Hi Antonio, Hi Mex,
:) Please dont take me so seriously. I am a "dummy" lua developer, who started this WAF for my hobby. Please bare with me.
I 100% agree that all the blacklisted folders/files (like /admin,.git, .svn) should be protected at Nginx config level. (Similar to .htaccess in apache).
I haven't see code of any WAF, so I dont know what to unscape and what to escape right now. Let me play with my WAF for few more months. (By the way, I got married recently and work in my office from 10am to 7pm, so no time at all :'( )
I dont want to get into the comparison with other WAFs who are in market since many years.
If you are interested in developing something new and unique, and if you know Lua, please fix my mistakes in the code and/or reshape the project. :)
I will keep contributing to the WAF, whenever I get time.
Thanks all for taking a look in the WAF.
Jaydeep