docs: update documentation for v0.1.2 (ASN, SOTA, Issues fixed)

README.md

@@ -7,7 +7,7 @@ A robust, highly customizable, and feature-rich **Web Application Firewall (WAF)
 ## 🛡️ Core Protections
 
 *   **Regex-Based Filtering:** Deep URL, data & header inspection using powerful regex rules.
-*   **Blacklisting:** Blocks malicious IPs, domains & optionally TOR exit nodes.
+*   **Blacklisting:** Blocks malicious IPs, domains, ASNs & optionally TOR exit nodes.
 *   **Geo-Blocking:** Restricts access by country using GeoIP.
 *   **Rate Limiting:** Prevents abuse via customizable IP request limits.
 *   **Anomaly Scoring:** Dynamically blocks requests based on cumulative rule matches.
@@ -23,6 +23,13 @@ A robust, highly customizable, and feature-rich **Web Application Firewall (WAF)
 _Simple at a glance UI :)_
 ![demo](https://github.com/fabriziosalmi/caddy-waf/blob/main/docs/caddy-waf-ui.png?raw=true)  
 
+## Security & Performance (SOTA)
+*   **Zero-Copy Networking**: Uses `unsafe.String` to eliminate memory allocations during request body inspection.
+*   **Wait-Free Concurrency**: Atomic counters ensure accurate metrics and rule hit counting without lock contention.
+*   **Circuit Breaker**: `geoip_fail_open` prevents database failures from causing service outages.
+*   **DoS Protection**: `io.LimitReader` enforces strict request body limits to prevent memory exhaustion.
+*   **ReDoS Safety**: Built on top of Go's `regexp` (RE2), guaranteeing linear time execution for all regex rules.
+
 ## 🚀 Quick Start
 
 ```bash

caddywaf.go

@@ -50,7 +50,7 @@ var (
 )
 
 // Add or update the version constant as needed
-const wafVersion = "v0.1.0" // update this value to the new release version when tagging
+const wafVersion = "v0.1.2" // update this value to the new release version when tagging
 
 // ==================== Initialization and Setup ====================
 

docs/configuration.md

@@ -140,6 +140,9 @@ The WAF provides a variety of configuration options to control its behavior. The
 | **`log_path`**           | Specifies the path for the WAF log file.                                                                                                                                                                      | `log_path /var/log/waf/access.log`                                                                                 |
 | **`redact_sensitive_data`** | Redacts sensitive data from the request query string in logs.                                                                                                                                              | `redact_sensitive_data`                                                                                            |
 | **`custom_response`**    | Defines custom HTTP responses for blocked requests. Requires status code, content type, and response content or file path.                                                                                    | `custom_response 403 application/json error.json`                                                                  |
+| **`max_request_body_size`**| Configures request body size limit (default 10MB). Uses `io.LimitReader` for protection.                                                                                                    | `max_request_body_size 20MB`                                                                                       |
+| **`block_asns`**         | Blocks requests from specified Autonomous Systems (ASNs) using the MaxMind GeoIP2 ASN database.                                                                                               | `block_asns GeoLite2-ASN.mmdb 12345 67890`                                                                         |
+| **`geoip_fail_open`**    | Configures the WAF to allow requests if GeoIP/ASN lookup fails (Circuit Breaker pattern). Default is false (Fail Closed).                                                                     | `geoip_fail_open`                                                                                                  |
 
 ---