Waf 设计模式

# 常见模式 ## 部署托管规则集 typescript // 部署 Cloudflare 托管规则集 (默认) await client.rulesets.create({ zone_id: 'zone_id', kind: 'zone', phase: 'http_request_firewall_managed', name: 'Cloudflare Managed Ruleset', rules: [{ action: 'execute', action_parameters: { id: 'efb7b8c949ac4650a09736fc376e9aee', // Cloudflare 托管 // 或: '4814384a9e5d4991b9815dcfc25d2f1f' 用于 OWASP CRS // 或: 'c2e184081120413c86c3ab7e14069605' 用于泄露凭据检测 }, expression: 'true', // 所有请求 // 或: 'http.request.uri.path starts_with "/api"' 用于特定路径 enabled: true, }], }); ## 覆盖托管规则集 typescript await client.rulesets.create({ zone_id: 'zone_id', phase: 'http_request_firewall_managed', rules: [{ action: 'execute', action_parameters: { id: 'efb7b8c949ac4650a09736fc376e9aee', overrides: { // 覆盖特定规则 rules: [ { id: '5de7edfa648c4d6891dc3e7f84534ffa', action: 'log' }, { id: '75a0060762034b9dad4e883afc121b4c', enabled: false }, ], // 覆盖类别: wordpress, sqli, xss, rce 等 categories: [ { category: 'wordpress', enabled: false }, { category: 'sqli', action: 'log' }, ], }, }, expression: 'true', }], }); ## 自定义规则 typescript await client.rulesets.create({ zone_id: 'zone_id', kind: 'zone', phase: 'http_request_firewall_custom', name: 'Custom WAF Rules', rules: [ // 基于攻击评分 { action: 'block', expression: 'cf.waf.score gt 50', enabled: true }, { action: 'challenge', expression: 'cf.waf.score gt 20', enabled: true }, // 特定攻击类型 { action: 'block', expression: 'cf.waf.score.sqli gt 30 or cf.waf.score.xss gt 30', enabled: true }, // 地理位置封禁 { action: 'block', expression: 'ip.geoip.country in {"CN" "RU"}', enabled: true }, ], }); ## 速率限制 typescript await client.rulesets.create({ zone_id: 'zone_id', kind: 'zone', phase: 'http_ratelimit', name: 'Rate Limits', rules: [ // 基于 IP 的全局限制 { action: 'block', expression: 'true', action_parameters: { ratelimit: { characteristics: ['cf.colo.id', 'ip.src'], period: 60, requests_per_period: 100, mitigation_timeout: 600, }, }, }, // 日志