(?:dump|out)file\s*
-group\s+by.+\(
-xwork.MethodAccessor
-(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
-xwork\.MethodAccessor
-(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
-java\.lang
-\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
-\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
-(onmouseover|onerror|onload)\=

apps/nginx/versions/1.21.4/www/common/waf/rules/post_check.json

@@ -0,0 +1,22 @@
+[
+  ["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1],
+  ["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1],
+  ["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1],
+  ["base64_decode\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee41", 1],
+  ["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
+  ["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
+  ["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42",1],
+  ["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43",1],
+  ["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
+  ["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
+  ["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48",1],
+  ["(extractvalue\\(|concat\\(|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
+  ["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\(|right\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
+  ["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
+  ["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
+  ["(EXISTS\\(|SELECT\\#|\\(SELECT|select\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
+  ["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
+  ["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
+  ["(?:from.+?information_schema.+?)", "", 1],
+  ["\\${jndi:", "log4j2\u62e6\u622a", 1]
+]

apps/nginx/versions/1.21.4/www/common/waf/rules/urlBlockList

@@ -1,6 +0,0 @@
-\.(svn|htaccess|bash_history)
-\.(bak|inc|old|mdb|sql|backup|java|class)$
-(vhost|bbs|host|wwwroot|www|site|root|hytop|flashfxp).*\.rar
-(phpmyadmin|jmx-console|jmxinvokerservlet)
-java\.lang
-/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\w+).(php|jsp)

apps/nginx/versions/1.21.4/www/common/waf/rules/urlWhiteList

@@ -1 +0,0 @@
-^/123/$

apps/nginx/versions/1.21.4/www/common/waf/rules/url_white.json

@@ -0,0 +1 @@
+[]

apps/nginx/versions/1.21.4/www/common/waf/rules/user-agent

@@ -1 +0,0 @@
-(HTTrack|harvest|audit|dirbuster|pangolin|nmap|sqln|-scan|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|PycURL|zmeu|BabyKrokodil|netsparker|httperf|bench| SF/)

apps/nginx/versions/1.21.4/www/common/waf/rules/user_agent.json

@@ -0,0 +1,17 @@
+[
+  ["(WPScan|HTTrack|antSword|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/)", "\u5173\u952e\u8bcd\u8fc7\u6ee41", 1],
+  ["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
+  ["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
+  ["select\\s+.+(from|limit)\\s+", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1],
+  ["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1],
+  ["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
+  ["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
+  ["(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1],
+  ["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
+  ["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
+  ["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
+  ["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\))", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
+  ["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
+  ["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
+  ["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1]
+]

apps/nginx/versions/1.21.4/www/common/waf/test.lua

@@ -0,0 +1,35 @@
+local cjson = require "cjson"
+local rulepath = "rules"
+
+local function read_json(var)
+    file = io.open(rulepath..'/'..var .. '.json',"r")
+    if file==nil then
+        return
+    end
+    str = file:read("*a")
+    file:close()
+    list = cjson.decode(str)
+    return list
+end
+
+
+local function select_rules(rules)
+    if not rules then return {} end
+    new_rules = {}
+    for i,v in ipairs(rules) do
+        if v[1] == 1 then
+            print("111")
+            table.insert(new_rules,v[2])
+        end
+    end
+    return new_rules
+end
+
+
+
+local rules = select_rules(read_json('user_agent'))
+
+for _,v in ipairs(rules) do
+    print(v)
+end
+

apps/redis/versions/6.0.16/conf/redis.conf

@@ -1,12 +1,3 @@
-# Redis configuration rewrite by 1Panel
-timeout 0
-# maxclients 10000
-# maxmemory <bytes>
-save 3600 1 300 100 60 10000
-appendonly no
-appendfsync everysec
-# End Redis configuration rewrite by 1Panel
-
 # Redis configuration file example.
 #
 # Note that in order to read the configuration file, Redis must be
@@ -41,17 +32,8 @@ appendfsync everysec
 # If instead you are interested in using includes to override configuration
 # options, it is better to use include as the last line.
 #
-# Included paths may contain wildcards. All files matching the wildcards will
-# be included in alphabetical order.
-# Note that if an include path contains a wildcards but no files match it when
-# the server is started, the include statement will be ignored and no error will
-# be emitted.  It is safe, therefore, to include wildcard files from empty
-# directories.
-#
 # include /path/to/local.conf
 # include /path/to/other.conf
-# include /path/to/fragments/*.conf
-#
 
 ################################## MODULES #####################################
 
@@ -67,80 +49,42 @@ appendfsync everysec
 # for connections from all available network interfaces on the host machine.
 # It is possible to listen to just one or multiple selected interfaces using
 # the "bind" configuration directive, followed by one or more IP addresses.
-# Each address can be prefixed by "-", which means that redis will not fail to
-# start if the address is not available. Being not available only refers to
-# addresses that does not correspond to any network interface. Addresses that
-# are already in use will always fail, and unsupported protocols will always BE
-# silently skipped.
 #
 # Examples:
 #
-# bind 192.168.1.100 10.0.0.1     # listens on two specific IPv4 addresses
+# bind 192.168.1.100 10.0.0.1
-# bind 127.0.0.1 ::1              # listens on loopback IPv4 and IPv6
+# bind 127.0.0.1 ::1
-# bind * -::*                     # like the default, all available interfaces
 #
 # ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
 # internet, binding to all the interfaces is dangerous and will expose the
 # instance to everybody on the internet. So by default we uncomment the
 # following bind directive, that will force Redis to listen only on the
-# IPv4 and IPv6 (if available) loopback interface addresses (this means Redis
+# IPv4 loopback interface address (this means Redis will only be able to
-# will only be able to accept client connections from the same host that it is
+# accept client connections from the same host that it is running on).
-# running on).
 #
 # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
-# COMMENT OUT THE FOLLOWING LINE.
+# JUST COMMENT OUT THE FOLLOWING LINE.
-#
-# You will also need to set a password unless you explicitly disable protected
-# mode.
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-# bind 127.0.0.1 -::1
+bind 0.0.0.0
-
-# By default, outgoing connections (from replica to master, from Sentinel to
-# instances, cluster bus, etc.) are not bound to a specific local address. In
-# most cases, this means the operating system will handle that based on routing
-# and the interface through which the connection goes out.
-#
-# Using bind-source-addr it is possible to configure a specific address to bind
-# to, which may also affect how the connection gets routed.
-#
-# Example:
-#
-# bind-source-addr 10.0.0.1
 
