全球主机交流论坛

标题: 【已更新】终于搞好了Cloudflare防火墙规则，这下省心了吧 [打印本页]

---

作者: t9913085    时间: 2022-1-19 21:53
标题: 【已更新】终于搞好了Cloudflare防火墙规则，这下省心了吧





参照的aws大佬的和欧阳的和 https://github.com/XMD0718/cloudflare-block-bad-bot-ruleset

表达式

1. 有人觉得允许合法机器人应该放到第5位优先级，我还是觉得应该放在第一位，你还是自己考虑一下优先级吧，也许我是错的

(cf.client.bot)

2.这里我设置的危险分数是2，如果觉得误杀率高，可以将危险分数提高到5

(cf.threat_score gt 2 and not cf.client.bot)

3. 平时就开质询吧，遭受攻击的时候直接阻止

(ip.geoip.asnum in {10026 10453 11351 11426 11691 12076 1215 1216 1217 12271 12334 12367 12874 12876 12989 131090 131106 131138 131139 131140 131141 131293 131428 131444 131477 131486 131495 132196 132203 132509 132510 132513 132591 132839 133024 133199 133380 133478 133492 133746 133752 133774 133775 133776 133905 133929 134238 134327 134760 134761 134763 134764 134769 134770 134771 134835 134963 135061 135290 135300 135330 135377 135629 137693 137697 137699 137753 137784 137785 137787 137788 137876 137969 138366 138407 138607 138915 138949 138950 138952 138982 138994 139007 139018 139124 139144 139201 139203 139220 139316 139327 139726 139887 140096 140596 14061 140701 140716 140717 140720 140723 140979 141157 14117 141180 14140 142570 14576 14618 149167 15169 16276 16509 16591 16629 17043 174 17428 17707 177453 177549 17788 17789 17790 17791 18013 18228 18403 18450 18599 18734 18978 195 19527 197099 19740 197540 198047 198651 199490 199506 199524 199883 200756 201094 201978 202053 20207 202675 203087 204601 204720 20473 20552 20554 206092 206204 206791 206798 207319 207400 207590 208425 208556 20860 209 211914 212708 213251 213375 21704 21769 21859 21887 22773 22884 23468 23724 23885 23959 23969 24088 24192 24424 24429 24940 2497 25429 25697 25820 25935 25961 26160 262187 263022 263196 263639 263693 264344 264509 26496 265443 265537 266706 267784 26818 269939 270110 27715 28429 28431 28438 28725 29066 2914 29286 29287 29802 30083 30823 31122 31235 31400 31898 32097 32098 3223 32505 3255 32613 3269 328608 3326 3329 34081 34248 34549 3457 3462 34947 35070 35212 35320 35540 35593 35804 35816 35908 35916 3598 36351 36352 36384 36385 36444 36492 36806 37963 37969 38001 38197 38283 38365 38538 38587 38588 38627 39284 394699 395003 395936 395954 395973 398101 40065 40676 40788 41009 41096 41264 41378 4184 4190 42652 42905 43289 43624 43989 45011 45012 45062 45076 45085 45090 45102 45102 45102 45103 45104 45139 45458 45566 45576 45629 45753 45899 45932 4637 46484 46844 4694 47232 47285 4755 4785 4788 47927 48024 48024 4816 4826 48337 4835 48905 49327 49588 49981 50297 50340 5056 50837 51852 52000 52228 52341 53089 54463 54538 54574 54600 54854 54994 55158 55330 55720 55799 55924 55933 55960 55967 55990 55992 56005 56011 5610 56109 5617 56222 57613 577 58073 58199 58461 58466 58519 58543 58563 58593 58772 58773 58774 58775 58776 58844 58854 58862 58879 59019 59028 59048 59050 59051 59052 59053 59054 59055 59067 59077 59374 60068 60592 60631 60798 61154 61317 61348 61577 61853 62044 62240 62468 62785 62904 63018 63023 63075 63288 63314 63545 63612 63620 63631 63655 63677 63678 63679 63727 63728 63729 63835 63838 63888 63916 63949 64050 6471 6584 6830 6876 6877 6939 7029 7224 7303 7489 7552 7684 792 793 794 8068 8069 8070 8071 8074 8075 8100 8220 8560 8881 8987 9009 9299 9312 9370 9534 9678 9952 9984} and not cf.client.bot) or (ip.src in $badip)

(, 下载次数: 265)

上传

点击文件名下载附件

4.

(http.user_agent contains "fuck") or (http.user_agent contains "lient" and http.user_agent contains "ttp") or (http.user_agent contains "java") or (http.user_agent contains "Joomla") or (http.user_agent contains "libweb") or (http.user_agent contains "libwww") or (http.user_agent contains "PHPCrawl") or (http.user_agent contains "PyCurl") or (http.user_agent contains "python") or (http.user_agent contains "wrk") or (http.user_agent contains "hey/") or (http.user_agent contains "Acunetix") or (http.user_agent contains "apache") or (http.user_agent contains "BackDoorBot") or (http.user_agent contains "cobion") or (http.user_agent contains "masscan") or (http.user_agent contains "FHscan") or (http.user_agent contains "scanbot") or (http.user_agent contains "Gscan") or (http.user_agent contains "Researchscan") or (http.user_agent contains "WPScan") or (http.user_agent contains "ScanAlert") or (http.user_agent contains "Wprecon") or (http.user_agent contains "virusdie") or (http.user_agent contains "VoidEYE") or (http.user_agent contains "WebShag") or (http.user_agent contains "Zeus") or (http.user_agent contains "zgrab") or (http.user_agent contains "zmap") or (http.user_agent contains "nmap") or (http.user_agent contains "fimap") or (http.user_agent contains "ZmEu") or (http.user_agent contains "ZumBot") or (http.user_agent contains "Zyborg") or (http.user_agent contains "attachment") or (http.user_agent eq "undefined") or (http.user_agent eq "")


5.

(http.user_agent contains "Abonti") or (http.user_agent contains "admantx") or (http.user_agent contains "aipbot") or (http.user_agent contains "AllSubmitter") or (http.user_agent contains "Backlink") or (http.user_agent contains "backlink") or (http.user_agent contains "Badass") or (http.user_agent contains "Bigfoot") or (http.user_agent contains "blexbot") or (http.user_agent contains "Buddy") or (http.user_agent contains "CherryPicker") or (http.user_agent contains "cloudsystemnetwork") or (http.user_agent contains "cognitiveseo") or (http.user_agent contains "Collector") or (http.user_agent contains "cosmos") or (http.user_agent contains "CrazyWebCrawler") or (http.user_agent contains "Crescent") or (http.user_agent contains "Devil") or (http.user_agent contains "domain" and http.user_agent contains "spider") or (http.user_agent contains "domain" and http.user_agent contains "stat") or (http.user_agent contains "domain" and http.user_agent contains "Appender") or (http.user_agent contains "domain" and http.user_agent contains "Crawler") or (http.user_agent contains "DittoSpyder") or (http.user_agent contains "Konqueror") or (http.user_agent contains "Easou") or (http.user_agent contains "Yisou") or (http.user_agent contains "Etao") or (http.user_agent contains "mail" and http.user_agent contains "olf") or (http.user_agent contains "mail" and http.user_agent contains "spider") or (http.user_agent contains "exabot.com") or (http.user_agent contains "getintent") or (http.user_agent contains "Grabber") or (http.user_agent contains "GrabNet") or (http.user_agent contains "HEADMasterSEO") or (http.user_agent contains "heritrix") or (http.user_agent contains "htmlparser") or (http.user_agent contains "hubspot") or (http.user_agent contains "Jyxobot") or (http.user_agent contains "kraken") or (http.user_agent contains "larbin") or (http.user_agent contains "ltx71") or (http.user_agent contains "leiki") or (http.user_agent contains "LinkScan") or (http.user_agent contains "Magnet") or (http.user_agent contains "Mag-Net") or (http.user_agent contains "Mechanize") or (http.user_agent contains "MegaIndex") or (http.user_agent contains "Metasearch") or (http.user_agent contains "MJ12bot") or (http.user_agent contains "moz.com") or (http.user_agent contains "Navroad") or (http.user_agent contains "Netcraft") or (http.user_agent contains "niki-bot") or (http.user_agent contains "NimbleCrawler") or (http.user_agent contains "Nimbostratus") or (http.user_agent contains "Ninja") or (http.user_agent contains "Openfind") or (http.user_agent contains "Page" and http.user_agent contains "Analyzer") or (http.user_agent contains "Pixray") or (http.user_agent contains "probethenet") or (http.user_agent contains "proximic") or (http.user_agent contains "psbot") or (http.user_agent contains "RankActive") or (http.user_agent contains "RankingBot") or (http.user_agent contains "RankurBot") or (http.user_agent contains "Reaper") or (http.user_agent contains "SalesIntelligent") or (http.user_agent contains "Semrush") or (http.user_agent contains "SEOkicks") or (http.user_agent contains "spbot") or (http.user_agent contains "SEOstats") or (http.user_agent contains "Snapbot") or (http.user_agent contains "Stripper") or (http.user_agent contains "Siteimprove") or (http.user_agent contains "sitesell") or (http.user_agent contains "Siphon") or (http.user_agent contains "Sucker") or (http.user_agent contains "TenFourFox") or (http.user_agent contains "TurnitinBot") or (http.user_agent contains "trendiction") or (http.user_agent contains "twingly") or (http.user_agent contains "VidibleScraper") or (http.user_agent contains "WebLeacher") or (http.user_agent contains "WebmasterWorldForum") or (http.user_agent contains "webmeup") or (http.user_agent contains "Webster") or (http.user_agent contains "Widow") or (http.user_agent contains "Xaldon") or (http.user_agent contains "Xenu") or (http.user_agent contains "xtractor") or (http.user_agent contains "Zermelo")

