#Protection v.1 - WordPress Protection

(http.request.full_uri contains "wp-config.php") or (http.request.uri.path contains "/xmlrpc.php") or (http.request.full_uri contains ".htaccess") or (http.request.full_uri contains ".my.cnf") or (http.request.full_uri contains ".user.ini") or (http.request.full_uri contains "nginx.conf") or (http.request.full_uri contains ".conf") or (http.request.full_uri contains "config.php") or (http.request.full_uri contains "php.ini") or (http.request.full_uri contains ".ini") or (http.request.full_uri contains ".log") or (http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php") or (http.request.uri.path contains "phpmyadmin") or (http.request.full_uri contains "../") or (http.request.full_uri contains "..%2F") or (http.request.full_uri contains "passwd") or (http.request.uri contains "/dfs/") or (http.request.uri contains "/autodiscover/") or (http.request.uri contains "/wpad.") or (http.request.full_uri contains "webconfig.txt") or (http.request.full_uri contains "vuln.") or (http.request.uri.query contains "base64") or (http.request.uri.query contains "<script") or (http.request.uri.query contains "%3Cscript") or (http.request.uri.query contains "$_GLOBALS[") or (http.request.uri.query contains "$_REQUEST[") or (http.request.uri.query contains "$_POST[") or (http.request.full_uri contains "<?php") or (http.cookie contains "<?php") or (http.cookie contains "<script") or (http.referer contains "<script")

#Protection v.2 - Block Bad Spider

(cf.threat_score gt 15)
or (http.user_agent contains "Yandex")
or (http.user_agent contains "muckrack")
or (http.user_agent contains "Qwantify")
or (http.user_agent contains "Sogou")
or (http.user_agent contains "BUbiNG")
or (http.user_agent contains "knowledge")
or (http.user_agent contains "CFNetwork")
or (http.user_agent contains "Scrapy")
or (http.user_agent contains "SemrushBot")
or (http.user_agent contains "AhrefsBot")
or (http.user_agent contains "Baiduspider")
or (http.user_agent contains "baidu.com")
or (http.user_agent contains "/bin/bash")
or (http.user_agent contains "crawler.feedback@gmail.com")
or (http.user_agent contains "eval(")
or (http.user_agent contains "Nikto")
or (http.user_agent contains "Nimbostratus")
or (http.user_agent contains "python-requests")
or (http.user_agent contains "Scrapy/")
or (http.user_agent contains "SeznamBot/")
or (http.user_agent contains "Sogou web spider/")
or (http.user_agent contains "spbot/")
or (http.user_agent contains "Uptimebot/")
or (http.user_agent contains "WebDAV-MiniRedir")
or (http.user_agent contains "WinHttp.WinHttpRequest")
or (http.user_agent contains "ZmEu")
or (http.user_agent contains "Go-http-client/")
or (http.user_agent contains "DnyzBot/")
or (http.user_agent contains "DotBot/")
or (http.user_agent contains "python-requests")
or ((http.user_agent contains "crawl")
or (http.user_agent contains "Crawl")
or (http.user_agent contains "bot" and not http.user_agent contains "bingbot" and not http.user_agent contains "Google" and not http.user_agent contains "Twitter")
or (http.user_agent contains "Bot" and not http.user_agent contains "Google")
or (http.user_agent contains "Spider")
or (http.user_agent contains "spider")
and not cf.client.bot)

#Protection v.3.1 - Restricted Upload Files by Their Extensions.