 # Protected mode is a layer of security protection, in order to avoid that
 # Redis instances left open on the internet are accessed and exploited.
 #
-# When protected mode is on and the default user has no password, the server
+# When protected mode is on and if:
-# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
+#
-# (::1) or Unix domain sockets.
+# 1) The server is not binding explicitly to a set of addresses using the
+#    "bind" directive.
+# 2) No password is configured.
+#
+# The server only accepts connections from clients connecting from the
+# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
+# sockets.
 #
 # By default protected mode is enabled. You should disable it only if
 # you are sure you want clients from other hosts to connect to Redis
-# even if no authentication is configured.
+# even if no authentication is configured, nor a specific set of interfaces
-protected-mode no
+# are explicitly listed using the "bind" directive.
-
+protected-mode yes
-# Redis uses default hardened security configuration directives to reduce the
-# attack surface on innocent users. Therefore, several sensitive configuration
-# directives are immutable, and some potentially-dangerous commands are blocked.
-#
-# Configuration directives that control files that Redis writes to (e.g., 'dir'
-# and 'dbfilename') and that aren't usually modified during runtime
-# are protected by making them immutable.
-#
-# Commands that can increase the attack surface of Redis and that aren't usually
-# called by users are blocked by default.
-#
-# These can be exposed to either all connections or just local ones by setting
-# each of the configs listed below to either of these values:
-#
-# no    - Block for any connection (remain immutable)
-# yes   - Allow for any connection (no protection)
-# local - Allow only for local connections. Ones originating from the
-#         IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets.
-#
-# enable-protected-configs no
-# enable-debug-command no
-# enable-module-command no
 
 # Accept connections on the specified port, default is 6379 (IANA #815344).
 # If port 0 is specified Redis will not listen on a TCP socket.
@@ -161,11 +105,11 @@ tcp-backlog 511
 # incoming connections. There is no default, so Redis will not listen
 # on a unix socket when not specified.
 #
-# unixsocket /run/redis.sock
+# unixsocket /tmp/redis.sock
 # unixsocketperm 700
 
 # Close the connection after a client is idle for N seconds (0 to disable)
-# timeout 0
+timeout 0
 
 # TCP keepalive.
 #
@@ -184,16 +128,6 @@ tcp-backlog 511
 # Redis default starting with Redis 3.2.1.
 tcp-keepalive 300
 
-# Apply OS-specific mechanism to mark the listening socket with the specified
-# ID, to support advanced routing and filtering capabilities.
-#
-# On Linux, the ID represents a connection mark.
-# On FreeBSD, the ID represents a socket cookie ID.
-# On OpenBSD, the ID represents a route table ID.
-#
-# The default value is 0, which implies no marking is required.
-# socket-mark-id 0
-
 ################################# TLS/SSL #####################################
 
 # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
@@ -209,32 +143,8 @@ tcp-keepalive 300
 #
 # tls-cert-file redis.crt
 # tls-key-file redis.key
-#
-# If the key file is encrypted using a passphrase, it can be included here
-# as well.
-#
-# tls-key-file-pass secret
 
-# Normally Redis uses the same certificate for both server functions (accepting
+# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
-# connections) and client functions (replicating from a master, establishing
-# cluster bus connections, etc.).
-#
-# Sometimes certificates are issued with attributes that designate them as
-# client-only or server-only certificates. In that case it may be desired to use
-# different certificates for incoming (server) and outgoing (client)
-# connections. To do that, use the following directives:
-#
-# tls-client-cert-file client.crt
-# tls-client-key-file client.key
-#
-# If the key file is encrypted using a passphrase, it can be included here
-# as well.
-#
-# tls-client-key-file-pass secret
-
-# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange,
-# required by older versions of OpenSSL (<3.0). Newer versions do not require
-# this configuration and recommend against it.
 #
 # tls-dh-params-file redis.dh
 
@@ -267,12 +177,9 @@ tcp-keepalive 300
 #
 # tls-cluster yes
 
-# By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended
+# Explicitly specify TLS versions to support. Allowed values are case insensitive
-# that older formally deprecated versions are kept disabled to reduce the attack surface.
+# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
-# You can explicitly specify TLS versions to support.
+# any combination. To enable only TLSv1.2 and TLSv1.3, use:
-# Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2",
-# "TLSv1.3" (OpenSSL >= 1.1.1) or any combination.
-# To enable only TLSv1.2 and TLSv1.3, use:
 #
 # tls-protocols "TLSv1.2 TLSv1.3"
 
@@ -314,7 +221,6 @@ tcp-keepalive 300
 
 # By default Redis does not run as a daemon. Use 'yes' if you need it.
 # Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
-# When Redis is supervised by upstart or systemd, this parameter has no impact.
 daemonize no
 
 # If you run Redis from upstart or systemd, Redis can interact with your
@@ -323,17 +229,11 @@ daemonize no
 #   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
 #                        requires "expect stop" in your upstart job config
 #   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
-#                        on startup, and updating Redis status on a regular
-#                        basis.
 #   supervised auto    - detect upstart or systemd method based on
 #                        UPSTART_JOB or NOTIFY_SOCKET environment variables
 # Note: these supervision methods only signal "process is ready."
 #       They do not enable continuous pings back to your supervisor.
-#
+supervised no
-# The default is "no". To run under upstart/systemd, you can simply uncomment
-# the line below:
-#
-# supervised auto
 
 # If a pid file is specified, Redis writes it where specified at startup
 # and removes it at exit.
@@ -344,10 +244,7 @@ daemonize no
 #
 # Creating a pid file is best effort: if Redis is not able to create it
 # nothing bad happens, the server will start and run normally.
-#
+pidfile /var/run/redis_6379.pid
-# Note that on modern Linux systems "/run/redis.pid" is more conforming
-# and should be used instead.
-pidfile "/var/run/redis_6379.pid"
 
 # Specify the server verbosity level.
 # This can be one of:
@@ -372,74 +269,44 @@ logfile ""
 # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
 # syslog-facility local0
 
-# To disable the built in crash log, which will possibly produce cleaner core
-# dumps when they are needed, uncomment the following:
-#
-# crash-log-enabled no
-
-# To disable the fast memory check that's run as part of the crash log, which
-# will possibly let redis terminate sooner, uncomment the following:
-#
-# crash-memcheck-enabled no
-
 # Set the number of databases. The default database is DB 0, you can select
 # a different one on a per-connection basis using SELECT <dbid> where
 # dbid is a number between 0 and 'databases'-1
 databases 16
 
 # By default Redis shows an ASCII art logo only when started to log to the
-# standard output and if the standard output is a TTY and syslog logging is
+# standard output and if the standard output is a TTY. Basically this means
-# disabled. Basically this means that normally a logo is displayed only in
+# that normally a logo is displayed only in interactive sessions.
-# interactive sessions.
 #
 # However it is possible to force the pre-4.0 behavior and always show a
 # ASCII art logo in startup logs by setting the following option to yes.
-always-show-logo no
+always-show-logo yes
-
-# By default, Redis modifies the process title (as seen in 'top' and 'ps') to
-# provide some runtime information. It is possible to disable this and leave
-# the process name as executed by setting the following to no.
-set-proc-title yes
-
-# When changing the process title, Redis uses the following template to construct
-# the modified title.
-#
-# Template variables are specified in curly brackets. The following variables are
-# supported:
-#
-# {title}           Name of process as executed if parent, or type of child process.
-# {listen-addr}     Bind address or '*' followed by TCP or TLS port listening on, or
-#                   Unix socket if only that's available.
-# {server-mode}     Special mode, i.e. "[sentinel]" or "[cluster]".
-# {port}            TCP port listening on, or 0.
-# {tls-port}        TLS port listening on, or 0.
-# {unixsocket}      Unix domain socket listening on, or "".
-# {config-file}     Name of configuration file used.
-#
-proc-title-template "{title} {listen-addr} {server-mode}"
 
