Cloudflare防火墙策略收集（持续更新）

两个Cloudflare防火墙策略，能挡住90%以上恶意流量。

域名》防火墙》防护墙规则》创建防火墙规则，如图：

表达式：

(cf.threat_score ge 5 and not cf.client.bot) or (not http.request.version in {"HTTP/1.2" "HTTP/2" "HTTP/3" "SPDY/3.1"}) or (not http.user_agent contains "Mozilla/")

上面的意思是威胁分数大于或等于5，且不是已知的合法爬虫，会质询；

HTTP版本不是 “HTTP/1.2” “HTTP/2” “HTTP/3” “SPDY/3.1” 会质询；

请求头不带 Mozilla/ 会质询；

上面可能会误伤爬虫，那么再创建一个合法爬虫规则，如图：

表达式：

(cf.client.bot) or (http.user_agent contains "duckduckgo") or (http.user_agent contains "facebookexternalhit") or (http.user_agent contains "Feedfetcher-Google") or (http.user_agent contains "LinkedInBot") or (http.user_agent contains "Mediapartners-Google") or (http.user_agent contains "msnbot") or (http.user_agent contains "Slackbot") or (http.user_agent contains "TwitterBot") or (http.user_agent contains "ia_archive") or (http.user_agent contains "yahoo")

上面的合法爬虫允许访问。

实测，这两条规则能挡住95%以上的CC攻击，然后防火墙设置，安全级别建议设置为低，否则影响浏览体验。

还是那句话，任何攻击都有特征的，分析日志，然后对应屏蔽才是最好的办法。

文章来源于互联网:Cloudflare防火墙策略收集（持续更新）

最后更新于 2022-10-31 13:59:28 并被添加「」标签，已有 14452 位童鞋阅读过。

本站使用「署名 4.0 国际」创作共享协议，可自由转载、引用，但需署名作者且注明文章出处

已有 10275 条评论

qopdIiaybt

TGEiMgeRYUw December 1st, 2022 at 08:25 am 回复
1. @TGEiMgeRYUw
  
  26, 27 This hepatomegaly would explain the increased clearance observed with vecuronium online generic cialis
  
  Hekanaree February 20th, 2023 at 08:07 pm 回复
2. @TGEiMgeRYUw
  
  FjkPVBRbIAud
  
  VOewFlUQ December 16th, 2022 at 03:40 am 回复
3. @TGEiMgeRYUw
  
  cMKDzdfa
  
  VOewFlUQ December 16th, 2022 at 03:40 am 回复
wAIVQkoUP

TGEiMgeRYUw December 1st, 2022 at 08:25 am 回复
1. @TGEiMgeRYUw
  
  Vesicoureteral reflux and scarring A DMSA scan is also quite effective in detecting renal scarring in patients with vesicoureteral reflux cialis viagra combo pack
  
  Hekanaree March 11th, 2023 at 03:50 pm 回复
2. @TGEiMgeRYUw
  
  CYyzLpWDMTP
  
  VOewFlUQ December 16th, 2022 at 03:40 am 回复
3. @TGEiMgeRYUw
  
  UNyQvcjVakE
  
  VOewFlUQ December 16th, 2022 at 03:40 am 回复

发表新评论