---

作者: syouko    时间: 2022-1-19 21:54
这是我免费版就能享用的吗？

---

作者: tinyghost    时间: 2022-1-19 21:55
求分享规则

---

作者: iiss    时间: 2022-1-19 21:56
Cloudflare 我一直不会配 都是瞎选瞎配置 有没有详细教程

---

作者: yushum    时间: 2022-1-19 21:56
我记得我收藏了 找不着了

---

作者: sakuramai    时间: 2022-1-19 21:56
求分享，大佬。

---

作者: 好运    时间: 2022-1-19 21:57
分享一下呗

---

作者: wl4236820    时间: 2022-1-19 22:08
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: t9913085    时间: 2022-1-19 22:08


1.  

(cf.client.bot)

2.

(cf.threat_score gt 2 and not cf.client.bot)

3. 增加了凉心云 套路云 菊花云 京东云 常见IDC机房的 ASN

(ip.geoip.asnum in {10026 10453 11351 11426 11691 12076 1215 1216 1217 12271 12334 12367 12874 12876 12989 131090 131106 131138 131139 131140 131141 131293 131428 131444 131477 131486 131495 132196 132203 132509 132510 132513 132591 132839 133024 133199 133380 133478 133492 133746 133752 133774 133775 133776 133905 133929 134238 134327 134760 134761 134763 134764 134769 134770 134771 134835 134963 135061 135290 135300 135330 135377 135629 137693 137697 137699 137753 137784 137785 137787 137788 137876 137969 138366 138407 138607 138915 138949 138950 138952 138982 138994 139007 139018 139124 139144 139201 139203 139220 139316 139327 139726 139887 140096 140596 14061 140701 140716 140717 140720 140723 140979 141157 14117 141180 14140 142570 14576 14618 149167 15169 16276 16509 16591 16629 17043 174 17428 17707 177453 177549 17788 17789 17790 17791 18013 18228 18403 18450 18599 18734 18978 195 19527 197099 19740 197540 198047 198651 199490 199506 199524 199883 200756 201094 201978 202053 20207 202675 203087 204601 204720 20473 20552 20554 206092 206204 206791 206798 207319 207400 207590 208425 208556 20860 209 211914 212708 213251 213375 21704 21769 21859 21887 22773 22884 23468 23724 23885 23959 23969 24088 24192 24424 24429 24940 2497 25429 25697 25820 25935 25961 26160 262187 263022 263196 263639 263693 264344 264509 26496 265443 265537 266706 267784 26818 269939 270110 27715 28429 28431 28438 28725 29066 2914 29286 29287 29802 30083 30823 31122 31235 31400 31898 32097 32098 3223 32505 3255 32613 3269 328608 3326 3329 34081 34248 34549 3457 3462 34947 35070 35212 35320 35540 35593 35804 35816 35908 35916 3598 36351 36352 36384 36385 36444 36492 36806 37963 37969 