 ################################ SNAPSHOTTING  ################################
-
-# Save the DB to disk.
 #
-# save <seconds> <changes> [<seconds> <changes> ...]
+# Save the DB on disk:
 #
-# Redis will save the DB if the given number of seconds elapsed and it
+#   save <seconds> <changes>
-# surpassed the given number of write operations against the DB.
 #
-# Snapshotting can be completely disabled with a single empty string argument
+#   Will save the DB if both the given number of seconds and the given
-# as in following example:
+#   number of write operations against the DB occurred.
+#
+#   In the example below the behavior will be to save:
+#   after 900 sec (15 min) if at least 1 key changed
+#   after 300 sec (5 min) if at least 10 keys changed
+#   after 60 sec if at least 10000 keys changed
+#
+#   Note: you can disable saving completely by commenting out all "save" lines.
+#
+#   It is also possible to remove all the previously configured save
+#   points by adding a save directive with a single empty string argument
+#   like in the following example:
 #
 #   save ""
-#
+
-# Unless specified otherwise, by default Redis will save the DB:
+save 900 1
-#   * After 3600 seconds (an hour) if at least 1 change was performed
+save 300 10
-#   * After 300 seconds (5 minutes) if at least 100 changes were performed
+save 60 10000
-#   * After 60 seconds if at least 10000 changes were performed
-#
-# You can set these explicitly by uncommenting the following line.
-#
-# save 3600 1 300 100 60 10000
 
 # By default Redis will stop accepting writes if RDB snapshots are enabled
 # (at least one save point) and the latest background save failed.
@@ -471,23 +338,8 @@ rdbcompression yes
 # tell the loading code to skip the check.
 rdbchecksum yes
 
-# Enables or disables full sanitization checks for ziplist and listpack etc when
-# loading an RDB or RESTORE payload. This reduces the chances of a assertion or
-# crash later on while processing commands.
-# Options:
-#   no         - Never perform full sanitization
-#   yes        - Always perform full sanitization
-#   clients    - Perform full sanitization only for user connections.
-#                Excludes: RDB files, RESTORE commands received from the master
-#                connection, and client connections which have the
-#                skip-sanitize-payload ACL flag.
-# The default should be 'clients' but since it currently affects cluster
-# resharding via MIGRATE, it is temporarily set to 'no' by default.
-#
-# sanitize-dump-payload no
-
 # The filename where to dump the DB
-dbfilename "dump.rdb"
+dbfilename dump.rdb
 
 # Remove RDB files used by replication in instances without persistence
 # enabled. By default this option is disabled, however there are environments
@@ -510,7 +362,7 @@ rdb-del-sync-files no
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir "/data"
+dir ./
 
 ################################# REPLICATION #################################
 
@@ -560,10 +412,9 @@ dir "/data"
 #    still reply to client requests, possibly with out of date data, or the
 #    data set may just be empty if this is the first synchronization.
 #
-# 2) If replica-serve-stale-data is set to 'no' the replica will reply with error
+# 2) If replica-serve-stale-data is set to 'no' the replica will reply with
-#    "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'"
+#    an error "SYNC with master in progress" to all commands except:
-#    to all data access commands, excluding commands such as:
+#    INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
-#    INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
 #    UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
 #    HOST and LATENCY.
 #
@@ -612,7 +463,7 @@ replica-read-only yes
 #
 # With slow disks and fast (large bandwidth) networks, diskless replication
 # works better.
-repl-diskless-sync yes
+repl-diskless-sync no
 
 # When diskless replication is enabled, it is possible to configure the delay
 # the server waits in order to spawn the child that transfers the RDB via socket
@@ -626,18 +477,12 @@ repl-diskless-sync yes
 # it entirely just set it to 0 seconds and the transfer will start ASAP.
 repl-diskless-sync-delay 5
 
-# When diskless replication is enabled with a delay, it is possible to let
-# the replication start before the maximum delay is reached if the maximum
-# number of replicas expected have connected. Default of 0 means that the
-# maximum is not defined and Redis will wait the full delay.
-repl-diskless-sync-max-replicas 0
-
 # -----------------------------------------------------------------------------
 # WARNING: RDB diskless load is experimental. Since in this setup the replica
 # does not immediately store an RDB on disk, it may cause data loss during
 # failovers. RDB diskless load + Redis modules not handling I/O reads may also
 # cause Redis to abort in case of I/O errors during the initial synchronization
-# stage with the master. Use only if you know what you are doing.
+# stage with the master. Use only if your do what you are doing.
 # -----------------------------------------------------------------------------
 #
 # Replica can load the RDB it reads from the replication link directly from the
@@ -646,23 +491,19 @@ repl-diskless-sync-max-replicas 0
 #
 # In many cases the disk is slower than the network, and storing and loading
 # the RDB file may increase replication time (and even increase the master's
-# Copy on Write memory and replica buffers).
+# Copy on Write memory and salve buffers).
 # However, parsing the RDB file directly from the socket may mean that we have
 # to flush the contents of the current database before the full rdb was
 # received. For this reason we have the following options:
 #
 # "disabled"    - Don't use diskless load (store the rdb file to the disk first)
 # "on-empty-db" - Use diskless load only when it is completely safe.
-# "swapdb"      - Keep current db contents in RAM while parsing the data directly
+# "swapdb"      - Keep a copy of the current db contents in RAM while parsing
-#                 from the socket. Replicas in this mode can keep serving current
+#                 the data directly from the socket. note that this requires
-#                 data set while replication is in progress, except for cases where
+#                 sufficient memory, if you don't have it, you risk an OOM kill.
-#                 they can't recognize master as having a data set from same
-#                 replication history.
-#                 Note that this requires sufficient memory, if you don't have it,
-#                 you risk an OOM kill.
 repl-diskless-load disabled
 
-# Master send PINGs to its replicas in a predefined interval. It's possible to
+# Replicas send PINGs to server in a predefined interval. It's possible to
 # change this interval with the repl_ping_replica_period option. The default
 # value is 10 seconds.
 #
@@ -737,43 +578,6 @@ repl-disable-tcp-nodelay no
 # By default the priority is 100.
 replica-priority 100
 
