how to reload a new version of a custom rulesets?

[sandromodarelli]

I have added a 50000_custom_rulesets.json in libpath/rules/ and a waf:set_option("add_ruleset", "50000_custom_rulesets")
I need to reload rules when the custom rulesets' file has changed.

A partial solution can be to have access to:

-- ruleset table cache
local _ruleset_defs = {}
local _ruleset_def_cnt = 0

If the ruleset_defs table was public, i would make at init_worker phase a timer loop that check the custom rulesets' file changes. If the file has changed, process will set ruleset_defs["50000_custom_rulesets"] = nil and during the waf:exec new rules would be reloaded from file.

[p0pr0ck5]

Hi,

The current design requires that worker processes be reloaded, since we consider rules to be like any other on-disk config file. Does this approach not work for your use case?

[sandromodarelli]

It would be great to load rules dinamically, without a reload. With limit conditions, Nginx workers detach from master and becomes zombie workers; so the dinamic rules configuration can be a good plus

[p0pr0ck5]

If you have a case where you're seeing zombie processes as a result of a reload, then I suspect there is something problematic with your setup. If you suspect zombie processes are related to lua-resty-waf, pleaded provide some debug logs or a minimal test case to reproduce :)