server:
listen: "127.0.0.1:6190"
admin_listen: "127.0.0.1:6191"
workers: 0
waf_threshold: 1
waf_enabled: true
trusted_proxies:
- "127.0.0.1/32"
upstreams:
- host: "127.0.0.1"
port: 5555
rate_limit:
rps: 10000
enabled: true
logging:
level: "info"
format: "text"
access_log: true
detection:
sqli: true
xss: true
path_traversal: true
command_injection: true
action: "block"
block_status: 403
tls:
enabled: false
cert_path: "certs/server.crt"
key_path: "certs/server.key"
min_version: "1.3"
telemetry:
enabled: true
endpoint: "http://localhost:3100/telemetry"
api_key: null
batch_size: 100
flush_interval:
secs: 10
nanos: 0
max_retries: 3
initial_backoff:
secs: 0
nanos: 100000000
max_backoff:
secs: 30
nanos: 0
max_buffer_size: 10000
circuit_breaker_threshold: 5
circuit_breaker_timeout:
secs: 60
nanos: 0
enabled_events: []
instance_id: "synapse-waf-1"
tarpit:
enabled: true
base_delay_ms: 100
max_delay_ms: 2000
progressive_multiplier: 1.5
max_states: 10000
decay_threshold_ms: 300000
cleanup_threshold_ms: 1800000
dlp:
enabled: true
max_scan_size: 5242880
max_matches: 100
scan_text_only: true
max_body_inspection_bytes: 8192
fast_mode: false
crawler:
enabled: false
dns_cache_ttl_secs: 300
verification_cache_ttl_secs: 3600
max_cache_entries: 50000
dns_timeout_ms: 2000
max_concurrent_dns_lookups: 100
verify_legitimate_crawlers: false
block_bad_bots: false
dns_failure_policy: "apply_risk_penalty"
dns_failure_risk_penalty: 50
max_stats_entries: 1000