配置 Cloudflare 的 Web 应用防火墙(WAF)可以有效提升您网站的安全性,防止恶意攻击。
6.1部署Cloudflare的WAF规则
放行自己原站IP
(ip.src eq 33.222.44.22) or (ip.src eq 247e:356:1c13:3080:2888:dc53:addd:5888)放行SEO爬虫
(cf.client.bot) or (http.user_agent contains "duckduckgo") or (http.user_agent contains "facebookexternalhit") or (http.user_agent contains "Feedfetcher-Google") or (http.user_agent contains "LinkedInBot") or (http.user_agent contains "Mediapartners-Google") or (http.user_agent contains "msnbot") or (http.user_agent contains "Slackbot") or (http.user_agent contains "TwitterBot") or (http.user_agent contains "ia_archive") or (http.user_agent contains "yahoo")质询恶意流量
(cf.threat_score ge 5 and not cf.client.bot) or (not http.request.version in {"HTTP/2" "HTTP/3"}) or (not ip.geoip.country in {"AU" "CA" "FR" "DE" "HK" "IR" "JP" "KR" "MY" "SG" "TW" "GB" "US" "CN"})质询恶意浏览(增强版)
(http.request.uri.query contains ")/*") or
(http.request.uri.query contains ")--") or
(http.request.uri.query contains "benchmark(") or
(http.request.uri.query contains "'0:0:20'") or
(http.request.uri.query contains "MD5(") or
(http.request.uri.query contains "%20waitfor%20delay%20") or
(http.request.uri.query contains "%22") or
(http.request.uri.query contains "%20/*") or
(http.request.uri.query contains "%20--") or
(http.request.uri.query contains "%20%23") or
(http.request.uri.query contains ")%23") or
(http.request.uri.query contains "script>") or
(http.request.uri.query contains "%40") or
(http.request.uri.query contains "%00") or
(http.request.uri.query contains "<?php") or
(http.request.uri.query contains "0x00") or
(http.request.uri.query contains "0x08") or
(http.request.uri.query contains "0x09") or
(http.request.uri.query contains "0x0a") or
(http.request.uri.query contains "0x0d") or
(http.request.uri.query contains "0x1a") or
(http.request.uri.query contains "0x22") or
(http.request.uri.query contains "0x25") or
(http.request.uri.query contains "0x27") or
(http.request.uri.query contains "0x5c") or
(http.request.uri.query contains "0x5f") or
(http.request.uri.query contains "SELECT") or
(http.request.uri.query contains "concat") or
(http.request.uri.query contains "union") or
(http.request.uri.query contains "0x50") or
(http.request.uri.query contains "DROP") or
(http.request.uri.query contains "WHERE") or
(http.request.uri.query contains "ONION") or
(http.request.uri.query contains "0x3c62723e3c62723e3c62723e") or
(http.request.uri.query contains "0x3c696d67207372633d22") or
(http.request.uri.query contains "OR") or
(http.request.uri.query contains "0x3e") or
(http.request.uri.query contains "<img") or
(http.request.uri.query contains "<image") or
(http.request.uri.query contains "document.cookie") or
(http.request.uri.query contains "onerror()") or
(http.request.uri.query contains "alert(") or
(http.request.uri.query contains "window.") or
(http.request.uri.query contains "String.fromCharCode(") or
(http.request.uri.query contains "javascript:") or
(http.request.uri.query contains "onmouseover=") or
(http.request.uri.query contains "<BODY onload") or
(http.request.uri.query contains "<style") or
(http.request.uri.query contains "svg onload") or
(http.request.uri.query contains "substring(") or
(http.request.uri.query contains "length(") or
(http.request.uri.query contains "version(") or
(http.request.uri.query contains "database(") or
(http.request.uri.query contains "user(") or
(http.request.uri.query contains "AND 1=1") or
(http.request.uri.query contains "AND 1=2") or
(http.request.uri.query contains "OR 1=1") or
(http.request.uri.query contains "OR 1=2") or
(http.request.uri.query contains "%27OR1=1--") or
(http.request.uri.query contains "UNION ALL SELECT") or
(http.request.uri.query contains "/etc/passwd") or
(http.request.uri.query contains "../../") or
(http.request.uri.query contains "/proc/self/environ") or
(http.request.uri.query contains "file=") or
(http.request.uri.query contains "page=") or
(http.request.uri.query contains "http://") or
(http.request.uri.query contains "ftp://") or
(http.request.uri.query contains "data://") or
(http.request.uri.query contains "|cat") or
(http.request.uri.query contains "&&") or
(http.request.uri.query contains "||") or
(http.request.uri.query contains "`") or
(http.request.uri.query contains "$(") or
(http.request.uri.query contains "ping") or
(http.request.uri.query contains "curl") or
(http.request.uri.query contains "wget") or
(http.request.uri.query contains "%0d%0a") or
(http.request.uri.query contains "%0a") or
(http.request.uri.query contains "%0d") or
(http.request.uri.query contains "phpinfo()") or
(http.request.uri.query contains "hostname") or
(http.request.uri.query contains "whoami") or
(http.request.uri.query contains "uname -a") or
(http.request.uri.query contains "pwd") or
(http.request.uri.query contains "netstat")6.2部署频率限制
- 在“WAF”页面,选择“速率限制规则”选项卡。
- 点击“创建速率限制规则”。
- 设置规则名称,例如“防止 CC 攻击”。
- 定义条件,例如:
- URI 路径:选择“包含”,输入“/”。
- 设置阈值:
- 当速率超过…:200和10 秒。
- 持续时间达…:10秒。
- 操作选择“阻止”,然后部署该规则。
此设置有助于防止 CC(Challenge Collapsar)攻击,保护服务器资源。
6.3设置Fail2Ban
- 进入 软件管理 > 已安装 >Fail2Ban > 设置> 站点保护,创建网站保护。
- 站点那里选择你的站点,例如
test.haib.top。 - 然后点击确认。
完成上述配置后,Cloudflare WAF和Fail2Ban将有效地保护您的网站免受常见的网络攻击。