-# The propagation error behavior controls how Redis will behave when it is
-# unable to handle a command being processed in the replication stream from a master
-# or processed while reading from an AOF file. Errors that occur during propagation
-# are unexpected, and can cause data inconsistency. However, there are edge cases
-# in earlier versions of Redis where it was possible for the server to replicate or persist
-# commands that would fail on future versions. For this reason the default behavior
-# is to ignore such errors and continue processing commands.
-#
-# If an application wants to ensure there is no data divergence, this configuration
-# should be set to 'panic' instead. The value can also be set to 'panic-on-replicas'
-# to only panic when a replica encounters an error on the replication stream. One of
-# these two panic values will become the default value in the future once there are
-# sufficient safety mechanisms in place to prevent false positive crashes.
-#
-# propagation-error-behavior ignore
-
-# Replica ignore disk write errors controls the behavior of a replica when it is
-# unable to persist a write command received from its master to disk. By default,
-# this configuration is set to 'no' and will crash the replica in this condition.
-# It is not recommended to change this default, however in order to be compatible
-# with older versions of Redis this config can be toggled to 'yes' which will just
-# log a warning and execute the write command it got from the master.
-#
-# replica-ignore-disk-write-errors no
-
-# -----------------------------------------------------------------------------
-# By default, Redis Sentinel includes all replicas in its reports. A replica
-# can be excluded from Redis Sentinel's announcements. An unannounced replica
-# will be ignored by the 'sentinel replicas <master>' command and won't be
-# exposed to Redis Sentinel's clients.
-#
-# This option does not change the behavior of replica-priority. Even with
-# replica-announced set to 'no', the replica can be promoted to master. To
-# prevent this behavior, set replica-priority to 0.
-#
-# replica-announced yes
-
 # It is possible for a master to stop accepting writes if there are less than
 # N replicas connected, having a lag less or equal than M seconds.
 #
@@ -829,7 +633,7 @@ replica-priority 100
 
 # Redis implements server assisted support for client side caching of values.
 # This is implemented using an invalidation table that remembers, using
-# a radix key indexed by key name, what clients have which keys. In turn
+# 16 millions of slots, what clients may have certain subsets of keys. In turn
 # this is used in order to send invalidation messages to clients. Please
 # check this page to understand more about the feature:
 #
@@ -893,12 +697,8 @@ replica-priority 100
 #  off          Disable the user: it's no longer possible to authenticate
 #               with this user, however the already authenticated connections
 #               will still work.
-#  skip-sanitize-payload    RESTORE dump-payload sanitization is skipped.
+#  +<command>   Allow the execution of that command
-#  sanitize-payload         RESTORE dump-payload is sanitized (default).
+#  -<command>   Disallow the execution of that command
-#  +<command>   Allow the execution of that command.
-#               May be used with `|` for allowing subcommands (e.g "+config|get")
-#  -<command>   Disallow the execution of that command.
-#               May be used with `|` for blocking subcommands (e.g "-config|set")
 #  +@<category> Allow the execution of all the commands in such category
 #               with valid categories are like @admin, @set, @sortedset, ...
 #               and so forth, see the full list in the server.c file where
@@ -906,11 +706,10 @@ replica-priority 100
 #               The special category @all means all the commands, but currently
 #               present in the server, and that will be loaded in the future
 #               via modules.
-#  +<command>|first-arg  Allow a specific first argument of an otherwise
+#  +<command>|subcommand    Allow a specific subcommand of an otherwise
-#                        disabled command. It is only supported on commands with
+#                           disabled command. Note that this form is not
-#                        no sub-commands, and is not allowed as negative form
+#                           allowed as negative like -DEBUG|SEGFAULT, but
-#                        like -SELECT|1, only additive starting with "+". This
+#                           only additive starting with "+".
-#                        feature is deprecated and may be removed in the future.
 #  allcommands  Alias for +@all. Note that it implies the ability to execute
 #               all the future commands loaded via the modules system.
 #  nocommands   Alias for -@all.
@@ -918,17 +717,8 @@ replica-priority 100
 #               commands. For instance ~* allows all the keys. The pattern
 #               is a glob-style pattern like the one of KEYS.
 #               It is possible to specify multiple patterns.
-# %R~<pattern>  Add key read pattern that specifies which keys can be read
-#               from.
-# %W~<pattern>  Add key write pattern that specifies which keys can be
-#               written to.
 #  allkeys      Alias for ~*
 #  resetkeys    Flush the list of allowed keys patterns.
-#  &<pattern>   Add a glob-style pattern of Pub/Sub channels that can be
-#               accessed by the user. It is possible to specify multiple channel
-#               patterns.
-#  allchannels  Alias for &*
-#  resetchannels            Flush the list of allowed channel patterns.
 #  ><password>  Add this password to the list of valid password for the user.
 #               For example >mypass will add "mypass" to the list.
 #               This directive clears the "nopass" flag (see later).
@@ -947,14 +737,6 @@ replica-priority 100
 #  reset        Performs the following actions: resetpass, resetkeys, off,
 #               -@all. The user returns to the same state it has immediately
 #               after its creation.
-# (<options>)   Create a new selector with the options specified within the
-#               parentheses and attach it to the user. Each option should be
-#               space separated. The first character must be ( and the last
-#               character must be ).
-# clearselectors            Remove all of the currently attached selectors.
-#                           Note this does not change the "root" user permissions,
-#                           which are the permissions directly applied onto the
-#                           user (outside the parentheses).
 #
 # ACL rules can be specified in any order: for instance you can start with
 # passwords, then flags, or key patterns. However note that the additive
@@ -976,40 +758,6 @@ replica-priority 100
 #
 # Basically ACL rules are processed left-to-right.
 #
-# The following is a list of command categories and their meanings:
-# * keyspace - Writing or reading from keys, databases, or their metadata
-#     in a type agnostic way. Includes DEL, RESTORE, DUMP, RENAME, EXISTS, DBSIZE,
-#     KEYS, EXPIRE, TTL, FLUSHALL, etc. Commands that may modify the keyspace,
-#     key or metadata will also have `write` category. Commands that only read
-#     the keyspace, key or metadata will have the `read` category.
-# * read - Reading from keys (values or metadata). Note that commands that don't
-#     interact with keys, will not have either `read` or `write`.
-# * write - Writing to keys (values or metadata)
-# * admin - Administrative commands. Normal applications will never need to use
-#     these. Includes REPLICAOF, CONFIG, DEBUG, SAVE, MONITOR, ACL, SHUTDOWN, etc.
-# * dangerous - Potentially dangerous (each should be considered with care for
-#     various reasons). This includes FLUSHALL, MIGRATE, RESTORE, SORT, KEYS,
-#     CLIENT, DEBUG, INFO, CONFIG, SAVE, REPLICAOF, etc.
-# * connection - Commands affecting the connection or other connections.
-#     This includes AUTH, SELECT, COMMAND, CLIENT, ECHO, PING, etc.
-# * blocking - Potentially blocking the connection until released by another
-#     command.
-# * fast - Fast O(1) commands. May loop on the number of arguments, but not the
-#     number of elements in the key.
-# * slow - All commands that are not Fast.
-# * pubsub - PUBLISH / SUBSCRIBE related
-# * transaction - WATCH / MULTI / EXEC related commands.
-# * scripting - Scripting related.
-# * set - Data type: sets related.
-# * sortedset - Data type: zsets related.
-# * list - Data type: lists related.
-# * hash - Data type: hashes related.
-# * string - Data type: strings related.
-# * bitmap - Data type: bitmaps related.
-# * hyperloglog - Data type: hyperloglog related.
-# * geo - Data type: geo related.
-# * stream - Data type: streams related.
-#
 # For more information about ACL configuration please refer to
 # the Redis web site at https://redis.io/topics/acl
 
@@ -1039,24 +787,8 @@ acllog-max-len 128
 # AUTH <password> as usually, or more explicitly with AUTH default <password>
 # if they follow the new protocol: both will work.
 #
-# The requirepass is not compatible with aclfile option and the ACL LOAD
-# command, these will cause requirepass to be ignored.
-#
 # requirepass foobared
 
