montes · November 6, 2024 18:54
diff --git a/cloudflare-waf-block-bad-asnums-and-bots.txt b/cloudflare-waf-block-bad-asnums-and-bots.txt
 (ip.geoip.asnum in {14061 16276 24940 35540 39690 62567 133165 135340 200130 201229 202018 202109 205301 393406 394362 212317 213230}) 
 or (http.request.version in {"HTTP/1.0"} and not cf.client.bot) 
 or (ip.geoip.country eq "CN") 
 or (ip.geoip.country eq "RU") 
 or (ip.geoip.continent eq "AF") 
 or (http.user_agent eq "") 
 or (http.user_agent eq " ") 
 or (http.user_agent eq "-") 
 or (http.user_agent eq "'") 
 or (http.user_agent contains "SiteAuditBot") 
 or (http.user_agent contains "Barkrowler") 
 or (http.user_agent contains "Ahrefs") 
 or (http.user_agent contains "/x/") 
 or (http.user_agent contains "'XOR(") 
 or (http.user_agent contains "ALittle") 
 or (http.user_agent contains "PetalBot") 
 or (http.user_agent contains "Semrush") 
 or (http.user_agent contains "bidswitchbot") 
 or (http.user_agent contains "babbar") 
 or (http.user_agent contains "got (") 
 or (http.user_agent contains "quic-go-HTTP") 
 or (http.user_agent contains "Go-http-client") 
 or (http.user_agent contains "fasthttp") 
 or (http.user_agent contains "python") 
 or (http.user_agent contains "java") 
 or (http.user_agent contains "PHP") 
 or (http.user_agent contains "Nmap") 
 or (http.user_agent contains "scrapy" and not cf.client.bot)
 or (http.user_agent contains "spider" and not cf.client.bot) 
 or (http.user_agent contains "crawl" and not cf.client.bot) 
 or (http.user_agent contains "bot" and not http.user_agent contains "bing" and not http.user_agent contains "google" and not http.user_agent contains "duckduckgo" and not http.user_agent contains "facebook" and not http.user_agent contains "linkedIn" and not http.user_agent contains "twitter" and not http.user_agent contains "yahoo" and not cf.client.bot) 
 or (cf.threat_score ge 20 and not cf.client.bot) 
 or (http.request.method in {"PURGE" "PUT" "OPTIONS" "DELETE" "PATCH"}) 
 or (http.x_forwarded_for contains "192.0.") 
 or (http.x_forwarded_for contains ".0.0") 
 or (ip.geoip.country in {"T1" "XX"} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not cf.client.bot) 
 or (http.user_agent contains "lient" and http.user_agent contains "ttp") 
 or (http.user_agent contains "libweb") 
 or (http.user_agent contains "libwww") 
 or (http.user_agent contains "wrk") 
 or (http.user_agent contains "hey/") 
 or (ip.geoip.asnum in {14061 60631 28438 60592 30823 4134 32505 27715 22773 131090 135905 55330 16629 4755 53363 34549 135330 47285 60798 207590 203087 198651 43289 14576 207319 201978 208425 201094 18978 52000 204601 199883 8220 36351 45011 8560 23969 45629 20207 6471 8075 45899 31400 208556 12271 7552 26496 21769 6876 45102 5617 199490 35816 131293 20860 31898 131428 8881 25429 29802 4788 3326 39284 13448 46484 174 577 29286 5056 9009 63949 212708 40788 12989 11351 11426 7029 42652 18403 54538 209 62044 3269 395003 8100 4190 12874 19740 197540 45458 136258 50837 51852 4826 195 49588 57613 34248 197099 29287 29066 30083 9534 42905 35804 45012 7303 25961 61317 5610 35320 262187 263693 20552 266706 49327 47232 32098 28429 3255 28431 14117 18734 24088 263196 41096 52228 8069 398101 28725 132196 61154 58199 6877 265537 32097 62240 3329 6830 133199 12334 270110 22884 54600 213375 206092 41009 213251 36444} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not cf.client.bot) 
 or (http.host contains ":80") 
 or (http.host contains ":443") 
 or (http.cookie contains "cf_use_ob=" and not http.cookie contains "0" and not http.cookie contains "80" and not http.cookie contains "443" and not cf.client.bot) 
