网络守护者物语:用 WAF 打跑坏蛋们的可爱冒险!
本文最后更新于 25 天前,其中的信息可能已经有所发展或是发生改变。

(づ。◕‿‿◕。)づ 欢迎来到一个关于网络守护者的可爱冒险故事!在这片名为互联网的魔法世界中,我们的任务就是守护小镇不被各种坏蛋攻击哦~用我们的 WAF(Web 应用防火墙)大剑,把坏蛋们统统赶跑!(≧ω≦)/

完整规则可以直接复制 (`・ω・´)

(http.request.uri.query contains ")/*") or 
(http.request.uri.query contains ")--") or 
(http.request.uri.query contains "benchmark(") or 
(http.request.uri.query contains "'0:0:20'") or 
(http.request.uri.query contains "MD5(") or 
(http.request.uri.query contains "%20waitfor%20delay%20") or 
(http.request.uri.query contains "%22") or 
(http.request.uri.query contains "%20/*") or 
(http.request.uri.query contains "%20--") or 
(http.request.uri.query contains "%20%23") or 
(http.request.uri.query contains ")%23") or 
(http.request.uri.query contains "script>") or 
(http.request.uri.query contains "%40") or 
(http.request.uri.query contains "%00") or 
(http.request.uri.query contains "<?php") or 
(http.request.uri.query contains "0x00") or 
(http.request.uri.query contains "0x08") or 
(http.request.uri.query contains "0x09") or 
(http.request.uri.query contains "0x0a") or 
(http.request.uri.query contains "0x0d") or 
(http.request.uri.query contains "0x1a") or 
(http.request.uri.query contains "0x22") or 
(http.request.uri.query contains "0x25") or 
(http.request.uri.query contains "0x27") or 
(http.request.uri.query contains "0x5c") or 
(http.request.uri.query contains "0x5f") or 
(http.request.uri.query contains "SELECT") or 
(http.request.uri.query contains "concat") or 
(http.request.uri.query contains "union") or 
(http.request.uri.query contains "0x50") or 
(http.request.uri.query contains "DROP") or 
(http.request.uri.query contains "WHERE") or 
(http.request.uri.query contains "ONION") or 
(http.request.uri.query contains "0x3c62723e3c62723e3c62723e") or 
(http.request.uri.query contains "0x3c696d67207372633d22") or 
(http.request.uri.query contains "OR") or 
(http.request.uri.query contains "0x3e") or 
(http.request.uri.query contains "<img") or 
(http.request.uri.query contains "<image") or 
(http.request.uri.query contains "document.cookie") or 
(http.request.uri.query contains "onerror()") or 
(http.request.uri.query contains "alert(") or 
(http.request.uri.query contains "window.") or 
(http.request.uri.query contains "String.fromCharCode(") or 
(http.request.uri.query contains "javascript:") or 
(http.request.uri.query contains "onmouseover=") or 
(http.request.uri.query contains "<BODY onload") or 
(http.request.uri.query contains "<style") or 
(http.request.uri.query contains "svg onload") or 
(http.request.uri.query contains "substring(") or 
(http.request.uri.query contains "length(") or 
(http.request.uri.query contains "version(") or 
(http.request.uri.query contains "database(") or 
(http.request.uri.query contains "user(") or 
(http.request.uri.query contains "AND 1=1") or 
(http.request.uri.query contains "AND 1=2") or 
(http.request.uri.query contains "OR 1=1") or 
(http.request.uri.query contains "OR 1=2") or 
(http.request.uri.query contains "%27OR1=1--") or 
(http.request.uri.query contains "UNION ALL SELECT") or 
(http.request.uri.query contains "/etc/passwd") or 
(http.request.uri.query contains "../../") or 
(http.request.uri.query contains "/proc/self/environ") or 
(http.request.uri.query contains "file=") or 
(http.request.uri.query contains "page=") or 
(http.request.uri.query contains "http://") or 
(http.request.uri.query contains "ftp://") or 
(http.request.uri.query contains "data://") or 
(http.request.uri.query contains "|cat") or 
(http.request.uri.query contains "&&") or 
(http.request.uri.query contains "||") or 
(http.request.uri.query contains "`") or 
(http.request.uri.query contains "$(") or 
(http.request.uri.query contains "ping") or 
(http.request.uri.query contains "curl") or 
(http.request.uri.query contains "wget") or 
(http.request.uri.query contains "%0d%0a") or 
(http.request.uri.query contains "%0a") or 
(http.request.uri.query contains "%0d") or 
(http.request.uri.query contains "phpinfo()") or 
(http.request.uri.query contains "hostname") or 
(http.request.uri.query contains "whoami") or 
(http.request.uri.query contains "uname -a") or 
(http.request.uri.query contains "pwd") or 
(http.request.uri.query contains "netstat")

第一关:SQL 注入魔王的骚扰 (`・ω・´)