-# New users are initialized with restrictive permissions by default, via the
-# equivalent of this ACL rule 'off resetkeys -@all'. Starting with Redis 6.2, it
-# is possible to manage access to Pub/Sub channels with ACL rules as well. The
-# default Pub/Sub channels permission if new users is controlled by the
-# acl-pubsub-default configuration directive, which accepts one of these values:
-#
-# allchannels: grants access to all Pub/Sub channels
-# resetchannels: revokes access to all Pub/Sub channels
-#
-# From Redis 7.0, acl-pubsub-default defaults to 'resetchannels' permission.
-#
-# acl-pubsub-default resetchannels
-
 # Command renaming (DEPRECATED).
 #
 # ------------------------------------------------------------------------
@@ -1145,12 +877,14 @@ acllog-max-len 128
 # Both LRU, LFU and volatile-ttl are implemented using approximated
 # randomized algorithms.
 #
-# Note: with any of the above policies, when there are no suitable keys for
+# Note: with any of the above policies, Redis will return an error on write
-# eviction, Redis will return an error on write operations that require
+#       operations, when there are no suitable keys for eviction.
-# more memory. These are usually commands that create new keys, add data or
+#
-# modify existing keys. A few examples are: SET, INCR, HSET, LPUSH, SUNIONSTORE,
+#       At the date of writing these commands are: set setnx setex append
-# SORT (due to the STORE argument), and EXEC (if the transaction includes any
+#       incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
-# command that requires memory).
+#       sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
+#       zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
+#       getset mset msetnx exec sort
 #
 # The default is:
 #
@@ -1167,14 +901,6 @@ acllog-max-len 128
 #
 # maxmemory-samples 5
 
-# Eviction processing is designed to function well with the default setting.
-# If there is an unusually large amount of write traffic, this value may need to
-# be increased.  Decreasing this value may reduce latency at the risk of
-# eviction processing effectiveness
-#   0 = minimum latency, 10 = default, 100 = process without regard to latency
-#
-# maxmemory-eviction-tenacity 10
-
 # Starting from Redis 5, by default a replica will ignore its maxmemory setting
 # (unless it is promoted to master after a failover or manually). It means
 # that the eviction of keys will be just handled by the master, sending the
@@ -1268,13 +994,6 @@ replica-lazy-flush no
 
 lazyfree-lazy-user-del no
 
-# FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous
-# deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the
-# commands. When neither flag is passed, this directive will be used to determine
-# if the data should be deleted asynchronously.
-
-lazyfree-lazy-user-flush no
-
 ################################ THREADED I/O #################################
 
 # Redis is mostly single threaded, however there are certain threaded
@@ -1313,7 +1032,7 @@ lazyfree-lazy-user-flush no
 # Usually threading reads doesn't help much.
 #
 # NOTE 1: This configuration directive cannot be changed at runtime via
-# CONFIG SET. Also, this feature currently does not work when SSL is
+# CONFIG SET. Aso this feature currently does not work when SSL is
 # enabled.
 #
 # NOTE 2: If you want to test the Redis speedup using redis-benchmark, make
@@ -1331,7 +1050,7 @@ lazyfree-lazy-user-flush no
 # attempt to have background child processes killed before all others, and
 # replicas killed before masters.
 #
-# Redis supports these options:
+# Redis supports three options:
 #
 # no:       Don't make changes to oom-score-adj (default).
 # yes:      Alias to "relative" see below.
@@ -1352,18 +1071,6 @@ oom-score-adj no
 # oom-score-adj-values to positive values will always succeed.
 oom-score-adj-values 0 200 800
 
-#################### KERNEL transparent hugepage CONTROL ######################
-
-# Usually the kernel Transparent Huge Pages control is set to "madvise" or
-# or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
-# case this config has no effect. On systems in which it is set to "always",
-# redis will attempt to disable it specifically for the redis process in order
-# to avoid latency problems specifically with fork(2) and CoW.
-# If for some reason you prefer to keep it enabled, you can set this config to
-# "no" and the kernel global to "always".
-
-disable-thp yes
-
 ############################## APPEND ONLY MODE ###############################
 
 # By default Redis asynchronously dumps the dataset on disk. This mode is
@@ -1382,43 +1089,14 @@ disable-thp yes
 # If the AOF is enabled on startup Redis will load the AOF, that is the file
 # with the better durability guarantees.
 #
-# Please check https://redis.io/topics/persistence for more information.
+# Please check http://redis.io/topics/persistence for more information.
 
-# appendonly no
+appendonly no
 
-# The base name of the append only file.
+# The name of the append only file (default: "appendonly.aof")
-#
-# Redis 7 and newer use a set of append-only files to persist the dataset
-# and changes applied to it. There are two basic types of files in use:
-#
-# - Base files, which are a snapshot representing the complete state of the
-#   dataset at the time the file was created. Base files can be either in
-#   the form of RDB (binary serialized) or AOF (textual commands).
-# - Incremental files, which contain additional commands that were applied
-#   to the dataset following the previous file.
-#
-# In addition, manifest files are used to track the files and the order in
-# which they were created and should be applied.
-#
-# Append-only file names are created by Redis following a specific pattern.
-# The file name's prefix is based on the 'appendfilename' configuration
-# parameter, followed by additional information about the sequence and type.
-#
-# For example, if appendfilename is set to appendonly.aof, the following file
-# names could be derived:
-#
-# - appendonly.aof.1.base.rdb as a base file.
-# - appendonly.aof.1.incr.aof, appendonly.aof.2.incr.aof as incremental files.
-# - appendonly.aof.manifest as a manifest file.
 
 appendfilename "appendonly.aof"
 
-# For convenience, Redis stores all persistent append-only files in a dedicated
-# directory. The name of the directory is determined by the appenddirname
-# configuration parameter.
-
-appenddirname "appendonlydir"
-
 # The fsync() call tells the Operating System to actually write data on disk
 # instead of waiting for more data in the output buffer. Some OS will really flush
 # data on disk, some other OS will just try to do it ASAP.
@@ -1443,7 +1121,7 @@ appenddirname "appendonlydir"
 # If unsure, use "everysec".
 
