参考:https://cangshui.net/4516.html
现在很多攻击平台和软件,已经可以利用cookie随意打穿cf的五秒盾,因此以前使用的cloudflare五秒盾脚本就不那么管用了, 穿盾现在确实很容易做到了,但是验证码你还能穿吗? 对于这个问题大晚上熬夜整了能自动开验证码的脚本,api使用的官方的。
两种脚本:一种是靠其他服务器curl Nginx状态码来判断的;一种是自身运行判断cpu负载的。
第一种:curl状态码判断版,最好放在其他服务器上运行
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | #https://github.com/CangShui/clouflarea-auto-firewallemail="111@live.com"globalapi="11111111"rulesid1="99999999"rulesid2="222222222"zoneid="3333333"keeptime=1200 #可访问后持续多少秒,进行尝试关盾curlnum=5 #测试多少次网站状态码,不建议高于10,数值越高网站压力越大minsuc=4 #网站至少正常访问多少次,否则就开验证码cfile="/home/cf_curl_code/"lasttime=$( cat $cfile"xtime.txt" 2>/dev/null )webhost="cangshui.com" #你的网站域名curlnum="5"#==================================================##http状态返回404即正常,因为curl的地址是一个网站+随机字符+.html,状态返回403即为开盾状态,返回500-600为错误代码mkdir "$cfile" 2>/dev/nullrm -rf $cfile$webhost".log"i="1"while [ $i -le $curlnum ]doi=$(($i+1))randtxt=$( cat /dev/urandom | head -n 30 | md5sum | head -c 30 2>/dev/null )echo "开始测试访问https://"$webhost"/"$randtxt".html"code=$( curl -I -m 10 -o /dev/null -s -w %{http_code} "https://"$webhost"/"$randtxt".html" )echo $code >> $cfile$webhost".log"sleep 2sdonenum404=$( grep -c "404" $cfile$webhost".log" )if [[ $num404 -ge $minsuc ]]then echo -e "网站访问正常" && exitelse sed -i 's/404//g' $cfile$webhost".log" sed -i '/^$/d' $cfile$webhost".log" httpcode=$( sed -n 1p $cfile$webhost".log" )finowtime=$(date +%s)if [[ $lasttime -eq "" ]]&&[[ $httpcode -eq "403" ]]then echo -e "验证码已开启,但未有开启时间记录" lasttime=$(date +%s) echo $lasttime >> $cfile"xtime.txt" gaptime=0else echo -e "数据正常" gaptime=`expr $nowtime - $lasttime` echo -e "距离上次开盾已经:$gaptime S ,上次时间为:$lasttime"fiif [[ $httpcode > "499" ]]&&[[ $httpcode < "600" ]]then echo "\n状态码大于500,开验证码" curl -X PUT \ -H "X-Auth-Email: $email" \ -H "X-Auth-Key: $globalapi" \ -H "Content-Type: application/json" \ -d '{ "id": "$rulesid1", "paused": false, "description": "全部都验证码", "action": "challenge", "priority": 1000, "filter": { "id": "'$rulesid2'" } }' "https://api.cloudflare.com/client/v4/zones/$zoneid/firewall/rules/$rulesid1" sleep 15s randtxt=$( cat /dev/urandom | head -n 30 | md5sum | head -c 30 2>/dev/null ) httpcode2=$( curl -I -m 10 -o /dev/null -s -w %{http_code} "https://"$webhost"/"$randtxt".html" ) if [ $httpcode2 = "403" ] then lasttime=$(date +%s) rm -rf $cfile"xtime.txt" echo $lasttime >> $cfile"xtime.txt" echo -e "\n开验证码成功" else echo -e "\n开验证码失败,可能是暂未生效" fielse if [[ $httpcode -eq "403" ]]&&[[ $gaptime -ge $keeptime ]] then echo -e "\n开盾时间已有$gaptime,超过$keeptime,尝试关盾" curl -X PUT \ -H "X-Auth-Email: $email" \ -H "X-Auth-Key: $globalapi" \ -H "Content-Type: application/json" \ -d '{ "id": "$rulesid1", "paused": true, "description": "全部都验证码", "action": "challenge", "priority": 1000, "filter": { "id": "'$rulesid2'" } }' "https://api.cloudflare.com/client/v4/zones/$zoneid/firewall/rules/$rulesid1" rm -rf $cfile"xtime.txt" else echo -e "\n开盾时间有$gaptime,未超过$keeptime或未开盾" fifi |
第二种:在本机运行,获取自己cpu负载来判断
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #https://github.com/CangShui/clouflarea-auto-firewallemail="6666666@live.com"globalapi="876666627b"rulesid1="1146666665"rulesid2="c8666666ce"zoneid="f266666c18"maxload="5" #范围0~10.设置10即为满载时开盾,5即一半负载时开盾keeptime=1200 #可访问后持续多少秒,进行尝试关盾cfile="/home/cf_uptime/"lasttime=$( cat $cfile"xtime.txt" 2>/dev/null )#==================================================#mkdir "$cfile" 2>/dev/nullcpu_num=$( grep -c 'model name' /proc/cpuinfo ) #cpu总核数 cpu_load=$( uptime | awk '{print $10}' | awk '{sub(/.$/,"")}1' ) #系统1分钟的平均负载 cpu_load=$(echo "$cpu_load * 100" | bc | awk '{print int($0)}' )cpu_maxload=`expr $cpu_num \* $maxload \* 10`nowtime=$(date +%s)echo -e "cpu_load数值为:$cpu_load ,cpu_maxload数值为:$cpu_maxload"if [[ $lasttime -eq "" ]]then echo -e "未开验证码"else echo -e "数据正常" gaptime=`expr $nowtime - $lasttime` echo -e "距离上次开盾已经:$gaptime S ,上次时间为:$lasttime"fiif [[ $cpu_load -gt $cpu_maxload ]]&&[[ $lasttime -eq "" ]]then echo "一分钟平均负载已超过阈值,开验证码" curl -X PUT \ -H "X-Auth-Email: $email" \ -H "X-Auth-Key: $globalapi" \ -H "Content-Type: application/json" \ -d '{ "id": "$rulesid1", "paused": false, "description": "全部都验证码", "action": "challenge", "priority": 1000, "filter": { "id": "'$rulesid2'" } }' "https://api.cloudflare.com/client/v4/zones/$zoneid/firewall/rules/$rulesid1" rm -rf $cfile"xtime.txt" lasttime=$(date +%s) echo $lasttime >> $cfile"xtime.txt" echo -e "\n开验证码成功"else if [[ $cpu_load -lt $cpu_maxload ]]&&[[ $gaptime -ge $keeptime ]] then echo -e "\n开盾时间已有$gaptime,超过$keeptime,且一分钟平均负载已低于阈值,尝试关盾" curl -X PUT \ -H "X-Auth-Email: $email" \ -H "X-Auth-Key: $globalapi" \ -H "Content-Type: application/json" \ -d '{ "id": "$rulesid1", "paused": true, "description": "全部都验证码", "action": "challenge", "priority": 1000, "filter": { "id": "'$rulesid2'" } }' "https://api.cloudflare.com/client/v4/zones/$zoneid/firewall/rules/$rulesid1" rm -rf $cfile"xtime.txt" else if [[ $cpu_load -ge $cpu_maxload ]]&&[[ $gaptime -ge $keeptime ]] then echo -e "\n开盾时间已有$gaptime,超过$keeptime,但是负载仍然较高暂不关验证码,请自行排查原因" else if [[ $lasttime -eq "" ]] then echo -e "" else echo -e "\n开盾时间有$gaptime,未超过$keeptime,不关验证码或无需开验证码" fi fi fifi |
在使用脚本之前,需要创建这样一个cloudflare firewall rules:
然后开始一步步填写脚本里的变量:
1.第一行的email变量填的是你cloudflare账号的登录邮箱
2.第二行的globalapi变量,填写的是下图这里的key,这个页面需要右上角点头像,然后点击 my profile 里api tokens菜单里
3. rulesid1和rulesid2 需要打开 cloudflare firewall rules 页面,如下图操作:
先打开浏览器的控制台,然后找到你刚刚添加的规则,开启或关闭他,在控制台的network功能里找到如图所示的请求,第一个key填在 rulesid1 变量,第二个key填在 rulesid2变量里
4.zoneid这个变量打开你的域名总览页面,然后看右下角,如图所示: