Cloudflare WAF规则基础版本

自用规则已更新, 暂停维护 (或者未来?)

前言

看了眼网上的规则, 一言难尽, 故释放本站使用的WAF规则
之所以为基础版本, 是因为部分操作如果被公开, 只会让规则被泛滥, 将FREE版本下原本就少的方法被绕过
我的频道已发布最新的基于API的请求限制脚本, 可脱离服务器运行

创建

规则一阻止: 原本想要ban全部bot UA, 但由于规则有4096字数限制故取消

(not http.request.method in {"GET" "POST"}) or 
(not http.user_agent contains "Mozilla/5.0 (") or 
(not http.request.uri.path contains "/a" and not http.request.uri.path contains "/b") or # 这里自行替换源站路径, 如果懒的话就删掉该规则
(not ssl) or 
(http.user_agent contains "scaninfo@expanseinc.com") or 
(http.user_agent contains "Acunetix") or 
(lower(http.user_agent) contains "apache") or 
(http.user_agent contains "BackDoorBot") or 
(http.user_agent contains "censys") or 
(http.user_agent contains "cobion") or 
(http.user_agent contains "masscan") or 
(http.user_agent contains "FHscan") or 
(http.user_agent contains "scanbot") or 
(http.user_agent contains "Gscan") or 
(http.user_agent contains "Researchscan") or 
(http.user_agent contains "WPScan") or 
(http.user_agent contains "ScanAlert") or 
(http.user_agent contains "Wprecon") or 
(lower(http.user_agent) contains "virusdie") or 
(http.user_agent contains "VoidEYE") or 
(http.user_agent contains "WebShag") or 
(http.user_agent contains "Zeus") or 
(http.user_agent contains "zgrab") or 
(lower(http.user_agent) contains "zmap") or 
(lower(http.user_agent) contains "nmap") or 
(lower(http.user_agent) contains "fimap") or 
(http.user_agent contains "ZmEu") or 
(http.user_agent contains "ZumBot") or 
(http.user_agent contains "Zyborg")

规则二质询: 很简单的ip 国家 ban, 没技术含量

(ip.src in $ip_blacklist) or # 该规则调用保存在CF的列表, 如果没有就自行删除
(ip.geoip.country in {"XX"}) or # 自行增加
(ip.geoip.asnum in {9009}) or # 自行增加
(cf.threat_score gt 1) or 
(not http.request.version in {"SPDY/3.1" "HTTP/3" "HTTP/2"})

规则三 Js验证:

1 2	(cf.threat_score gt 0) or (http.cookie eq "" and http.request.uri.query ne "")

参考

Cloudflare 各官方文档