From 06b4c2b699a232d354916d44b26d1b3886f58f09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A4=A7=E5=8A=9B=E4=B8=B8666?=
 <147456216+DaLiWan666@users.noreply.github.com>
Date: Fri, 20 Dec 2024 22:31:55 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=BA=86=E4=BA=9B=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../third_party/brute-force-login-prevention.lua    |  2 +-
 .../third_party/high-frequency-error-protection.lua | 13 +++++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/rules/third_party/brute-force-login-prevention.lua b/src/rules/third_party/brute-force-login-prevention.lua
index a220532..011c5a7 100644
--- a/src/rules/third_party/brute-force-login-prevention.lua
+++ b/src/rules/third_party/brute-force-login-prevention.lua
@@ -24,7 +24,7 @@ if not requestCount then
 else
     -- 如果标志已经为2，则IP处于封禁状态，直接拦截
     if flag == 2 then
-        return waf.block(true)  -- 阻断请求，返回403响应
+        return waf.block(true)  -- 阻断请求
     end
 
     -- 增加非法请求次数
diff --git a/src/rules/third_party/high-frequency-error-protection.lua b/src/rules/third_party/high-frequency-error-protection.lua
index 3cd2a37..410187a 100644
--- a/src/rules/third_party/high-frequency-error-protection.lua
+++ b/src/rules/third_party/high-frequency-error-protection.lua
@@ -2,12 +2,13 @@
 规则名称: 高频错误防护
 过滤阶段: 返回HTTP头阶段
 危险等级: 中危
-规则描述: 监测频繁返回40x、50x错误，当60秒内出现这些错误10次以上，则封禁1440分钟。
+规则描述: 监测频繁返回400、401、403、404、405、429、444错误，当60秒内出现这些错误10次以上，则封禁1440分钟。
 --]]
 
-local function isCommonError(status)
-    -- 检查是否为40x或50x错误
-    return status >= 400 and status < 600
+local function isSpecifiedError(status)
+    -- 检查是否为指定的状态码，限定在 [400, 401, 403, 404, 405, 429, 444]
+    local allowed_errors = {400, 401, 403, 404, 405, 429, 444}
+    return waf.inArray(status, allowed_errors)
 end
 
 -- 配置参数
@@ -21,8 +22,8 @@ local ip = waf.ip
 -- 获取返回的HTTP状态码
 local status = waf.status
 
--- 检查当前请求是否是40x或者50x错误，不是则直接返回false
-if not isCommonError(status) then
+-- 检查当前请求是否是指定的状态码错误，不是则直接返回false
+if not isSpecifiedError(status) then
     return false
 end