38001 38197 38283 38365 38538 38587 38588 38627 39284 394699 395003 395936 395954 395973 398101 40065 40676 40788 41009 41096 41264 41378 4184 4190 42652 42905 43289 43624 43989 45011 45012 45062 45076 45085 45090 45102 45102 45102 45103 45104 45139 45458 45566 45576 45629 45753 45899 45932 4637 46484 46844 4694 47232 47285 4755 4785 4788 47927 48024 48024 4816 4826 48337 4835 48905 49327 49588 49981 50297 50340 5056 50837 51852 52000 52228 52341 53089 54463 54538 54574 54600 54854 54994 55158 55330 55720 55799 55924 55933 55960 55967 55990 55992 56005 56011 5610 56109 5617 56222 57613 577 58073 58199 58461 58466 58519 58543 58563 58593 58772 58773 58774 58775 58776 58844 58854 58862 58879 59019 59028 59048 59050 59051 59052 59053 59054 59055 59067 59077 59374 60068 60592 60631 60798 61154 61317 61348 61577 61853 62044 62240 62468 62785 62904 63018 63023 63075 63288 63314 63545 63612 63620 63631 63655 63677 63678 63679 63727 63728 63729 63835 63838 63888 63916 63949 64050 6471 6584 6830 6876 6877 6939 7029 7224 7303 7489 7552 7684 792 793 794 8068 8069 8070 8071 8074 8075 8100 8220 8560 8881 8987 9009 9299 9312 9370 9534 9678 9952 9984} and not cf.client.bot)

4.欧阳的IP黑名单

(ip.src in $badip and not cf.client.bot)
(, 下载次数: 157)

上传

点击文件名下载附件

5.

https://github.com/XMD0718/cloudflare-block-bad-bot-ruleset

---

作者: puerboy    时间: 2022-1-19 22:10
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: jiangjk    时间: 2022-1-19 22:20

t9913085 发表于 2022-1-19 22:08
1.  

(cf.client.bot)

感谢大佬分享

---

作者: xinchenmi    时间: 2022-1-19 22:28
用这个需不需要开小云朵啊

---

作者: By小酷    时间: 2022-1-19 22:39
顺序错了，把阻止的放前面，允许的放后面，规则从上到下匹配，匹配了就不会继续往下

---

作者: t9913085    时间: 2022-1-19 22:40

By小酷 发表于 2022-1-19 22:39
顺序错了，把阻止的放前面，允许的放后面，规则从上到下匹配，匹配了就不会继续往下 ...

搜索引擎的蜘蛛肯定是要第一个允许的，除非你不想收录

---

作者: 违法主机    时间: 2022-1-19 23:10
非https好像不能访问....？？？

---

作者: By小酷    时间: 2022-1-19 23:19

t9913085 发表于 2022-1-19 22:40
搜索引擎的蜘蛛肯定是要第一个允许的，除非你不想收录

都说了，你设置错了。不信就算
官方的机器人认证是只要是登记的机器人都是合法的。你自己不排除一些劣质爬虫，你后面补的那些根本没作用

---

作者: t9913085    时间: 2022-1-19 23:45

By小酷 发表于 2022-1-19 23:19
都说了，你设置错了。不信就算
官方的机器人认证是只要是登记的机器人都是合法的。你自己不排除一些劣质 ...

好的 我试试

---

作者: t9913085    时间: 2022-1-19 23:48

By小酷 发表于 2022-1-19 23:19
都说了，你设置错了。不信就算
官方的机器人认证是只要是登记的机器人都是合法的。你自己不排除一些劣质 ...