 or (not ssl) 
 or (cf.threat_score ge 10 and not cf.client.bot)
	(ip.geoip.asnum in {14061 16276 24940 35540 39690 62567 133165 135340 200130 201229 202018 202109 205301 393406 394362 212317 213230})
	or (http.request.version in {"HTTP/1.0"} and not cf.client.bot)
	or (ip.geoip.country eq "CN")
	or (ip.geoip.country eq "RU")
	or (ip.geoip.continent eq "AF")
	or (http.user_agent eq "")
	or (http.user_agent eq " ")
	or (http.user_agent eq "-")
	or (http.user_agent eq "'")
	or (http.user_agent contains "SiteAuditBot")
	or (http.user_agent contains "Barkrowler")
	or (http.user_agent contains "Ahrefs")
	or (http.user_agent contains "/x/")
	or (http.user_agent contains "'XOR(")
	or (http.user_agent contains "ALittle")
	or (http.user_agent contains "PetalBot")
	or (http.user_agent contains "Semrush")
	or (http.user_agent contains "bidswitchbot")
	or (http.user_agent contains "babbar")
	or (http.user_agent contains "got (")
	or (http.user_agent contains "quic-go-HTTP")
	or (http.user_agent contains "Go-http-client")
	or (http.user_agent contains "fasthttp")
	or (http.user_agent contains "python")
	or (http.user_agent contains "java")
	or (http.user_agent contains "PHP")
	or (http.user_agent contains "Nmap")
	or (http.user_agent contains "scrapy" and not cf.client.bot)
	or (http.user_agent contains "spider" and not cf.client.bot)
	or (http.user_agent contains "crawl" and not cf.client.bot)
	or (http.user_agent contains "bot" and not http.user_agent contains "bing" and not http.user_agent contains "google" and not http.user_agent contains "duckduckgo" and not http.user_agent contains "facebook" and not http.user_agent contains "linkedIn" and not http.user_agent contains "twitter" and not http.user_agent contains "yahoo" and not cf.client.bot)
	or (cf.threat_score ge 20 and not cf.client.bot)
	or (http.request.method in {"PURGE" "PUT" "OPTIONS" "DELETE" "PATCH"})
	or (http.x_forwarded_for contains "192.0.")
	or (http.x_forwarded_for contains ".0.0")
	or (ip.geoip.country in {"T1" "XX"} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not cf.client.bot)
	or (http.user_agent contains "lient" and http.user_agent contains "ttp")
	or (http.user_agent contains "libweb")
	or (http.user_agent contains "libwww")
	or (http.user_agent contains "wrk")
	or (http.user_agent contains "hey/")
	or (ip.geoip.asnum in {14061 60631 28438 60592 30823 4134 32505 27715 22773 131090 135905 55330 16629 4755 53363 34549 135330 47285 60798 207590 203087 198651 43289 14576 207319 201978 208425 201094 18978 52000 204601 199883 8220 36351 45011 8560 23969 45629 20207 6471 8075 45899 31400 208556 12271 7552 26496 21769 6876 45102 5617 199490 35816 131293 20860 31898 131428 8881 25429 29802 4788 3326 39284 13448 46484 174 577 29286 5056 9009 63949 212708 40788 12989 11351 11426 7029 42652 18403 54538 209 62044 3269 395003 8100 4190 12874 19740 197540 45458 136258 50837 51852 4826 195 49588 57613 34248 197099 29287 29066 30083 9534 42905 35804 45012 7303 25961 61317 5610 35320 262187 263693 20552 266706 49327 47232 32098 28429 3255 28431 14117 18734 24088 263196 41096 52228 8069 398101 28725 132196 61154 58199 6877 265537 32097 62240 3329 6830 133199 12334 270110 22884 54600 213375 206092 41009 213251 36444} and not http.request.version in {"HTTP/2" "HTTP/3" "SPDY/3.1"} and not cf.client.bot)
	or (http.host contains ":80")
	or (http.host contains ":443")
	or (http.cookie contains "cf_use_ob=" and not http.cookie contains "0" and not http.cookie contains "80" and not http.cookie contains "443" and not cf.client.bot)
	or (not ssl)
	or (cf.threat_score ge 10 and not cf.client.bot)
No results found