Public/Safe3-uusec-waf
2
0
Fork 0
mirror of https://github.com/Safe3/uusec-waf.git synced 2025-10-04 15:01:55 +08:00
Code Issues Projects Releases Packages Wiki Activity
Safe3-uusec-waf/rules/third_party/frequent-block-detection.lua
UUSEC Technology e66cca6014 v7.0.0 
### Feature Updates

**Interface & Management**

- Redesigned main program and management interface with improved aesthetics and usability, supports UI language switching (English/Chinese)
- Added Rule Collections functionality: Create custom rule templates for batch configuration
- Introduced whitelist rules that terminate further rule matching upon success
- UUSEC WAF Rules API intelligent suggestions during advanced rule editing:ml-citation
- New plugin management supporting hot-reloaded plugins to extend WAF capabilities

**Protocol & Optimization**

- Supports streaming responses for continuous data push (e.g., LLM stream outputs)
- Enables Host header modification during proxying for upstream service access
- Search engine validation: `waf.searchEngineValid(dns,ip,ua)` prevents high-frequency rules from affecting SEO indexing
- Interception log report generation (HTML/PDF exports)
- Automatic rotation of UUSEC WAF error/access logs to prevent performance issues

**Security & Infrastructure**

- Expanded free SSL certificate support: HTTP-01 & DNS-01 verification across 50+ domain providers
- Customizable advanced WAF settings: HTTP2, GZIP, HTTP Caching, SSL protocols, etc
- Cluster configuration: Manage UUSEC WAF nodes and ML servers via web UI
2025-07-02 09:47:41 +08:00

31 lines
911 B
Lua
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

--[[
规则名称: 高频攻击防护
过滤阶段: 请求阶段
危险等级: 高危
规则描述: 针对发起高频率攻击的行为进行防护
作者: MCQSJ(https://github.com/MCQSJ)
更新日期: 2024/12/21
!!!注意: 因为南墙WAF特性此规则生效对规则ID有要求需要将此规则与南墙自带规则的第一个规则交换位置才能生效
]]
-- 配置参数
local threshold = 60 -- 错误次数阈值
local banDuration = 1440 * 60 -- 封禁时间,单位为秒
local sh = waf.ipCache
local ip_stats = waf.ipBlock
local ip = waf.ip
local block_key = "blocked-" .. ip
local c, f = sh:get(block_key)
if c and f == 2 then
return waf.block(true)
end
local recent_count = ip_stats:get(ip)
if recent_count and recent_count > threshold then
sh:set(block_key, 1, banDuration, 2)
return true, "IP频繁触发拦截已被拉黑", true
end
return false
Reference in a new issue View git blame Copy permalink