Jeetkune
Administrator
Under the topic Step 3 - WAF Custom Rules - Known, one of the rules you have implemented is the Cloudflare Threat Score rule.
Among the rules you have implemented, there is a rule called Cloudflare Threat Score.
Please follow the steps described below carefully and precisely to set up the index-static.html file. This is crucial to avoid disrupting legitimate access to your site.
After completing the previous steps, follow these instructions:
Make sure that you paste the code in the exact location specified, just above the $page_info = array( line and right after the <?php tag. Incorrect placement could cause errors on your site.
Once you've done this, the updates will be applied, and your site will work with the new configuration.

If you have done everything correctly, it should work. However, there is an important point you must not forget. Please read this carefully.
The rules you have implemented will block all files or directories after the / in your domain URL.
For example:
By following these measures, you can maintain strong protection while ensuring your site remains accessible to real users.
That's all... ( jeetkune and yeva )
Among the rules you have implemented, there is a rule called Cloudflare Threat Score.
- The threat score value for this rule is set to 1.
- This is extremely important, as a score of 1 is highly effective against DDoS attacks.
- However, a threat score of 1 blocks legitimate access to your site.
Please follow the steps described below carefully and precisely to set up the index-static.html file. This is crucial to avoid disrupting legitimate access to your site.How to View and Save the Page Source of a Login Page in Chrome:
- Open the Login Page
Navigate to the login page of your chat website in Google Chrome. - Access the Page Source
- Download and Extract the File
- Download the zip file shared at the bottom of the forum page.
- Extract the file to access the empty index-static.html file.
- Copy the Source Code
- Return to the View Page Source tab where you accessed the login page's source code.
- Copy all the source code of the login page (before logging in).
- Paste the Source Code into the File
- Open the extracted index-static.html file in a text editor (e.g., Notepad, VS Code, etc.).
- Paste the copied source code into this file.
- Save the file without making any changes to its name. Do not rename the file.
- Upload the File to Your FTP Server
- Log in to your FTP server and navigate to the root directory (where the main index.html file is located).
- Upload the index-static.html file to the root directory.
- Ensure that the file appears in the FTP directory with the name index-static.html.
- Final Check
- After uploading, verify that the file is correctly placed in the root directory and remains named as index-static.html.
After completing the previous steps, follow these instructions:
- Open Your index.php File
Open your index.php file in your code editor. - Locate the $page_info = array( Line
Find the line where you define $page_info = array( in your index.php file. - Insert the Code Right Above This Line
As shown in the image, copy and paste the following code just above the $page_info = array( line, starting from the line right after the <?php tag. - Modify the your_cookie Line
In the code you paste, replace the your_cookie line with the cookie name that you set after logging into your site.
For example, if the cookie name is tc_userid, change it to tc_userid or whatever your cookie - Save and Upload the File
After pasting the code, save the file and upload the updated index.php file to your server using FTP.
Make sure that you paste the code in the exact location specified, just above the $page_info = array( line and right after the <?php tag. Incorrect placement could cause errors on your site.Once you've done this, the updates will be applied, and your site will work with the new configuration.

PHP:
// Başlangıçta karakter kodlamasını belirtheader('Content-Type: text/html; charset=utf-8');
// your_cookie çerezi ayarlı değilse ve script CLI modunda değilse
if (!isset($_COOKIE['your_cookie']) && (php_sapi_name() !== 'cli')) {
$static = file_get_contents('index-static.html');
// İçeriğin "gradient_sheet" içerip içermediğini kontrol et
if (strpos($static, "gradient_sheet") !== false) {
// Varnish önbelleklemesi için uygun başlıkları gönder
header('Cache-Control: public, max-age=86400'); // 1 gün önbellek
header('Pragma: cache'); // Önbelleği etkinleştir
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 86400) . ' GMT'); // Son kullanma başlığı
// Statik içeriği gönder ve scripti sonlandır
die($static);
}
}
If you have done everything correctly, it should work. However, there is an important point you must not forget. Please read this carefully.
The rules you have implemented will block all files or directories after the / in your domain URL.
For example:
- your_domain.com/a.php
As you can see, the file a.php comes after the /. This could also be an image, MP3, or any other file or directory.
Why Did We Apply Rate Limiting Only to
If we were to block access to domain.com/ directly, no users would be able to access your website at all. Instead, by using threat score and rate limiting, we have successfully managed to significantly reduce all heavy and high-volume DDoS attacks without disrupting legitimate traffic.Recommended Setup for Better Protection
To ensure optimal performance and protection, I strongly recommend that your VPS server has at least 4 CPUs. This is critical for handling traffic effectively during DDoS mitigation.By following these measures, you can maintain strong protection while ensuring your site remains accessible to real users.
That's all... ( jeetkune and yeva )
Attachments
Last edited: