mirror of
https://github.com/Safe3/uusec-waf.git
synced 2025-10-04 15:01:55 +08:00
e66cca6014
### Feature Updates **Interface & Management** - Redesigned main program and management interface with improved aesthetics and usability, supports UI language switching (English/Chinese) - Added Rule Collections functionality: Create custom rule templates for batch configuration - Introduced whitelist rules that terminate further rule matching upon success - UUSEC WAF Rules API intelligent suggestions during advanced rule editing:ml-citation - New plugin management supporting hot-reloaded plugins to extend WAF capabilities **Protocol & Optimization** - Supports streaming responses for continuous data push (e.g., LLM stream outputs) - Enables Host header modification during proxying for upstream service access - Search engine validation: `waf.searchEngineValid(dns,ip,ua)` prevents high-frequency rules from affecting SEO indexing - Interception log report generation (HTML/PDF exports) - Automatic rotation of UUSEC WAF error/access logs to prevent performance issues **Security & Infrastructure** - Expanded free SSL certificate support: HTTP-01 & DNS-01 verification across 50+ domain providers - Customizable advanced WAF settings: HTTP2, GZIP, HTTP Caching, SSL protocols, etc - Cluster configuration: Manage UUSEC WAF nodes and ML servers via web UI
29 lines
No EOL
766 B
Lua
29 lines
No EOL
766 B
Lua
--[[
|
|
Rule name: High frequency access restriction
|
|
Filtering stage: Request phase
|
|
Threat level: Medium
|
|
Rule description: When the frequency of accessing /api/ path exceeds 360 times per minute, intercept the IP access within 5 minutes
|
|
--]]
|
|
|
|
|
|
if not waf.startWith(waf.toLower(waf.uri), "/api/") then
|
|
return false
|
|
end
|
|
|
|
local sh = waf.ipCache
|
|
local ccIp = 'cc-' .. waf.ip
|
|
local c, f = sh:get(ccIp)
|
|
if not c then
|
|
sh:set(ccIp, 1, 60, 1) -- Set a 60 seconds access count time
|
|
else
|
|
if f == 2 then
|
|
return waf.block(true) -- Reset TCP connection without logging
|
|
end
|
|
sh:incr(ccIp, 1)
|
|
if c + 1 >= 360 then
|
|
sh:set(ccIp, c + 1, 300, 2) -- Set a 300 second interception time
|
|
return true, ccIp, true
|
|
end
|
|
end
|
|
|
|
return false |