以下是我从各路大佬那林林总总汇总而来的WAF规则

来源：https://blog.kejilion.pro/cf-waf/

https://www.nodeseek.com/post-324304-1

https://linux.do/t/topic/678799

放行

(cf.client.bot) or (http.user_agent contains "duckduckgo") or (http.user_agent contains "facebookexternalhit") or (http.user_agent contains "Feedfetcher-Google") or (http.user_agent contains "LinkedInBot") or (http.user_agent contains "Mediapartners-Google") or (http.user_agent contains "msnbot") or (http.user_agent contains "Slackbot") or (http.user_agent contains "TwitterBot") or (http.user_agent contains "ia_archive") or (http.user_agent contains "yahoo")

禁止

(ip.src.asnum in {200373 203020 64267 54252 397630 135377}) or (ip.src.country in {"T1"}) or (not starts_with(http.user_agent, "Mozilla/5.0 (")) or (http.user_agent eq "Mozilla/5.0") or (http.user_agent eq "Mozilla/5.0 (compatible)") or (http.user_agent contains "http") or (http.user_agent contains "bot")

质询

(ip.src.asnum in {135377 36352 45102 63949 14061 36351 213230 132203 60068 30058 396982 8075 24940 16276 16509 31898 44477 202561 47583 51167}) or (ip.src.country in {"BD" "BR" "CO" "IN" "ID" "PH" "RU" "TR" "UA" "VN" "NL"}) or (not len(http.request.headers["accept-encoding"]) > 0) or (not len(http.request.headers["accept-language"]) > 0) or (any(http.request.headers["accept-encoding"][*] eq "x-real-ip")) or (any(http.request.headers["accept-encoding"][*] eq "x-forwarded-for")) or (any(http.request.headers["accept-encoding"][*] eq "x-forwarded-host")) or (any(http.request.headers["accept-encoding"][*] eq "cloudfront-viewer-address")) or (any(http.request.headers["accept-encoding"][*] eq "ali-cdn-real-ip")) or (not ip.geoip.country in {"CN" "HK" "TW" "MO" "US" "JP"})

速率限制（100/10秒）

(cf.bot_management.verified_bot) or (cf.verified_bot_category eq "AI Search")