 # appendfsync always
-# appendfsync everysec
+appendfsync everysec
 # appendfsync no
 
 # When the AOF fsync policy is set to always or everysec, and a background
@@ -1458,7 +1136,7 @@ appenddirname "appendonlydir"
 # BGSAVE or BGREWRITEAOF is in progress.
 #
 # This means that while another child is saving, the durability of Redis is
-# the same as "appendfsync no". In practical terms, this means that it is
+# the same as "appendfsync none". In practical terms, this means that it is
 # possible to lose up to 30 seconds of log in the worst scenario (with the
 # default Linux settings).
 #
@@ -1511,69 +1189,34 @@ auto-aof-rewrite-min-size 64mb
 # will be found.
 aof-load-truncated yes
 
-# Redis can create append-only base files in either RDB or AOF formats. Using
+# When rewriting the AOF file, Redis is able to use an RDB preamble in the
-# the RDB format is always faster and more efficient, and disabling it is only
+# AOF file for faster rewrites and recoveries. When this option is turned
-# supported for backward compatibility purposes.
+# on the rewritten AOF file is composed of two different stanzas:
+#
+#   [RDB file][AOF tail]
+#
+# When loading, Redis recognizes that the AOF file starts with the "REDIS"
+# string and loads the prefixed RDB file, then continues loading the AOF
+# tail.
 aof-use-rdb-preamble yes
 
-# Redis supports recording timestamp annotations in the AOF to support restoring
+################################ LUA SCRIPTING  ###############################
-# the data from a specific point-in-time. However, using this capability changes
-# the AOF format in a way that may not be compatible with existing AOF parsers.
-aof-timestamp-enabled no
 
-################################ SHUTDOWN #####################################
+# Max execution time of a Lua script in milliseconds.
-
-# Maximum time to wait for replicas when shutting down, in seconds.
 #
-# During shut down, a grace period allows any lagging replicas to catch up with
+# If the maximum execution time is reached Redis will log that a script is
-# the latest replication offset before the master exists. This period can
+# still in execution after the maximum allowed time and will start to
-# prevent data loss, especially for deployments without configured disk backups.
+# reply to queries with an error.
 #
-# The 'shutdown-timeout' value is the grace period's duration in seconds. It is
+# When a long running script exceeds the maximum execution time only the
-# only applicable when the instance has replicas. To disable the feature, set
+# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
-# the value to 0.
+# used to stop a script that did not yet call any write commands. The second
+# is the only way to shut down the server in the case a write command was
+# already issued by the script but the user doesn't want to wait for the natural
+# termination of the script.
 #
-# shutdown-timeout 10
+# Set it to 0 or a negative value for unlimited execution without warnings.
-
+lua-time-limit 5000
-# When Redis receives a SIGINT or SIGTERM, shutdown is initiated and by default
-# an RDB snapshot is written to disk in a blocking operation if save points are configured.
-# The options used on signaled shutdown can include the following values:
-# default:  Saves RDB snapshot only if save points are configured.
-#           Waits for lagging replicas to catch up.
-# save:     Forces a DB saving operation even if no save points are configured.
-# nosave:   Prevents DB saving operation even if one or more save points are configured.
-# now:      Skips waiting for lagging replicas.
-# force:    Ignores any errors that would normally prevent the server from exiting.
-#
-# Any combination of values is allowed as long as "save" and "nosave" are not set simultaneously.
-# Example: "nosave force now"
-#
-# shutdown-on-sigint default
-# shutdown-on-sigterm default
-
-################ NON-DETERMINISTIC LONG BLOCKING COMMANDS #####################
-
-# Maximum time in milliseconds for EVAL scripts, functions and in some cases
-# modules' commands before Redis can start processing or rejecting other clients.
-#
-# If the maximum execution time is reached Redis will start to reply to most
-# commands with a BUSY error.
-#
-# In this state Redis will only allow a handful of commands to be executed.
-# For instance, SCRIPT KILL, FUNCTION KILL, SHUTDOWN NOSAVE and possibly some
-# module specific 'allow-busy' commands.
-#
-# SCRIPT KILL and FUNCTION KILL will only be able to stop a script that did not
-# yet call any write commands, so SHUTDOWN NOSAVE may be the only way to stop
-# the server in the case a write command was already issued by the script when
-# the user doesn't want to wait for the natural termination of the script.
-#
-# The default is 5 seconds. It is possible to set it to 0 or a negative value
-# to disable this mechanism (uninterrupted execution). Note that in the past
-# this config had a different name, which is now an alias, so both of these do
-# the same:
-# lua-time-limit 5000
-# busy-reply-threshold 5000
 
 ################################ REDIS CLUSTER  ###############################
 
@@ -1597,11 +1240,6 @@ aof-timestamp-enabled no
 #
 # cluster-node-timeout 15000
 
-# The cluster port is the port that the cluster bus will listen for inbound connections on. When set
-# to the default value, 0, it will be bound to the command port + 10000. Setting this value requires
-# you to specify the cluster bus port when executing cluster meet.
-# cluster-port 0
-
 # A replica of a failing master will avoid to start a failover if its data
 # looks too old.
 #
@@ -1660,21 +1298,12 @@ aof-timestamp-enabled no
 # master in your cluster.
 #
 # Default is 1 (replicas migrate only if their masters remain with at least
-# one replica). To disable migration just set it to a very large value or
+# one replica). To disable migration just set it to a very large value.
-# set cluster-allow-replica-migration to 'no'.
 # A value of 0 can be set but is useful only for debugging and dangerous
 # in production.
 #
 # cluster-migration-barrier 1
 
-# Turning off this option allows to use less automatic cluster configuration.
-# It both disables migration to orphaned masters and migration from masters
-# that became empty.
-#
-# Default is 'yes' (allow automatic migrations).
-#
-# cluster-allow-replica-migration yes
-
 # By default Redis Cluster nodes stop accepting queries if they detect there
 # is at least a hash slot uncovered (no available node is serving it).
 # This way if the cluster is partially down (for example a range of hash slots
@@ -1689,7 +1318,7 @@ aof-timestamp-enabled no
 # cluster-require-full-coverage yes
 
 # This option, when set to yes, prevents replicas from trying to failover its
-# master during master failures. However the replica can still perform a
+# master during master failures. However the master can still perform a
 # manual failover, if forced to do so.
 #
 # This is useful in different scenarios, especially in the case of multiple
@@ -1699,7 +1328,7 @@ aof-timestamp-enabled no
 # cluster-replica-no-failover no
 
 # This option, when set to yes, allows nodes to serve read traffic while the
-# cluster is in a down state, as long as it believes it owns the slots.
+# the cluster is in a down state, as long as it believes it owns the slots.
 #
 # This is useful for two cases.  The first case is for when an application
 # doesn't require consistency of data during node failures or network partitions.
@@ -1714,54 +1343,8 @@ aof-timestamp-enabled no
 #
 # cluster-allow-reads-when-down no
 
