Ddos 设计模式

# DDoS 防护模式 ## 可信 IP 白名单 typescript const config = { description: "可信 IP 白名单", rules: [{ expression: "ip.src in { 203.0.113.0/24 192.0.2.1 }", action: "execute", action_parameters: { id: managedRulesetId, overrides: { sensitivity_level: "eoff" }, }, }], }; await client.accounts.rulesets.phases.entrypoint.update("ddos_l7", { account_id: accountId, ...config, }); ## 路由特定敏感度 typescript const config = { description: "路由特定防护", rules: [ { expression: "not http.request.uri.path matches "^/api/"", action: "execute", action_parameters: { id: managedRulesetId, overrides: { sensitivity_level: "default", action: "block" }, }, }, { expression: "http.request.uri.path matches "^/api/"", action: "execute", action_parameters: { id: managedRulesetId, overrides: { sensitivity_level: "low", action: "managed_challenge" }, }, }, ], }; ## 渐进式增强 typescript enum ProtectionLevel { MONITORING = "monitoring", LOW = "low", MEDIUM = "medium", HIGH = "high" } const levelConfig = { [ProtectionLevel.MONITORING]: { action: "log", sensitivity: "eoff" }, [ProtectionLevel.LOW]: { action: "managed_challenge", sensitivity: "low" }, [ProtectionLevel.MEDIUM]: { action: "managed_challenge", sensitivity: "medium" }, [ProtectionLevel.HIGH]: { action: "block", sensitivity: "default" }, } as const; async function setProtectionLevel(zoneId: string, level: ProtectionLevel, rulesetId: string, client: Cloudflare) { const settings = levelConfig[level]; return client.zones.rulesets.phases.entrypoint.update("ddos_l7", { zone_id: zoneId, rules: [{ expression: "true", action: "execute", action_parameters: { id: rulesetId, overrides: { action: settings.action, sensitivity_level: settings.sensitivity } }, }], }); } ## 针对攻击的动态响应 typescript interface Env { CLOUDFLARE_API_TOKEN: string; ZONE_ID: string; KV: KVNamespace; } export default { async fetch(request: Request, env: Env): Promise { if (request.url.includes("/attack-detected")) { const attackData = await request.json(); await env.KV.put(`attack:${Date.now()}`, JSON.stringify(attackData), { expirationTtl: 86400 }); const recentAttacks = await getRecentAttacks(env.KV); if (recentAttacks.length > 5) { /* 触发自动升级防护逻辑 */ } } return new Response("OK"); } }