我把度娘ASN封光了，允许爬虫也没用了啊

---

作者: 清蒸三文鱼    时间: 2022-1-19 23:59
看到有争议,坐等楼主更新

---

作者: mjjok    时间: 2022-1-20 00:08

t9913085 发表于 2022-1-19 22:08
1.  

(cf.client.bot)

1.  

(cf.client.bot)

2.

(cf.threat_score gt 2 and not cf.client.bot)

3. 增加了凉心云 套路云 菊花云 京东云的 ASN

(ip.geoip.asnum in {10026 10453 11351 11426 11691 12076 1215 1216 1217 12271 12334 12367 12874 12876 12989 131090 131106 131138 131139 131140 131141 131293 131428 131444 131477 131486 131495 132196 132203 132509 132510 132513 132591 132839 133024 133199 133380 133478 133492 133746 133752 133774 133775 133776 133905 133929 134238 134327 134760 134761 134763 134764 134769 134770 134771 134835 134963 135061 135290 135300 135330 135377 135629 137693 137697 137699 137753 137784 137785 137787 137788 137876 137969 138366 138407 138607 138915 138949 138950 138952 138982 138994 139007 139018 139124 139144 139201 139203 139220 139316 139327 139726 139887 140096 140596 14061 140701 140716 140717 140720 140723 140979 141157 14117 141180 14140 142570 14576 14618 149167 15169 16276 16509 16591 16629 17043 174 17428 17707 177453 177549 17788 17789 17790 17791 18013 18228 18403 18450 18599 18734 18978 195 19527 197099 19740 197540 198047 198651 199490 199506 199524 199883 200756 201094 201978 202053 20207 202675 203087 204601 204720 20473 20552 20554 206092 206204 206791 206798 207319 207400 207590 208425 208556 20860 209 211914 212708 213251 213375 21704 21769 21859 21887 22773 22884 23468 23724 23885 23959 23969 24088 24192 24424 24429 24940 2497 25429 25697 25820 25935 25961 26160 262187 263022 263196 263639 263693 264344 264509 26496 265443 265537 266706 267784 26818 269939 270110 27715 28429 28431 28438 28725 29066 2914 29286 29287 29802 30083 30823 31122 31235 31400 31898 32097 32098 3223 32505 3255 32613 3269 328608 3326 3329 34081 34248 34549 3457 3462 34947 35070 35212 35320 35540 35593 35804 35816 35908 35916 3598 36351 36352 36384 36385 36444 36492 36806 37963 37969 38001 38197 38283 38365 38538 38587 38588 38627 39284 394699 395003 395936 395954 395973 398101 40065 40676 40788 41009 41096 41264 41378 4184 4190 42652 42905 43289 43624 43989 45011 45012 45062 45076 45085 45090 45102 45102 45102 45103 45104 45139 45458 45566 45576 45629 45753 45899 45932 4637 46484 46844 4694 47232 47285 4755 4785 4788 47927 48024 48024 4816 4826 48337 4835 48905 49327 49588 49981 50297 50340 5056 50837 51852 52000 52228 52341 53089 54463 54538 54574 54600 54854 54994 55158 55330 55720 55799 55924 55933 55960 55967 55990 55992 56005 56011 5610 56109 5617 56222 57613 577 58073 58199 58461 58466 58519 58543 58563 58593 58772 58773 58774 58775 58776 58844 58854 58862 58879 59019 59028 59048 59050 59051 59052 59053 59054 59055 59067 59077 59374 60068 60592 60631 60798 61154 61317 61348 61577 61853 62044 62240 62468 62785 62904 63018 63023 63075 63288 63314 63545 63612 63620 63631 63655 63677 63678 63679 63727 63728 63729 63835 63838 63888 63916 63949 64050 6471 6584 6830 6876 6877 6939 7029 7224 7303 7489 7552 7684 792 793 794 8068 8069 8070 8071 8074 8075 8100 8220 8560 8881 8987 9009 9299 9312 9370 9534 9678 9952 9984} and not cf.client.bot)

4.欧阳发的

5.

https://github.com/XMD0718/cloudflare-block-bad-bot-ruleset

不错，收藏并复制一下，一面楼主被办了，就看不到了。

---

作者: huanx    时间: 2022-1-20 00:09
标记一下 万一以后有用..

