Hi,
was testing few DDOS Booters online on our website, found a way to block attacks via custom rule via Cloudflare, but need to convert it to HAPROXY rule so I worked on a LUA script, but wasn’t able to reach any result near.
I don’t know how actually Cloudflare calculates headers but was testing few rules out on CF for hours and it was successful to block attacks.
it is with setting
any(len(http.request.headers.values[*])[*] gt 130)
-- Function to check the number of headers
function check_headers(txn)
local headers = txn.http:req_get_headers()
local header_count = 0
for _ in pairs(headers) do
header_count = header_count + 1
end
if header_count > 130 then
txn:set_var('txn.too_many_headers', true)
end
end
-- Register the function to be called for each HTTP request
core.register_action('check_headers', {'http-req'}, check_headers)
here is the thread that I took ideas from but couldn’t achieve any success! Tried AI help, rules out and same result.
1 post - 1 participant