HTML网站资源下载器
1247人气数
Aibi Photo AI照片增强器v1.34.0破解版
1331人气数
Photo Editor照片编辑器v9.7.1破解版
1294人气数
自由门VPN加速器
1719人气数
Telegram 电报TG 即时通讯软件
1335人气数
Little Rocket VPN 3.0 小火箭加速器3.0
1446人气数
Cloudflare waf 规则大全 1.防止恶意请求
(http.request.version in {"HTTP/1.0"} and not cf.client.bot) or (http.user_agent eq "") or (http.user_agent eq " ") or (http.user_agent eq "-") or (http.user_agent eq "'") or (http.user_agent contains "/x/") or (http.user_agent contains "'XOR(") or (http.user_agent contains "ALittle") or (http.user_agent contains "got (") or (http.user_agent contains "quic-go-HTTP") or (http.user_agent contains "Go-http-client") or (http.user_agent contains "fasthttp") or (http.user_agent contains "python") or (http.user_agent contains "java") or (http.user_agent contains "PHP") or (http.user_agent contains "Nmap") or (http.user_agent contains "scrapy" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot) or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bing" and not http.user_agent contains "google" and not http.user_agent contains "yandex" and not http.user_agent contains "duckduckgo" and not http.user_agent contains "facebook" and not http.user_agent contains "linkedIn" and not http.user_agent contains "twitter" and not http.user_agent contains "yahoo" and not cf.client.bot) or (cf.threat_score ge 20 and not cf.client.bot) or (http.request.method in {"PURGE" "PUT" "OPTIONS" "DELETE" "PATCH"}) or (http.x_forwarded_for contains "192.0.") or (http.x_forwarded_for contains ".0.0") or (ip.geoip.country in {"T1" "XX"} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not cf.client.bot) or (http.user_agent contains "lient" and http.user_agent contains "ttp") or (http.user_agent contains "libweb") or (http.user_agent contains "libwww") or (http.user_agent contains "wrk") or (http.user_agent contains "hey/") or (ip.geoip.asnum in {14061 60631 28438 60592 30823 4134 32505 27715 22773 131090 135905 55330 16629 4755 53363 34549 135330 47285 60798 207590 203087 198651 43289 14576 207319 201978 208425 201094 18978 52000 204601 199883 8220 36351 45011 8560 23969 45629 20207 6471 8075 45899 31400 208556 12271 7552 26496 21769 6876 45102 5617 199490 35816 131293 20860 31898 131428 8881 25429 29802 4788 3326 39284 13448 46484 174 577 29286 5056 9009 63949 212708 40788 12989 11351 11426 7029 42652 18403 54538 209 62044 3269 395003 8100 4190 12874 19740 197540 45458 136258 50837 51852 4826 195 49588 57613 34248 197099 29287 29066 30083 9534 42905 35804 45012 7303 25961 61317 5610 35320 262187 263693 20552 266706 49327 47232 32098 28429 3255 28431 14117 18734 24088 263196 41096 52228 8069 398101 28725 132196 61154 58199 6877 265537 32097 62240 3329 6830 133199 12334 270110 22884 54600 213375 206092 41009 213251 36444} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not cf.client.bot) or (http.host contains ":80") or (http.host contains ":443") or (http.cookie contains "cf_use_ob=" and not http.cookie contains "0" and not http.cookie contains "80" and not http.cookie contains "443" and not cf.client.bot) 2.防止SQL XSS PHP漏洞
模拟 XSS攻击,请访问 http://<域名>/?html=<script>alert(1)</script> (http.request.uri.query contains ")/*") or (http.request.uri.query contains ")--") or (http.request.uri.query contains "benchmark(") or (http.request.uri.query contains "'0:0:20'") or (http.request.uri.query contains "MD5(") or (http.request.uri.query contains "%20waitfor%20delay%20") or (http.request.uri.query contains "%22") or (http.request.uri.query contains "%20/*") or (http.request.uri.query contains "%20--") or (http.request.uri.query contains "%20%23") or (http.request.uri.query contains ")%23") or (http.request.uri.query contains "script>") or (http.request.uri.query contains "%40") or (http.request.uri.query contains "%00") or (http.request.uri.query contains "<?php") or (http.request.uri.query contains "0x00") or (http.request.uri.query contains "0x08") or (http.request.uri.query contains "0x09") or (http.request.uri.query contains "0x0a") or (http.request.uri.query contains "0x0d") or (http.request.uri.query contains "0x1a") or (http.request.uri.query contains "0x22") or (http.request.uri.query contains "0x25") or (http.request.uri.query contains "0x27") or (http.request.uri.query contains "0x5c") or (http.request.uri.query contains "0x5f") or (http.request.uri.query contains "SELECT") or (http.request.uri.query contains "concat") or (http.request.uri.query contains "union") or (http.request.uri.query contains "0x50") or (http.request.uri.query contains "DROP") or (http.request.uri.query contains "WHERE") or (http.request.uri.query contains "ONION") or (http.request.uri.query contains "0x3c62723e3c62723e3c62723e") or (http.request.uri.query contains "0x3c696d67207372633d22") or (http.request.uri.query contains "OR") or (http.request.uri.query contains "0x3e") or (http.request.uri.query contains "<img") or (http.request.uri.query contains "<image") or (http.request.uri.query contains "document.cookie") or (http.request.uri.query contains "onerror()") or (http.request.uri.query contains "alert(") or (http.request.uri.query contains "window.") or (http.request.uri.query contains "String.fromCharCode(") or (http.request.uri.query contains "javascript:") or (http.request.uri.query contains "onmouseover=") or (http.request.uri.query contains "<BODY onload") or (http.request.uri.query contains "<style") or (http.request.uri.query contains "svg onload") 3.检测异常攻击方法
(http.user_agent eq "109e15941c57") or (http.user_agent eq "d1b2df322c91") or (http.request.uri.query eq "--+") or (http.user_agent eq "84bd2cfee733") or (http.request.uri.query eq "d=1") or (http.user_agent eq "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)") or (http.request.uri.query eq "daksldlkdsadas=1") or (http.request.full_uri contains "\\x03\\x00\\x00/*\\xE0\\x00\\x00\\x00\\x00\\x00Cookie: mstshash=Administr") or (http.request.full_uri contains "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00") or (http.request.full_uri contains "T\\x83\\xF8\\xCCu\\x18\\xA8\\xABw*w\\xF5j\\x91\\xE4[") or (http.request.full_uri contains "-\\x11\\xBERB#:\\xE4.\\xC6\\xFFHA\\x1A\\x03\\xD7") or (http.request.full_uri contains "MGLNDD_") or (http.request.full_uri contains "\\x03\\x00\\x00\\x13\\x0E\\xE0\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x08\\x00\\x03\\x00\\x00\\x00") or (http.request.full_uri contains "fI4y") or (http.request.full_uri contains "o\\xFA\\xC0\\xBE\\xB8\\xC0\\xA4\\xC9\\x89\\xA2\\xC2\\x8F\\x83\\xAF\\x91\\x97\\xBE\\xCD\\xB9\\xCF\\xAC\\x9B\\xB0\\xAB\\xA0\\xB6\\xB1\\xAA\\x9D\\x9C\\x9F\\x96\\x8D\\x93\\xCE\\xB4\\xB3\\xB5\\x98\\xCD\\xA6\\xFA\\xFA\\xFA\\xFA\\x12\\xFD\\xD8\\xF8\\xFA\\xFA\\xC2\\xFA\\xFA\\xFA\\xFA\\x1Af\\xEC\\xF9\\xFA\\xFA\\xFA\\xFA\\xFB\\xE5q\\xF2\\xFA\\xFA\\xFA\\xFA\\xFA\\xFA\\xF9wh\\x97ui\\xBA\\xEA=E\\xF0\\x1B/\\xA7XJ\\xF11Y\\x0B\\xBF\\xB1K\\x1F\\x00\\xFA\\xF8\\xAF5Y\\xDB\\xA1\\xA2 \\xE00\\xCC\\xBAU]<\\x15\\x14\\xBA\\xC7W7c\\x02\\x98\\xC996\\x95\\x1C\\xC5\\x164yR\\xE7\\x8C\\x90\\x8E\\x06\\x92w\\xCD\\xE9\\x0E\\x14!\\x19\\x87KE\\xE1\\x86 ,)\\xEA\\x85_\\x16I(\\x86\\x8B?\\xADXx\\xD7\\xE7\\xB67\\x83\\xF1\\xFC;\\x83\\xC8\\x0F\\xAE\\xDD\\x1A\\xCA\\xBF\\xD3\\xF0\\x98\\xAA\\xD9=\\xD0\\xD0\\xD6\\xEF\\xABQZ\xBCrhc@[\x9Cz\xEA\x8AJ|\x8F\xEF\x86V\x11\xDC\xBB\x5C\xF8T\xF3=\x9B\xAF\x11\xBD8\x96\xAD\xE7e~ov\\xCC\\xB6\\xCA\\xDE\\xB78\\xDC\\xD88w9\\x91\\x8C\\xD1\\xDE/\\x98\\xCA\\x8D%\\xDC\\x85+sb\\xAE\\xE5&\\xCA\\x08\\x06\\xFF\\x9Ev\\xA5\\x96\\xED\\x0F\\xBC\\xEA2\\xFA\\x1F7\\x03\\xC9g\\x83)TF$H\\xA8\\xD2\\xA24\\x91\\x80\\xABg\\x0CF+\\xBFx*w\\x19\\x01\\x0E\\xFF\\xCF\\x1B\\xA8\\x9AJrF.