Cookie + Body

1) Qamrov va ishlash tartibi

1. Foydalanuvchi modalni ochadi: Domen tanlaydi.

2. Qoida turi: Cookie yoki Body.

3. Action tanlanadi (6 ta: Block, Challenge, Redirect, Drop, Allow, Log only).

4. Maqsad maydoniga shart yoziladi (quyidagi DSL).

5. HTTP metodlari, Ustuvorlik, Holat → Qoida qo‘shish.

2) “Maqsad” maydoni — DSL (aniq sintaksis)

A. Cookie DSL

<cookie_nomi>=<operator>:<qiymat>

Bir qoida – bitta shart. Bir nechta shart kerak bo‘lsa, alohida qoida yarating (yoki UI qo‘llasa, qatorlarga ajrating).

B. Body DSL

JSON/Form/Raw bo‘yicha moslash:

Qo‘llab-quvvatlanadigan operatorlar: equals, contains, starts, ends, regex. (Raqamli solishtirish kerak bo‘lsa, log-only’da test qilib keyin qo‘shing.)

3) Amaliy misollar (to‘g‘ridan-to‘g‘ri “Maqsad”ga qo‘yish uchun)

A. Cookie — 10 misol

1. Sessiya yo‘q (POST’da) session_id=exists:false → Challenge (yoki Block)

2. JWT-ko‘rinishdagi token auth_token=regex:"^eyJ[0-9A-Za-z._-]{20,}" → Challenge

3. Admin role cookie (tashqi trafikda) role=equals:admin → Block (faqat ichki IP’lar Allow)

4. CSRF cookie yo‘q (POST endpoint) csrf_token=exists:false → Challenge

5. Shubhali uzun token (agar UI’da uzunlik operatori yo‘q, regex bilan): auth_token=regex:"^.{257,}$" → Log only (avval)

6. Bot izi bo‘lishi mumkin bot_id=exists:true → Drop

7. Til sozlamasi g‘alati locale=regex:"(?i)^[a-z]{2}(_[A-Z]{2})?$" (mos kelmasa → Log only)

8. Test/dev cookie prod’da env=equals:dev → Block

9. Tracking cookie admin yo‘lida __utm=exists:true → Log only

10. SSO token formati sso=contains:Bearer → Redirect (auth sahifaga)

B. Body — 12 misol

1. Email validatsiya (JSON) json:email=regex:"^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$" → Log only (monitoring)

2. O‘zbek telefon raqami form:phone=regex:"^\+998\d{9}$" → Block (agar format qattiq talab)

3. Kredit karta izi (VISA/MC soddalashtirilgan) field=regex:"(?<!\d)(?:4\d{12}(?:\d{3})?|5[1-5]\d{14})(?!\d)" → Block (PII chiqishini to‘xtatish)

4. XSS belgilari field=regex:"<script\b|onerror=|onload=" → Block

5. SQLi pattern field=regex:"(?i)(union\s+select|sleep\()" → Block

6. Path traversal raw=regex:"(?:\.\./){2,}" → Block

7. Noqonuniy fayl nomi (upload) form:filename=regex:"\.(php|phtml|jsp|asp|aspx)$" → Block

8. JWT body’da json:token=regex:"^eyJ" → Challenge (yoki Log only)

9. Katta matn (DoS ehtimoli) field=regex:"^.{10000,}$" → Drop (og‘ir endpointlarda)

10. HTML injection (textarea) json:comment=regex:"<(iframe|object|embed)\b" → Block

11. IBAN/Hisob raqami ko‘rinishida field=regex:"(?i)\b[A-Z]{2}\d{2}[A-Z0-9]{10,30}\b" → Log only (PII kuzatuv)

12. Payme/Click token leaki json:pay_token=regex:"[A-Za-z0-9\-_]{32,}" → Challenge (avval kuzatish)

Eslatma (konfidensiallik): Body’dagi PII qiymatlari loglarda masklanadi. Real kartalar uchun Luhn tekshiruvi bo‘lsa, false-positive kamayadi; bo‘lmasa soddalashtirilgan regex’ni Log onlyda sinab oling.

4) Step-by-step (screenshot bo‘yicha)

1. Domen: csclub.uz (active) ni tanlang.

2. Qoida turi: Cookie yoki Body.

3. Harakat: masalan, Bloklash (yoki Challenge, Redirect, Drop, …).

4. Maqsad:

   • Cookie — session_id=exists:true

   • Body — field=regex:"credit_card" yoki yuqoridagi misollardan biri.

5. HTTP metodlari: tegishli metod(lar)ni belgilang (masalan, POST).

6. Ustuvorlik: odatda 50 (IP+Header’dan keyin, Rate limit bilan yonma-yon).

7. Holat: Faol yoki Log only (yangi qoida — avval Log only).

8. Qoida qo‘shish → real-time sinxronizatsiya → monitoring.

5) Action tanlash bo‘yicha tez jadval