Help needed with LUA script! Convert Cloudflare Rule

JohnWisdom · March 13, 2024, 6:56am

Hi,

was testing few DDOS Booters online on our website, found a way to block attacks via custom rule via Cloudflare, but need to convert it to HAPROXY rule so I worked on a LUA script, but wasn’t able to reach any result near.

I don’t know how actually Cloudflare calculates headers but was testing few rules out on CF for hours and it was successful to block attacks.

it is with setting

any(len(http.request.headers.values[*])[*] gt 130)

-- Function to check the number of headers
function check_headers(txn)
    local headers = txn.http:req_get_headers()
    local header_count = 0

    for _ in pairs(headers) do
        header_count = header_count + 1
    end

    if header_count > 130 then
        txn:set_var('txn.too_many_headers', true)
    end


end

-- Register the function to be called for each HTTP request
core.register_action('check_headers', {'http-req'}, check_headers)

here is the thread that I took ideas from but couldn’t achieve any success! Tried AI help, rules out and same result.

jbrahy · March 24, 2024, 9:01am

I’d try it this way.

In your check_headers.lua script change this:

    if header_count > 130 then
        return true
   else 
       return false
    end

and then in your haproxy.cfg try this:

	http-request deny if { lua.check_headers }

I use this in haproxy.cfg to stop repeat traffic.

	acl too_many_requests sc_http_req_rate(0) gt 20
	http-request deny deny_status 429 if too_many_requests

Topic		Replies	Views
Convert CloudFlare Rules to HAPROXY Help!	9	666	December 4, 2021
Getting all raw http request headers and values in lua Help!	1	1822	April 6, 2024
Making a separate HTTP Request from Lua ("http-req" action) Help!	3	3636	June 9, 2022
Convert from F5 irule Help!	0	865	March 19, 2019
Is it possible to do string match with Host header & a custom variable? Help!	1	3837	April 29, 2019

Help needed with LUA script! Convert Cloudflare Rule

Related topics