-# This option, when set to yes, allows nodes to serve pubsub shard traffic while
-# the cluster is in a down state, as long as it believes it owns the slots.
-#
-# This is useful if the application would like to use the pubsub feature even when
-# the cluster global stable state is not OK. If the application wants to make sure only
-# one shard is serving a given channel, this feature should be kept as yes.
-#
-# cluster-allow-pubsubshard-when-down yes
-
-# Cluster link send buffer limit is the limit on the memory usage of an individual
-# cluster bus link's send buffer in bytes. Cluster links would be freed if they exceed
-# this limit. This is to primarily prevent send buffers from growing unbounded on links
-# toward slow peers (E.g. PubSub messages being piled up).
-# This limit is disabled by default. Enable this limit when 'mem_cluster_links' INFO field
-# and/or 'send-buffer-allocated' entries in the 'CLUSTER LINKS` command output continuously increase.
-# Minimum limit of 1gb is recommended so that cluster link buffer can fit in at least a single
-# PubSub message by default. (client-query-buffer-limit default value is 1gb)
-#
-# cluster-link-sendbuf-limit 0
-
-# Clusters can configure their announced hostname using this config. This is a common use case for
-# applications that need to use TLS Server Name Indication (SNI) or dealing with DNS based
-# routing. By default this value is only shown as additional metadata in the CLUSTER SLOTS
-# command, but can be changed using 'cluster-preferred-endpoint-type' config. This value is
-# communicated along the clusterbus to all nodes, setting it to an empty string will remove
-# the hostname and also propagate the removal.
-#
-# cluster-announce-hostname ""
-
-# Clusters can advertise how clients should connect to them using either their IP address,
-# a user defined hostname, or by declaring they have no endpoint. Which endpoint is
-# shown as the preferred endpoint is set by using the cluster-preferred-endpoint-type
-# config with values 'ip', 'hostname', or 'unknown-endpoint'. This value controls how
-# the endpoint returned for MOVED/ASKING requests as well as the first field of CLUSTER SLOTS.
-# If the preferred endpoint type is set to hostname, but no announced hostname is set, a '?'
-# will be returned instead.
-#
-# When a cluster advertises itself as having an unknown endpoint, it's indicating that
-# the server doesn't know how clients can reach the cluster. This can happen in certain
-# networking situations where there are multiple possible routes to the node, and the
-# server doesn't know which one the client took. In this case, the server is expecting
-# the client to reach out on the same endpoint it used for making the last request, but use
-# the port provided in the response.
-#
-# cluster-preferred-endpoint-type ip
-
 # In order to setup your cluster make sure to read the documentation
-# available at https://redis.io web site.
+# available at http://redis.io web site.
 
 ########################## CLUSTER DOCKER/NAT support  ########################
 
@@ -1771,21 +1354,16 @@ aof-timestamp-enabled no
 #
 # In order to make Redis Cluster working in such environments, a static
 # configuration where each node knows its public address is needed. The
-# following four options are used for this scope, and are:
+# following two options are used for this scope, and are:
 #
 # * cluster-announce-ip
 # * cluster-announce-port
-# * cluster-announce-tls-port
 # * cluster-announce-bus-port
 #
-# Each instructs the node about its address, client ports (for connections
+# Each instructs the node about its address, client port, and cluster message
-# without and with TLS) and cluster message bus port. The information is then
+# bus port. The information is then published in the header of the bus packets
-# published in the header of the bus packets so that other nodes will be able to
+# so that other nodes will be able to correctly map the address of the node
-# correctly map the address of the node publishing the information.
+# publishing the information.
-#
-# If cluster-tls is set to yes and cluster-announce-tls-port is omitted or set
-# to zero, then cluster-announce-port refers to the TLS port. Note also that
-# cluster-announce-tls-port has no effect if cluster-tls is set to no.
 #
 # If the above options are not used, the normal Redis Cluster auto-detection
 # will be used instead.
@@ -1798,8 +1376,7 @@ aof-timestamp-enabled no
 # Example:
 #
 # cluster-announce-ip 10.1.1.5
-# cluster-announce-tls-port 6379
+# cluster-announce-port 6379
-# cluster-announce-port 0
 # cluster-announce-bus-port 6380
 
 ################################## SLOW LOG ###################################
@@ -1824,7 +1401,7 @@ slowlog-log-slower-than 10000
 
 # There is no limit to this length. Just be aware that it will consume memory.
 # You can reclaim memory used by the slow log with SLOWLOG RESET.
-slowlog-max-len 10086
+slowlog-max-len 128
 
 ################################ LATENCY MONITOR ##############################
 
@@ -1847,24 +1424,10 @@ slowlog-max-len 10086
 # "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
 latency-monitor-threshold 0
 
-################################ LATENCY TRACKING ##############################
-
-# The Redis extended latency monitoring tracks the per command latencies and enables
-# exporting the percentile distribution via the INFO latencystats command,
-# and cumulative latency distributions (histograms) via the LATENCY command.
-#
-# By default, the extended latency monitoring is enabled since the overhead
-# of keeping track of the command latency is very small.
-# latency-tracking yes
-
-# By default the exported latency percentiles via the INFO latencystats command
-# are the p50, p99, and p999.
-# latency-tracking-info-percentiles 50 99 99.9
-
 ############################# EVENT NOTIFICATION ##############################
 
 # Redis can notify Pub/Sub clients about events happening in the key space.
-# This feature is documented at https://redis.io/topics/notifications
+# This feature is documented at http://redis.io/topics/notifications
 #
 # For instance if keyspace events notification is enabled, and a client
 # performs a DEL operation on key "foo" stored in the Database 0, two
@@ -1886,11 +1449,9 @@ latency-monitor-threshold 0
 #  z     Sorted set commands
 #  x     Expired events (events generated every time a key expires)
 #  e     Evicted events (events generated when a key is evicted for maxmemory)
-#  n     New key events (Note: not included in the 'A' class)
 #  t     Stream commands
-#  d     Module key type events
 #  m     Key-miss events (Note: It is not included in the 'A' class)
-#  A     Alias for g$lshzxetd, so that the "AKE" string means all the events
+#  A     Alias for g$lshzxet, so that the "AKE" string means all the events
 #        (Except key-miss events which are excluded from 'A' due to their
 #         unique nature).
 #
@@ -1913,13 +1474,71 @@ latency-monitor-threshold 0
 #  specify at least one of K or E, no events will be delivered.
 notify-keyspace-events ""
 
+############################### GOPHER SERVER #################################
+
+# Redis contains an implementation of the Gopher protocol, as specified in
+# the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt).
+#
+# The Gopher protocol was very popular in the late '90s. It is an alternative
+# to the web, and the implementation both server and client side is so simple
+# that the Redis server has just 100 lines of code in order to implement this
+# support.
+#
+# What do you do with Gopher nowadays? Well Gopher never *really* died, and
+# lately there is a movement in order for the Gopher more hierarchical content
+# composed of just plain text documents to be resurrected. Some want a simpler
+# internet, others believe that the mainstream internet became too much
+# controlled, and it's cool to create an alternative space for people that
+# want a bit of fresh air.
+#
+# Anyway for the 10nth birthday of the Redis, we gave it the Gopher protocol
+# as a gift.
+#
+# --- HOW IT WORKS? ---
+#
+# The Redis Gopher support uses the inline protocol of Redis, and specifically
+# two kind of inline requests that were anyway illegal: an empty request
+# or any request that starts with "/" (there are no Redis commands starting
+# with such a slash). Normal RESP2/RESP3 requests are completely out of the
+# path of the Gopher protocol implementation and are served as usual as well.
+#
+# If you open a connection to Redis when Gopher is enabled and send it
+# a string like "/foo", if there is a key named "/foo" it is served via the
+# Gopher protocol.
+#
+# In order to create a real Gopher "hole" (the name of a Gopher site in Gopher
+# talking), you likely need a script like the following:
+#
+#   https://github.com/antirez/gopher2redis
+#
+# --- SECURITY WARNING ---
+#
+# If you plan to put Redis on the internet in a publicly accessible address
+# to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance.
+# Once a password is set:
+#
+#   1. The Gopher server (when enabled, not by default) will still serve
+#      content via Gopher.
+#   2. However other commands cannot be called before the client will
+#      authenticate.
+#
+# So use the 'requirepass' option to protect your instance.
+#
+# Note that Gopher is not currently supported when 'io-threads-do-reads'
+# is enabled.
+#
+# To enable Gopher support, uncomment the following line and set the option
+# from no (the default) to yes.
+#
+# gopher-enabled no
+
 ############################### ADVANCED CONFIG ###############################
 
