From 74c0f63302ef7d2f33dcabf4d7690ba5617abdb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9C=89=E5=AE=89=E7=A7=91=E6=8A=80?=
 <Safe3@users.noreply.github.com>
Date: Wed, 21 Sep 2022 08:21:38 +0800
Subject: [PATCH] Update and rename test.lua to anti-cc.lua

---
 rules/anti-cc.lua | 28 ++++++++++++++++++++++++++++
 rules/test.lua    |  0
 2 files changed, 28 insertions(+)
 create mode 100644 rules/anti-cc.lua
 delete mode 100644 rules/test.lua

diff --git a/rules/anti-cc.lua b/rules/anti-cc.lua
new file mode 100644
index 0000000..d79265f
--- /dev/null
+++ b/rules/anti-cc.lua
@@ -0,0 +1,28 @@
+--[[
+规则名称: anti cc
+
+过滤阶段: 请求阶段
+
+危险等级: 中危
+
+规则描述: 当一分钟访问/api/路径频率超过360次，则在5分钟内拦截该ip访问
+--]]
+
+
+local sh = ngx.shared.ipCache
+local c, f = sh:get(waf.ip)
+
+if not waf.startWith(waf.toLower(waf.uri),"/api/") then
+    return false
+end
+
+if not c then
+    sh:set("cc" .. waf.ip, 0, 60, 1)
+else
+    if f == 2 then
+        return ngx.exit(403)
+    elseif c >= 360 then
+        sh:set("cc" .. waf.ip, c, 300, 2)
+    end
+end
+return false
diff --git a/rules/test.lua b/rules/test.lua
deleted file mode 100644
index e69de29..0000000