总配置

顺序1正常不需要，这里不讲了

1.放行头像

因为在套上cloudflare WAF之后如果别人用你的站点添加友链，会导致403，所以需要添加规则把头像放行

(http.request.uri.path eq "头像链接")

2.放行爬虫机器人

不配置这个会导致必应/谷歌等不收录

太长了直接放表达式

(cf.client.bot) or (http.user_agent contains "duckduckgo") or (http.user_agent contains "facebookexternalhit") or (http.user_agent contains "Feedfetcher-Google") or (http.user_agent contains "LinkedInBot") or (http.user_agent contains "Mediapartners-Google") or (http.user_agent contains "msnbot") or (http.user_agent contains "Slackbot") or (http.user_agent contains "TwitterBot") or (http.user_agent contains "ia_archive") or (http.user_agent contains "yahoo")

3.过滤异常流量

我这里设置的中国白名单，国外ip访问一律托管质疑

(cf.threat_score ge 5 and not cf.client.bot) or (not http.request.version in {"HTTP/2" "HTTP/3"}) or (not ip.geoip.country in {"CN"})

4.设置速率限制

5.效果

境外ip访问跳转cloudflare验证 （5秒盾）

访问速度过快自动封10秒ip

中国ip直接跳过验证