From 1ec0b38d10016e9472b01357c2560d84d8d408c8 Mon Sep 17 00:00:00 2001
From: ADD-SP <me@addesp.com>
Date: Fri, 25 Jun 2021 22:37:19 +0800
Subject: [PATCH] :triangular_flag_on_post: Modified the working modes `STD`
 and `DYNAMIC`.

---
 docs/advance/changes.md         | 8 ++++++++
 docs/advance/directive.md       | 4 ++--
 docs/zh-cn/advance/changes.md   | 8 ++++++++
 docs/zh-cn/advance/directive.md | 4 ++--
 inc/ngx_http_waf_module_macro.h | 4 ++--
 5 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/docs/advance/changes.md b/docs/advance/changes.md
index 19188bbb..504a8951 100644
--- a/docs/advance/changes.md
+++ b/docs/advance/changes.md
@@ -17,6 +17,14 @@ lang: en
 
 ***
 
+## [5.5.0] - 2021-06-25 UTC+0800
+
+### Changed
+
+* Because of high false positives, [libinjection](https://github.com/libinjection/libinjection)-based XSS attack detection has been disabled in working modes `STD` and `DYNAMIC`.
+
+***
+
 ## [5.4.2] - 2021-06-15 UTC+0800
 
 ### Fixed
diff --git a/docs/advance/directive.md b/docs/advance/directive.md
index 61f0a9f4..c6d8725a 100644
--- a/docs/advance/directive.md
+++ b/docs/advance/directive.md
@@ -59,9 +59,9 @@ Specify the working mode of the firewall, specifying at least one mode and up to
 * COMPAT: compatibility mode, used to enable compatibility options with other modules or environments, currently used for compatibility with the ngx_http_rewrite_module, see [compatibility statement](/guide/compatibility.md).
 * STRICT: Strict mode, which sacrifices some performance for more checks, currently only works when `COMPAT` mode is enabled, and performs a full round of inspections before and after the ngx_http_rewrite_module takes effect.
 * CACHE: Enable caching. Enabling this mode will cache the result of the inspection, so that the next time the same target is inspected, there is no need to repeat the inspection. However, the results of the POST body inspection are not cached. For example, if a URL is not in the blacklist after inspection, the next time the same URL is inspected, the cache can be read directly. When you enable this mode, you must set [waf_cache](#waf-cache).
-* STD: Standard working mode, equivalent to `HEAD GET POST IP URL RBODY ARGS UA CC COMPAT CACHE LIB-INJECTION`.
+* STD: Standard working mode, equivalent to `HEAD GET POST IP URL RBODY ARGS UA CC COMPAT CACHE LIB-INJECTION-SQLI`.
 * STATIC: working mode for static sites, equivalent to `HEAD GET IP URL UA CC CACHE`.
-* DYNAMIC: working mode for dynamic sites, equivalent to `HEAD GET POST IP URL ARGS UA RBODY COOKIE CC COMPAT CACHE LIB-INJECTION`.
+* DYNAMIC: working mode for dynamic sites, equivalent to `HEAD GET POST IP URL ARGS UA RBODY COOKIE CC COMPAT CACHE LIB-INJECTION-SQLI`.
 * FULL: Enable all modes.
 
 You can turn off a mode by prefixing a `mode_type` with `! ` prefix to a `mode_type` to turn it off. 
diff --git a/docs/zh-cn/advance/changes.md b/docs/zh-cn/advance/changes.md
index cc42b2ce..d94e07a6 100644
--- a/docs/zh-cn/advance/changes.md
+++ b/docs/zh-cn/advance/changes.md
@@ -17,6 +17,14 @@ lang: zh-CN
 
 ***
 
+## [5.5.0] - 2021-06-25 UTC+0800
+
+### 变动
+
+* 在工作模式 `STD` 和 `DYNAMIC` 中禁用了基于 `libinjection` 的 XSS 攻击检测，因为有用户反映误报比较高。
+
+***
+
 ## [5.4.2] - 2021-06-15 UTC+0800
 
 ### 修复
diff --git a/docs/zh-cn/advance/directive.md b/docs/zh-cn/advance/directive.md
index a8447d0f..523cd274 100644
--- a/docs/zh-cn/advance/directive.md
+++ b/docs/zh-cn/advance/directive.md
@@ -59,9 +59,9 @@ lang: zh-CN
 * COMPAT：兼容模式，用来启用一些兼容性选项去兼容其它的模块或者环境，目前用于兼容 ngx_http_rewrite_module，详见[兼容性说明](/zh-cn/guide/compatibility.md)。
 * STRICT：严格模式，牺牲一些性能进行更多的检查，目前仅在启用了 `COMPAT` 模式时生效，在 ngx_http_rewrite_module 生效前和生效后都进行一轮完整的检查。
 * CACHE：启用缓存。启用此模式后会缓存检查的结果，下次检查相同的目标时就不需要重复检查了。不过不会缓存 POST 体的检查结果。比如一个 URL 经过检查后并没有在黑名单中，那么下次检查相同的 URL 时就无需再次检查 URL 黑名单了。当你启用了此模式，你必须设置 [waf_cache](#waf-cache)。
-* STD：标准工作模式，等价于 `HEAD GET POST IP URL RBODY ARGS UA CC COMPAT CACHE LIB-INJECTION`。
+* STD：标准工作模式，等价于 `HEAD GET POST IP URL RBODY ARGS UA CC COMPAT CACHE LIB-INJECTION-SQLI`。
 * STATIC：适用于静态站点的工作模式，等价于 `HEAD GET IP URL UA CC CACHE`。
-* DYNAMIC：适用于动态站点的工作模式，等价于 `HEAD GET POST IP URL ARGS UA RBODY COOKIE CC COMPAT CACHE LIB-INJECTION`。
+* DYNAMIC：适用于动态站点的工作模式，等价于 `HEAD GET POST IP URL ARGS UA RBODY COOKIE CC COMPAT CACHE LIB-INJECTION-SQLI`。
 * FULL: 启用所有的模式。
 
 您可以通过在某个 `mode_type` 前增加 `!` 前缀来关闭该模式，下面是一个例子。
diff --git a/inc/ngx_http_waf_module_macro.h b/inc/ngx_http_waf_module_macro.h
index 3ff7c4d3..f1b72f37 100644
--- a/inc/ngx_http_waf_module_macro.h
+++ b/inc/ngx_http_waf_module_macro.h
@@ -276,7 +276,7 @@
                                                 | NGX_HTTP_WAF_MODE_INSPECT_CC           \
                                                 | NGX_HTTP_WAF_MODE_EXTRA_COMPAT         \
                                                 | NGX_HTTP_WAF_MODE_EXTRA_CACHE          \
-                                                | NGX_HTTP_WAF_MODE_LIB_INJECTION)
+                                                | NGX_HTTP_WAF_MODE_LIB_INJECTION_SQLI)
 /**
  * @def MODE_STATIC
  * @brief 适用于静态站点的工作模式
@@ -305,7 +305,7 @@
                                                 | NGX_HTTP_WAF_MODE_INSPECT_CC           \
                                                 | NGX_HTTP_WAF_MODE_EXTRA_COMPAT         \
                                                 | NGX_HTTP_WAF_MODE_EXTRA_CACHE          \
-                                                | NGX_HTTP_WAF_MODE_LIB_INJECTION)
+                                                | NGX_HTTP_WAF_MODE_LIB_INJECTION_SQLI)
 
 
 /**