henryonsoftware · September 8, 2024 05:25
diff --git a/cloudflare_waf_rule.txt b/cloudflare_waf_rule.txt
 (cf.threat_score gt 15) or
 (http.user_agent eq "") or
 (lower(http.user_agent) contains "crawler" and not http.user_agent contains "ia_archiver") or
 (lower(http.user_agent) contains "spider") or
 (http.user_agent contains "AhrefsBot/") or
 (http.user_agent contains "baidu.com") or
 (http.user_agent contains "biggo.com") or
 (http.user_agent contains "/bin/bash") or
 (http.user_agent contains "DnyzBot/") or
 (http.user_agent contains "DotBot/") or
 (http.user_agent contains "eval(") or
 (http.user_agent contains "Go-http-client/") or
 (http.user_agent contains "Nikto") or
 (http.user_agent contains "Nimbostratus") or
 (http.user_agent contains "python-requests") or
 (http.user_agent contains "Scrapy/") or
 (http.user_agent contains "SeznamBot/") or
 (http.user_agent contains "Sogou") or
 (http.user_agent contains "spbot/") or
 (http.user_agent contains "Uptimebot/") or
 (http.user_agent contains "WebDAV-MiniRedir") or
 (http.user_agent contains "WinHttp.WinHttpRequest") or
 (http.user_agent contains "concat") or
 (http.user_agent contains "SemrushBot/") or
 (http.user_agent contains "Bytedance") or
 (http.user_agent contains "Bytespider") or
 (http.request.uri contains "/wp-json/wp/v2/users/") or
 (http.request.uri contains "wp-config.") or
 (http.request.uri contains "wp-login.php") or
 (lower(http.request.uri.path) contains "phpmyadmin") or
 (http.request.uri.path contains "/phpunit") or
 (http.request.uri contains "<?php") or
 (http.cookie contains "<?php") or
 (http.request.uri contains "passwd") or
 (http.request.uri contains "/dfs/") or
 (http.request.uri contains "/autodiscover/") or
 (http.request.uri contains "/wpad.") or
 (http.request.uri contains "/wallet.dat") or
 (http.request.uri contains "webconfig.txt") or
 (http.request.uri contains "vuln.") or
 (http.request.uri contains ".env") or
 (http.request.uri.query contains "astebin.com/") or
 (http.request.uri.query contains "swp_url") or
 (http.request.uri.query contains "base64") or
 (http.request.uri.query contains "<script") or (http.request.uri.query contains "%3Cscript") or
 (http.cookie contains "<script") or (http.referer contains "<script") or
 (http.request.uri.query contains "$_GLOBALS[") or
 (http.request.uri.query contains "$_REQUEST[") or
 (http.request.uri.query contains "$_POST[")
	(cf.threat_score gt 15) or
	(http.user_agent eq "") or
	(lower(http.user_agent) contains "crawler" and not http.user_agent contains "ia_archiver") or
	(lower(http.user_agent) contains "spider") or
	(http.user_agent contains "AhrefsBot/") or
	(http.user_agent contains "baidu.com") or
	(http.user_agent contains "biggo.com") or
	(http.user_agent contains "/bin/bash") or
	(http.user_agent contains "DnyzBot/") or
	(http.user_agent contains "DotBot/") or
	(http.user_agent contains "eval(") or
	(http.user_agent contains "Go-http-client/") or
	(http.user_agent contains "Nikto") or
	(http.user_agent contains "Nimbostratus") or
	(http.user_agent contains "python-requests") or
	(http.user_agent contains "Scrapy/") or
	(http.user_agent contains "SeznamBot/") or
	(http.user_agent contains "Sogou") or
	(http.user_agent contains "spbot/") or
	(http.user_agent contains "Uptimebot/") or
	(http.user_agent contains "WebDAV-MiniRedir") or
	(http.user_agent contains "WinHttp.WinHttpRequest") or
	(http.user_agent contains "concat") or
	(http.user_agent contains "SemrushBot/") or
	(http.user_agent contains "Bytedance") or
	(http.user_agent contains "Bytespider") or
	(http.request.uri contains "/wp-json/wp/v2/users/") or
	(http.request.uri contains "wp-config.") or
	(http.request.uri contains "wp-login.php") or
	(lower(http.request.uri.path) contains "phpmyadmin") or
	(http.request.uri.path contains "/phpunit") or
	(http.request.uri contains "<?php") or
	(http.cookie contains "<?php") or
	(http.request.uri contains "passwd") or
	(http.request.uri contains "/dfs/") or
	(http.request.uri contains "/autodiscover/") or
	(http.request.uri contains "/wpad.") or
	(http.request.uri contains "/wallet.dat") or
	(http.request.uri contains "webconfig.txt") or
	(http.request.uri contains "vuln.") or
	(http.request.uri contains ".env") or
	(http.request.uri.query contains "astebin.com/") or
	(http.request.uri.query contains "swp_url") or
	(http.request.uri.query contains "base64") or
	(http.request.uri.query contains "<script") or (http.request.uri.query contains "%3Cscript") or
	(http.cookie contains "<script") or (http.referer contains "<script") or
	(http.request.uri.query contains "$_GLOBALS[") or
	(http.request.uri.query contains "$_REQUEST[") or
	(http.request.uri.query contains "$_POST[")