Kills Sniffers. There is some amount of duplication of rules but I stopped caring when CF got uppity about how somethings that should match url.path would not, so scorch em.
socksthewolf.com
FuckOff.waf
1(http.request.uri contains "laravel") or (http.request.uri contains ".git") or (http.request.uri.path in {"/register" "/administrator" "/mini" "/images" "/files" "/fzh" "/fb" "/fwc" "/1" "/telescope/requests" "/config.json" "/server-status" "/aaabbbccc" "/alfa" "/news_sitemap.xml" "/sitemap-index.xml" "/sitemap.txt" "/sitemap.html" "sitemap_index.xml" "/.s3cfg" "/.boto" "/phpinfo" "/credentials.json" "/.secrets" "/appsettings.json" "/.credentials" "/application.yml" "/settings.json" "/properties.ini" "/res/favicon.ico" "/officialsite" "/sse" "/mcp" "/fav-icon.ico" "/image/logo.ico" "/image/favicon.ico" "/image/favicon.png" "/details/images/favicon.ico" "/imgs/logox.png" "/img/logo_512.png" "/img/logo.png" "/media/system/js/core.js" "/images/log1.png" "/test_404_page"}) or (http.request.uri wildcard r"*env*") or (http.request.uri.path contains "alfa") or (http.request.uri contains ".vscode") or (http.request.uri contains ".vercel") or (http.request.uri contains "docker") or (http.request.uri contains "stripe") or (http.request.uri contains "netlify") or (not http.request.method in {"GET" "POST" "OPTIONS" "DELETE" "HEAD"}) or (http.request.uri wildcard r"/assets*") or (http.request.uri wildcard r"/images*") or (ends_with(http.request.uri, "aspx")) or (http.request.uri contains "/https%3A") or (http.request.uri contains "ALFA_DATA") or (http.request.uri contains ".trash") or (http.request.uri contains "sftp-config") or (http.request.uri contains "meta-data") or (http.request.uri contains ".azure") or (http.request.uri contains ".aws") or (http.request.uri contains "config") or (http.request.uri wildcard r"*swagger*") or (http.request.uri wildcard r"/theme*") or (http.request.uri contains "php") or (http.request.uri wildcard r"/static*") or (http.request.uri contains "Alvin9999") or (ends_with(http.request.uri, ".sql")) or (ends_with(http.request.uri, ".log")) or (ends_with(http.request.uri, ".sh")) or (ends_with(http.request.uri, ".key")) or (starts_with(http.request.uri.path, "/v1/file/icon/seo")) or (http.request.uri contains "wordpress") or (http.request.uri.path contains "wp-") or (http.request.uri contains "wp-login") or (http.request.uri wildcard r"*wp*") or (http.request.uri.path wildcard r"*rss*") or (http.request.uri.path wildcard r"*feed*") or (http.request.uri wildcard r"*blog*") or (http.request.uri contains "WordPress") or (http.request.uri.path wildcard r"/wp*") or (http.request.uri wildcard r"/*.ico/*")