 # Hashes are encoded using a memory efficient data structure when they have a
 # small number of entries, and the biggest entry does not exceed a given
 # threshold. These thresholds can be configured using the following directives.
-hash-max-listpack-entries 512
+hash-max-ziplist-entries 512
-hash-max-listpack-value 64
+hash-max-ziplist-value 64
 
 # Lists are also encoded in a special way to save a lot of space.
 # The number of entries allowed per internal list node can be specified
@@ -1934,7 +1553,7 @@ hash-max-listpack-value 64
 # per list node.
 # The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
 # but if your use case is unique, adjust the settings as necessary.
-list-max-listpack-size -2
+list-max-ziplist-size -2
 
 # Lists may also be compressed.
 # Compress depth is the number of quicklist ziplist nodes from *each* side of
@@ -1962,8 +1581,8 @@ set-max-intset-entries 512
 # Similarly to hashes and lists, sorted sets are also specially encoded in
 # order to save a lot of space. This encoding is only used when the length and
 # elements of a sorted set are below the following limits:
-zset-max-listpack-entries 128
+zset-max-ziplist-entries 128
-zset-max-listpack-value 64
+zset-max-ziplist-value 64
 
 # HyperLogLog sparse representation bytes limit. The limit includes the
 # 16 bytes header. When an HyperLogLog using the sparse representation crosses
@@ -1985,9 +1604,9 @@ hll-sparse-max-bytes 3000
 # maximum number of items it may contain before switching to a new node when
 # appending new stream entries. If any of the following settings are set to
 # zero, the limit is ignored, so for instance it is possible to set just a
-# max entries limit by setting max-bytes to 0 and max-entries to the desired
+# max entires limit by setting max-bytes to 0 and max-entries to the desired
 # value.
-stream-node-max-bytes 4kb
+stream-node-max-bytes 4096
 stream-node-max-entries 100
 
 # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
@@ -2042,13 +1661,6 @@ activerehashing yes
 # Instead there is a default limit for pubsub and replica clients, since
 # subscribers and replicas receive data in a push fashion.
 #
-# Note that it doesn't make sense to set the replica clients output buffer
-# limit lower than the repl-backlog-size config (partial sync will succeed
-# and then replica will get disconnected).
-# Such a configuration is ignored (the size of repl-backlog-size will be used).
-# This doesn't have memory consumption implications since the replica client
-# will share the backlog buffers memory.
-#
 # Both the hard or the soft limit can be disabled by setting them to zero.
 client-output-buffer-limit normal 0 0 0
 client-output-buffer-limit replica 256mb 64mb 60
@@ -2062,25 +1674,6 @@ client-output-buffer-limit pubsub 32mb 8mb 60
 #
 # client-query-buffer-limit 1gb
 
-# In some scenarios client connections can hog up memory leading to OOM
-# errors or data eviction. To avoid this we can cap the accumulated memory
-# used by all client connections (all pubsub and normal clients). Once we
-# reach that limit connections will be dropped by the server freeing up
-# memory. The server will attempt to drop the connections using the most
-# memory first. We call this mechanism "client eviction".
-#
-# Client eviction is configured using the maxmemory-clients setting as follows:
-# 0 - client eviction is disabled (default)
-#
-# A memory value can be used for the client eviction threshold,
-# for example:
-# maxmemory-clients 1g
-#
-# A percentage value (between 1% and 100%) means the client eviction threshold
-# is based on a percentage of the maxmemory setting. For example to set client
-# eviction at 5% of maxmemory:
-# maxmemory-clients 5%
-
 # In the Redis protocol, bulk requests, that are, elements representing single
 # strings, are normally limited to 512 mb. However you can change this limit
 # here, but must be 1mb or greater
@@ -2121,13 +1714,13 @@ hz 10
 dynamic-hz yes
 
 # When a child rewrites the AOF file, if the following option is enabled
-# the file will be fsync-ed every 4 MB of data generated. This is useful
+# the file will be fsync-ed every 32 MB of data generated. This is useful
 # in order to commit the file to the disk more incrementally and avoid
 # big latency spikes.
 aof-rewrite-incremental-fsync yes
 
 # When redis saves RDB file, if the following option is enabled
-# the file will be fsync-ed every 4 MB of data generated. This is useful
+# the file will be fsync-ed every 32 MB of data generated. This is useful
 # in order to commit the file to the disk more incrementally and avoid
 # big latency spikes.
 rdb-save-incremental-fsync yes
@@ -2224,7 +1817,7 @@ rdb-save-incremental-fsync yes
 # defragmentation process. If you are not sure about what they mean it is
 # a good idea to leave the defaults untouched.
 
-# Active defragmentation is disabled by default
+# Enabled active defragmentation
 # activedefrag no
 
 # Minimum amount of fragmentation waste to start active defrag
@@ -2282,10 +1875,3 @@ jemalloc-bg-thread yes
 # to suppress
 #
 # ignore-warnings ARM64-COW-BUG
-
-# Generated by CONFIG REWRITE
-save 3600 1
-save 300 100
-save 60 10000
-latency-tracking-info-percentiles 50 99 99.9
-user default on nopass ~* &* +@all

apps/redis/versions/7.0.5/conf/redis.conf

@@ -1,12 +1,3 @@
-# Redis configuration rewrite by 1Panel
-timeout 0
-# maxclients 10000
-# maxmemory <bytes>
-save 3600 1 300 100 60 10000
-appendonly no
-appendfsync everysec
-# End Redis configuration rewrite by 1Panel
-
 # Redis configuration file example.
 #
 # Note that in order to read the configuration file, Redis must be
@@ -93,7 +84,7 @@ appendfsync everysec
 # You will also need to set a password unless you explicitly disable protected
 # mode.
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-# bind 127.0.0.1 -::1
+bind 0.0.0.0
 
 # By default, outgoing connections (from replica to master, from Sentinel to
 # instances, cluster bus, etc.) are not bound to a specific local address. In
@@ -165,7 +156,7 @@ tcp-backlog 511
 # unixsocketperm 700
 
 # Close the connection after a client is idle for N seconds (0 to disable)
-# timeout 0
+timeout 0
 
 # TCP keepalive.
 #
@@ -1385,7 +1376,7 @@ disable-thp yes
 #
 # Please check https://redis.io/topics/persistence for more information.
 
-# appendonly no
+appendonly no
 
 # The base name of the append only file.
 #
@@ -1444,7 +1435,7 @@ appenddirname "appendonlydir"
 # If unsure, use "everysec".
 
 # appendfsync always
-# appendfsync everysec
+appendfsync everysec
 # appendfsync no
 
 # When the AOF fsync policy is set to always or everysec, and a background