有一天,SQL 注入魔王突然出现在我们的网络小镇上,妄想用什么 SELECTconcat() 咒语来破坏数据库。还试图用 benchmark() 来偷偷搞破坏呢!Σ( ° △ °|||)︴不怕!有我们 WAF 小骑士在,轻松挡住魔王的攻击:

(http.request.uri.query contains "SELECT") or 
(http.request.uri.query contains "union") or 
(http.request.uri.query contains "concat") or 
(http.request.uri.query contains "benchmark(")

哼哼,魔王的这些咒语被我们一下子封印掉啦!( ̄︶ ̄) 然后它只能灰溜溜地逃回黑暗角落。我们的数据库宝库安全啦!(ノ◕ヮ◕)ノ:・゚✧


第二关:XSS 小妖精的恶作剧 ヽ( ̄д ̄;)ノ=3=3=3

接下来,是那些搞恶作剧的 XSS 小妖精!他们会偷偷在 URL 里插入 <script> 标签,试图偷看别人的小秘密,甚至搞破坏。可惜,我们早已在城墙上布好了 WAF 魔法阵,嘻嘻,他们的恶作剧是进不来的哟~(´艸`)♪

(http.request.uri.query contains "script>") or 
(http.request.uri.query contains "document.cookie") or 
(http.request.uri.query contains "alert(") or 
(http.request.uri.query contains "onerror()")

那些调皮的妖精还没靠近城镇就被挡在外面啦!✧(≖ ◡ ≖)我们的用户们依然可以安心浏览,没有坏坏的脚本乱跳出来捣乱啦!


第三关:路径遍历术士的诡计 ( ̄^ ̄)ゞ

这次来的是诡计多端的路径遍历术士。他们想通过一些路径,像什么 /etc/passwd../../,来试图进入我们的小镇核心。可是别忘了,我们的防御可不是一般的强哦!(•̀ᴗ•́)و ̑̑

(http.request.uri.query contains "/etc/passwd") or 
(http.request.uri.query contains "../../") or 
(http.request.uri.query contains "/proc/self/environ")

诡计术士的捷径被一层层魔法屏障挡住啦!ヽ(^Д^)ノ 他们根本进不去啦,只能无奈地离开。我们的小镇依旧是那么平静、安全!(*≧▽≦)


第四关:命令注入黑骑士的末路 (屮゜Д゜)屮

忽然出现了一群命令注入的黑骑士,带着他们的 curlpingMARKDOWN_HASHaf9d83836ecf1f49c598bcb1995b3c98MARKDOWNHASH 这样的攻击手段,想要控制我们的服务器!Σ( ° △ °)别担心,有我们的 WAF 大剑,一剑斩断这些命令黑骑士的入侵!⚔️(ง •̀•́)ง

(http.request.uri.query contains "curl") or 
(http.request.uri.query contains "ping") or 
(http.request.uri.query contains "wget") or 
(http.request.uri.query contains "&&") or 
(http.request.uri.query contains "||")

这些骑士被我们帅气地挡在了城墙之外,他们的命令根本无效!我们的服务器依旧在轻松运行中,所有人都对我们竖起了大拇指!d(・∀・○)


终极 BOSS:调皮的 CRLF 注入妖怪(๑•̀ㅂ•́)و✧

最后,别忘了那些小妖怪们!他们会偷偷使用 phpinfo()whoami 这样的命令,试图探测我们的系统信息。ヾ(。`Д´。)ノ 可是我们已经用 WAF 的全知之眼看穿了这些诡计!

(http.request.uri.query contains "%0d%0a") or 
(http.request.uri.query contains "phpinfo()") or 
(http.request.uri.query contains "whoami")

(ノ≧∀≦)ノ抓到你们了!小妖怪们别想再调皮啦,这些诡计根本不管用!


最终篇章:我们的守护与胜利✧( •̀ ω •́ )✧

每一位守护者的职责就是确保小镇的和平与安全。通过我们的 WAF 大剑,SQL 注入魔王、XSS 小妖精、路径遍历术士、命令注入黑骑士和调皮的 CRLF 妖怪都被我们一一打败了!ヾ(≧▽≦*)o

这场守护战虽然艰辛,但每个防御规则都是我们守护小镇的必备技能!你也可以加入这场冒险,将这些 WAF 规则放在你的网络中,守护你自己的小镇不被坏蛋攻击哦!٩(๑❛ᴗ❛๑)۶


用 WAF 的力量,保护网络世界的和平吧!(๑•̀ㅂ•́)و✧ 别让那些坏蛋破坏我们的城镇,继续勇敢守护下去吧!

评论

  1. 酸后的力量
    Windows Chrome 129.0.0.0
    3 周前
    2024-10-15 13:54:23

    大佬,这些规则有没有正则表达式的版本?

    • 博主
      酸后的力量
      Macintosh Chrome 129.0.0.0
      3 周前
      2024-10-15 13:58:10

      你自己改一下即可

      • 小白
        Joey
        Windows Chrome 129.0.0.0
        3 周前
        2024-10-19 19:16:32

        博主你好,你的博客做的挺酷的,能出个详细点的教程让大家学习一下吗

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