Public/Safe3-uusec-waf
2
0
Fork 0
mirror of https://github.com/Safe3/uusec-waf.git synced 2025-10-04 23:11:54 +08:00
Code Issues Projects Releases Packages Wiki Activity
Safe3-uusec-waf/rules/anti-cc.lua
UUSEC Technology e66cca6014 v7.0.0 
### Feature Updates

**Interface & Management**

- Redesigned main program and management interface with improved aesthetics and usability, supports UI language switching (English/Chinese)
- Added Rule Collections functionality: Create custom rule templates for batch configuration
- Introduced whitelist rules that terminate further rule matching upon success
- UUSEC WAF Rules API intelligent suggestions during advanced rule editing:ml-citation
- New plugin management supporting hot-reloaded plugins to extend WAF capabilities

**Protocol & Optimization**

- Supports streaming responses for continuous data push (e.g., LLM stream outputs)
- Enables Host header modification during proxying for upstream service access
- Search engine validation: `waf.searchEngineValid(dns,ip,ua)` prevents high-frequency rules from affecting SEO indexing
- Interception log report generation (HTML/PDF exports)
- Automatic rotation of UUSEC WAF error/access logs to prevent performance issues

**Security & Infrastructure**

- Expanded free SSL certificate support: HTTP-01 & DNS-01 verification across 50+ domain providers
- Customizable advanced WAF settings: HTTP2, GZIP, HTTP Caching, SSL protocols, etc
- Cluster configuration: Manage UUSEC WAF nodes and ML servers via web UI
2025-07-02 09:47:41 +08:00

29 lines
No EOL
1 KiB
Lua
Raw Permalink Blame History

--[[
Rule name: Anti CC
Filtering stage: Request phase
Threat level: Medium
Rule description: When the frequency of accessing /api/ path exceeds 360 times per minute, intercept the IP access within 5 minutes
--]]
if not waf.startWith(waf.toLower(waf.uri), "/api/") then
return false
end
local sh = waf.ipCache
local ccIp = 'cc-' .. waf.ip
local c, f = sh:get(ccIp)
if not c then
sh:set(ccIp, 1, 60, 1) -- Set a 60 seconds access count time
else
if f == 2 then
return waf.block(true) -- Reset TCP connection without logging
end
sh:incr(ccIp, 1)
if c + 1 >= 360 then -- Frequency exceeding 360 times
sh:set(ccIp, c + 1, 300, 2) -- Set a 300 second interception time
return true, ccIp, true -- Return parameter, the first 'true' is whether it has been detected; The second parameter 'ccIp' is the content of the log record; The third parameter 'true' indicates interception, while 'false' indicates only recording without interception
end
end
return false
Reference in a new issue View git blame Copy permalink