---

作者: mjjok    时间: 2022-1-20 00:09

By小酷 发表于 2022-1-19 23:19
都说了，你设置错了。不信就算
官方的机器人认证是只要是登记的机器人都是合法的。你自己不排除一些劣质 ...

有道理啊

---

作者: By小酷    时间: 2022-1-20 00:24

t9913085 发表于 2022-1-19 23:48
我把度娘ASN封光了，允许爬虫也没用了啊

如果你在防火墙的规则里添加 那么度娘的机器人匹配到第一个允许 那么他就不会继续往下匹配拒绝 直接作为放行可以被访问 你2 3 4 5的规则就不会对放行的IP起作用

---

作者: 哈登    时间: 2022-1-20 05:32
楼主要是写个详细的教程就更好了

---

作者: super6969    时间: 2022-1-20 05:53
这需要开启CDN食用？

---

作者: 甜菜超人    时间: 2022-1-20 09:17
感谢分享，自从早上设置了这个‘阻止’，发现服务器CPU和内存占用量显著下降，奶奶的，原来非法BOT害的服务器资源不够，我还想着那么个个人博客，怎么会有那么大的资源占用，都要怀疑人生了

---

作者: mytk-asa    时间: 2022-1-20 09:23
mark一下

---

作者: e2e    时间: 2022-1-20 09:28
收藏一下

---

作者: allnetstore    时间: 2022-1-20 09:32
12%的CSR，这说明误杀率太高了

---

作者: t9913085    时间: 2022-1-20 10:04

allnetstore 发表于 2022-1-20 09:32
12%的CSR，这说明误杀率太高了

目前危险分数设置的大于2就质询，
再说这个只是质询，未阻止，如果实在介意误杀率的话，可以把危险分数上调，比如调到5

---

作者: 51Yo    时间: 2022-1-20 10:10
欧阳的规则是什么？

---

作者: 深蓝的蓝    时间: 2022-1-20 15:33
cf不卡的话，还是很不错的

---

作者: 雾山    时间: 2022-1-20 15:41
欧阳大佬规则是啥

---

作者: t9913085    时间: 2022-1-20 16:23

雾山 发表于 2022-1-20 15:41
欧阳大佬规则是啥

已经补上了最新的

---

作者: whl32    时间: 2022-1-20 17:09
有没快速黑名单IP批量导入

---

作者: Floppy    时间: 2022-1-20 17:16
把你网站发出来让论坛里大佬练练手？

---

作者: whl32    时间: 2022-1-20 17:46
搞定，复制了一下，虽然每天10Ip的站不知道什么时候用得上

---

作者: 雾山    时间: 2022-1-21 09:06

t9913085 发表于 2022-1-20 16:23
已经补上了最新的

感谢，已经用上了

---

作者: t9913085    时间: 2022-1-21 15:56

allnetstore 发表于 2022-1-20 09:32
12%的CSR，这说明误杀率太高了

24小时请求总数540.88k，拦截128个，其中误杀16个，个人觉得这个误杀率还是可以接受的

---

作者: 温柔尝尽了吗    时间: 2022-1-21 20:31
mark

---

作者: Humloane    时间: 2022-1-21 20:56
感谢大佬分享

---

作者: .admin.    时间: 2022-1-22 15:56
很好用谢谢了。
配了几个图记录了一下。


https://www.vksec.com/Cloudflare ... AE%B0%E5%BD%95.html

---

作者: s920361    时间: 2022-1-22 15:57
沒有規則，反正沒人看

---

作者: ABNER_3036    时间: 2022-1-22 17:00
收下了

---

作者: LoliR    时间: 2022-1-22 19:14

allnetstore 发表于 2022-1-20 09:32
12%的CSR，这说明误杀率太高了

确实 12% 太高了，我才 0%

---

作者: ee5    时间: 2022-1-24 19:24
Cloudflare 我也是瞎jier配的。。

---

欢迎光临 全球主机交流论坛 (https://loc.010206.xyz/)

Powered by Discuz! X3.4