(http.request.full_uri contains ".printerexport") or (http.request.full_uri contains ".pl") or (http.request.full_uri contains ".theme") or (http.request.full_uri contains ".vbp") or (http.request.full_uri contains ".xbap") or (http.request.full_uri contains ".xll") or (http.request.full_uri contains ".xnk") or (http.request.full_uri contains ".msu") or (http.request.full_uri contains ".lnk") or (http.request.full_uri contains ".mad") or (http.request.full_uri contains ".maf") or (http.request.full_uri contains ".mag") or (http.request.full_uri contains ".mam") or (http.request.full_uri contains ".maq") or (http.request.full_uri contains ".mar") or (http.request.full_uri contains ".mas") or (http.request.full_uri contains ".mat") or (http.request.full_uri contains ".mau") or (http.request.full_uri contains ".mav") or (http.request.full_uri contains ".maw") or (http.request.full_uri contains ".mda") or (http.request.full_uri contains ".mdb") or (http.request.full_uri contains ".mde") or (http.request.full_uri contains ".mdt") or (http.request.full_uri contains ".mdw") or (http.request.full_uri contains ".mdz") or (http.request.full_uri contains ".msc") or (http.request.full_uri contains ".msh") or (http.request.full_uri contains ".msh1") or (http.request.full_uri contains ".msh2") or (http.request.full_uri contains ".mshxml") or (http.request.full_uri contains ".msh1xml") or (http.request.full_uri contains ".msh2xml ") or (http.request.full_uri contains ".msi") or (http.request.full_uri contains ".msp") or (http.request.full_uri contains ".mst") or (http.request.full_uri contains ".ops") or (http.request.full_uri contains ".osd") or (http.request.full_uri contains ".pcd") or (http.request.full_uri contains ".pif") or (http.request.full_uri contains ".plg") or (http.request.full_uri contains ".prf") or (http.request.full_uri contains ".prg") or (http.request.full_uri contains ".psc1 ") or (http.request.full_uri contains ".pst") or (http.request.full_uri contains ".reg") or (http.request.full_uri contains ".scf") or (http.request.full_uri contains ".scr ") or (http.request.full_uri contains ".sct") or (http.request.full_uri contains ".shb") or (http.request.full_uri contains ".shs") or (http.request.full_uri contains ".tmp") or (http.request.full_uri contains ".url") or (http.request.full_uri contains ".vb") or (http.request.full_uri contains ".vbe") or (http.request.full_uri contains ".vbs") or (http.request.full_uri contains ".vsmacros") or (http.request.full_uri contains ".vsw") or (http.request.full_uri contains ".ws") or (http.request.full_uri contains ".wsc ") or (http.request.full_uri contains ".wsf") or (http.request.full_uri contains ".wsh") or (http.request.full_uri contains ".apk") or (http.request.full_uri contains ".appx") or (http.request.full_uri contains ".appxbundle") or (http.request.full_uri contains ".cab") or (http.request.full_uri contains ".cmd") or (http.request.full_uri contains ".dll") or (http.request.full_uri contains ".dmg") or (http.request.full_uri contains ".exe") or (http.request.full_uri contains ".iso") or (http.request.full_uri contains ".jse") or (http.request.full_uri contains ".lib") or (http.request.full_uri contains ".msix") or (http.request.full_uri contains ".msixbundle") or (http.request.full_uri contains ".nsh") or (http.request.full_uri contains ".wsc") or (http.request.full_uri contains ".scr") or (http.request.full_uri contains ".sys") or (http.request.full_uri contains ".vxd") or (http.request.full_uri contains ".rb") or (http.request.full_uri contains ".sql") or (http.request.full_uri contains ".py") or (http.request.full_uri contains ".ade") or (http.request.full_uri contains ".adp") or (http.request.full_uri contains ".app") or (http.request.full_uri contains ".asp") or (http.request.full_uri contains ".bas") or (http.request.full_uri contains ".bat") or (http.request.full_uri contains ".cer")

#Protection v.3.2 - Restricted Upload Files by Their Extensions.

(http.request.full_uri contains ".cpl") or (http.request.full_uri contains ".crt") or (http.request.full_uri contains ".csh") or (http.request.full_uri contains ".der") or (http.request.full_uri contains ".diagcab") or (http.request.full_uri contains ".exe") or (http.request.full_uri contains ".fxp") or (http.request.full_uri contains ".gadget") or (http.request.full_uri contains ".grp") or (http.request.full_uri contains ".hlp") or (http.request.full_uri contains ".hpj") or (http.request.full_uri contains ".hta") or (http.request.full_uri contains ".inf") or (http.request.full_uri contains ".ins") or (http.request.full_uri contains ".isp") or (http.request.full_uri contains ".its") or (http.request.full_uri contains ".jar") or (http.request.full_uri contains ".jnlp") or (http.request.full_uri contains ".ksh") or (http.request.full_uri contains ".py") or (http.request.full_uri contains ".pyc") or (http.request.full_uri contains ".pyo") or (http.request.full_uri contains ".pyw") or (http.request.full_uri contains ".pyz") or (http.request.full_uri contains ".pyzw") or (http.request.full_uri contains ".ps1") or (http.request.full_uri contains ".ps1xml") or (http.request.full_uri contains ".ps2") or (http.request.full_uri contains ".ps2xml") or (http.request.full_uri contains "psc1") or (http.request.full_uri contains ".psc2") or (http.request.full_uri contains ".psd1") or (http.request.full_uri contains ".psdm1") or (http.request.full_uri contains ".appcontent-ms") or (http.request.full_uri contains ".settingcontent-ms") or (http.request.full_uri contains ".mcf") or (http.request.full_uri contains ".phtml") or (http.request.full_uri contains ".pht") or (http.request.full_uri contains ".php7") or (http.request.full_uri contains ".php5") or (http.request.full_uri contains ".php4") or (http.request.full_uri contains ".php3") or (http.request.full_uri contains "webshell.php") or (http.request.full_uri contains "shell.php") or (http.request.full_uri contains ".php6") or (http.request.full_uri contains "shell.aspx") or (http.request.full_uri contains ".eml") or (http.request.full_uri contains ".sh") or (http.request.full_uri contains ".chm") or (http.request.full_uri contains ".cmd") or (http.request.full_uri contains ".cnt")

#Protection v.4 - CloudFlare as VPN
((http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.path contains "/admin/") or (http.request.uri.path contains "/wp-login.php") or (http.request.uri.path contains "/inc/") or (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains " /wp-admin/theme-editor.php")) and (ip.geoip.country ne "ID")