\\x0B\\x9D\\x84\\xF2\\xEE\\x80Y\\x18\\xD4\\x12\\xFE\\x14\\x89\\x9B\\x8C\\x9AL6\\x17\\x09\\xF25\\x5C\\xEDb\\x02\\x89\\xCD\\xA7|\\xC9zL\\x97\\x81\\x92\\x96\\xA3\\xC4g\\xB4(\\xE3k\\x82Gk\\xC1\\x90B\\xE6][\\xE1\\x02\\x9B\\x86?Tua\\x1C\\xE0\\xFC\\x9F\\x8D\\xEB\\x01\\xAB\\xC0\\xE5\\xD6\\x98\\xD5\\xE0<\\x93\\xEA\\x00\\x8DT\\xE9\\x05\\x04y-G\\x0E\\xC5R\\x0E\\x18\\xF4\\xC1\\xD6\\x8E\\xBDi\\xBBf\\xBC1Z-\\xFD\\x90N\\x16\\x81\\x07C*mk\\x11\\xBCZ\\x02\\x85\\x95a\\xDE\\xAB\\xA8\\xB7\\xA3\\xA7;\\x19\\xDE\\xB3\\xD7") or (http.request.full_uri contains "\\x00\\x00\\x00") or (http.request.full_uri contains "\\x02") or (http.request.full_uri contains "v\\xF0m\\xB0b\\xAF\\x8F\\x883\\xE4U)8\\x99E\\x14") or (http.request.full_uri contains "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00") or (http.request.full_uri contains "!\\xFA\\xAC\\x8E\\x12^\\x87\\x1F9E\\xF8\\xBBT5\\x18\\xBF\\xE3\\x0Fc\\xB0\\xC3+!\\xB0y\\xA7\\xE0\\x1B\\xCF+!\\xB0\\xC2/c\\xB0\\xC3+\\x22\\xB8\\xC3+!\\xB0\\xC3+!\\xB0i+!\\xB0\\xC3+") or (http.request.full_uri contains "\\x00\\x0E8\\x89\\x99\\xDCZFS\\xEDM\\x00\\x00\\x00\\x00\\x00") or (http.request.full_uri contains "j\\x00\\xFD U\\x8De\\xC2G\\xB6\\x9A\\x83g\\xA3-\\xB6") or (http.request.full_uri contains "SSTP_DUPLEX_POST") or (http.request.full_uri contains "sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}") 4.威胁检测(可选)
(http.request.version in {"HTTP/1.1" "HTTP/1.2"} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not ip.geoip.asnum in {13238 15169 8075 47541 32934} and not cf.client.bot) or (cf.threat_score ge 10 and not cf.client.bot) or (not ssl) or (ip.geoip.continent in {"AF" "AS" "AN" "EU" "NA" "OC" "SA"} and not ip.geoip.country in {"RU" "MD" "BY" "UA" "GB" "US" "FR" "ES" "IT" "CA" "DE" "SE" "FI" "BE" "NL"} and not ip.geoip.asnum in {13238 15169 8075 47541 32934} and not cf.client.bot) or (http.referer eq "" and not cf.client.bot) 5.Cloudflare WAF 反 DDoS
(cf.client.bot) or (http.user_agent eq "vercel-fetch") or (ip.src in {209.251.16.230 192.140.42.83 196.0.111.194 83.221.194.199 203.81.87.186 200.29.109.112 110.235.250.155 190.53.46.11 181.209.82.154 136.228.160.250 193.35.18.0/24}) or (ip.geoip.asnum in {16509 11878 14061 46261 46664 207990 611 9009 132203 132153 136907 51852 396982 27176 14618 212238 24940 50613 12876 63199 45090 63949 16276 18779 203999 55286 21769 60781 64267 210558 45102 3462 8075 4766 31898 8151 4314 3223 2514 63473 398101 26496 397336 46562 39690 62567 135340 200130 201229 202018 202109 205301 393406 394362 2 398712 8560 398324 3352 8100 397373 13768 202425 137409 400536 10753 198953 53831 6461 394814 45102 38731 399486 136557 135377 136787 49825 400175 20454 63023 12552 47583 210644 25369 42926 394711 3462 54538 399646 206264 42831 53667 200651 25513 399646 51396 47066 1101 208323 39043 51290 4224 31200 25513 133301 36352 62282 58519 48090 208226 200000 42730 56655 140389}) or (http.user_agent contains "Chrome/7") or (http.user_agent contains "Chrome/5") or (http.user_agent contains "Chrome/8") or (http.user_agent contains "Chrome/6") or (http.user_agent contains "Chrome/9") or (http.user_agent contains "Chrome/10") or (http.user_agent contains "Chrome/3") or (http.user_agent contains "Chrome/4") or (http.user_agent contains "Firefox/3") or (http.user_agent contains "Firefox/4") or (http.user_agent contains "Firefox/5") or (http.user_agent contains "Firefox/6") or (http.user_agent contains "Firefox/7") or (ip.geoip.country eq "T1") 6.可疑访问过滤器
((not cf.client.bot and ((http.x_forwarded_for contains ".") or (http.request.full_uri contains "?" and not http.request.full_uri contains ".css" and not http.request.full_uri contains ".js" and not http.request.full_uri contains "cf_chl_jschl_tk") or (not ip.geoip.country in {"CN" "HK" "TW" "MO"}) or (http.request.method ne "GET")))) 7.简单防止CC攻击或DDOS攻击
(ip.src >= 1 AND ip.src <= 4294967295) AND (http.request.method eq "GET") AND (cf.threat_score ge 1) AND (NOT (ip.src in {trusted_IP_addresses})) |