[teler-waf] New version (v1.2.0-alpha.1) released!

[teler-announce]

Dear users,

We have some exciting news to share! The latest teler-waf release (v1.2.0-alpha.1) is now available, and we highly recommend upgrading to take advantage of its enhancements.

One of the standout features in this release is a substantial improvement 📈 in performance during the initialization and compilation of threat datasets. We've conducted benchmark tests comparing the previous version with the new release, and the results for each operation are quite impressive:

$ benchstat old.txt new.txt
goos: linux
goarch: amd64
pkg: github.com/kitabisa/teler-waf
cpu: 11th Gen Intel(R) Core(TM) i9-11900H @ 2.50GHz
                                       │   old.txt   │               new.txt                │
                                       │   sec/op    │    sec/op     vs base                │
InitializeDefault-4                      20.60m ± 5%   18.48m ± 13%  -10.29% (p=0.009 n=10)
InitializeCommonWebAttack-4              20.70m ± 5%   18.53m ±  7%  -10.49% (p=0.000 n=10)
InitializeCVE-4                          21.97m ± 6%   18.90m ±  8%  -13.99% (p=0.001 n=10)
InitializeBadIPAddress-4                 20.61m ± 6%   20.05m ± 11%        ~ (p=0.529 n=10)
InitializeBadReferrer-4                  19.97m ± 6%   19.42m ±  9%        ~ (p=0.353 n=10)
InitializeBadCrawler-4                   21.23m ± 9%   18.98m ±  7%  -10.56% (p=0.000 n=10)
InitializeDirectoryBruteforce-4          22.06m ± 9%   18.20m ±  6%  -17.46% (p=0.000 n=10)
InitializeWithoutCommonWebAttack-4       21.34m ± 4%   19.18m ±  5%  -10.13% (p=0.000 n=10)
InitializeWithoutCVE-4                   21.93m ± 7%   19.53m ±  5%  -10.94% (p=0.000 n=10)
InitializeWithoutBadIPAddress-4          20.39m ± 8%   20.07m ± 11%        ~ (p=0.052 n=10)
InitializeWithoutBadReferrer-4           20.91m ± 5%   18.97m ±  5%   -9.31% (p=0.000 n=10)
InitializeWithoutBadCrawler-4            20.63m ± 8%   19.35m ±  9%   -6.22% (p=0.003 n=10)
InitializeWithoutDirectoryBruteforce-4   20.81m ± 5%   19.18m ±  9%   -7.82% (p=0.005 n=10)
InitializeCustomRules-4                  21.53m ± 6%   17.89m ±  7%  -16.91% (p=0.000 n=10)
geomean                                  21.04m        19.04m         -9.49%

                                       │   old.txt    │               new.txt               │
                                       │     B/op     │     B/op      vs base               │
InitializeDefault-4                      42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.001 n=10)
InitializeCommonWebAttack-4              42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeCVE-4                          42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeBadIPAddress-4                 42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeBadReferrer-4                  42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeBadCrawler-4                   42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeDirectoryBruteforce-4          42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeWithoutCommonWebAttack-4       42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeWithoutCVE-4                   42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeWithoutBadIPAddress-4          42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeWithoutBadReferrer-4           42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeWithoutBadCrawler-4            42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeWithoutDirectoryBruteforce-4   42.63Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
InitializeCustomRules-4                  42.64Mi ± 0%   38.66Mi ± 0%  -9.33% (p=0.000 n=10)
geomean                                  42.63Mi        38.66Mi       -9.33%

                                       │   old.txt    │               new.txt               │
                                       │  allocs/op   │  allocs/op   vs base                │
InitializeDefault-4                      114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.001 n=10)
InitializeCommonWebAttack-4              114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeCVE-4                          114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeBadIPAddress-4                 114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeBadReferrer-4                  114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeBadCrawler-4                   114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeDirectoryBruteforce-4          114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeWithoutCommonWebAttack-4       114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeWithoutCVE-4                   114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeWithoutBadIPAddress-4          114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeWithoutBadReferrer-4           114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeWithoutBadCrawler-4            114.23k ± 0%   86.86k ± 0%  -23.96% (p=0.000 n=10)
InitializeWithoutDirectoryBruteforce-4   114.23k ± 0%   86.87k ± 0%  -23.96% (p=0.000 n=10)
InitializeCustomRules-4                  114.27k ± 0%   86.90k ± 0%  -23.95% (p=0.000 n=10)
geomean                                   114.2k        86.87k       -23.96%

• Time has seen a 10.29% improvement ⏱
• Memory usage has been reduced by 9.33%
• Memory allocation has decreased by 23.96%

The reason behind this significant improvement is noteworthy: we've made substantial changes in how we handle threat detection. Specifically, we've eliminated the use of dual regexp engines and have moved away from relying on the built-in regexp engine for checking common web attacks and bad referrer threats. You can find more details here: https://github.com/kitabisa/teler-waf/compare/v1.1.7...v1.2.0-alpha.1.

In summary, these performance outcomes clearly illustrate that the new version offers significantly enhanced performance, achieving an impressive 9.49% overall boost. 🚀 Upgrading to the latest version not only enhances the efficiency of your application but also elevates its security capabilities.

Best!

dw1