mirror of
https://gitgud.io/fatchan/haproxy-protection.git
synced 2025-05-09 02:05:37 +00:00
Refactor fetching header for difference between applet and transaction mode.
Improve locale_strings map by re json.encode. Add method to put translation jsons into txn var and read with a json_query fetch inside template files not served by a lua view e.g. maintenance page
This commit is contained in:
Thomas Lynch
@ -76,14 +76,14 @@ frontend http-in
|
||||
acl ddos_mode_enabled base,map(/etc/haproxy/map/ddos.map) -m bool
|
||||
|
||||
# serve challenge page scripts directly from haproxy
|
||||
http-request return file /etc/haproxy/js/auto.min.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=86400" if { path /.basedflare/js/auto.min.js }
|
||||
http-request return file /etc/haproxy/js/argon2.min.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=86400" if { path /.basedflare/js/argon2.min.js }
|
||||
http-request return file /etc/haproxy/js/challenge.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=86400" if { path /.basedflare/js/challenge.min.js }
|
||||
http-request return file /etc/haproxy/js/worker.min.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=86400" if { path /.basedflare/js/worker.min.js }
|
||||
http-request return file /etc/haproxy/js/auto.min.js status 200 content-type "application/javascript; charset=utf-8" hdr "Cache-Control" "public, max-age=86400" if { path /.basedflare/js/auto.min.js }
|
||||
http-request return file /etc/haproxy/js/argon2.min.js status 200 content-type "application/javascript; charset=utf-8" hdr "Cache-Control" "public, max-age=86400" if { path /.basedflare/js/argon2.min.js }
|
||||
http-request return file /etc/haproxy/js/challenge.js status 200 content-type "application/javascript; charset=utf-8" hdr "Cache-Control" "public, max-age=86400" if { path /.basedflare/js/challenge.min.js }
|
||||
http-request return file /etc/haproxy/js/worker.min.js status 200 content-type "application/javascript; charset=utf-8" hdr "Cache-Control" "public, max-age=86400" if { path /.basedflare/js/worker.min.js }
|
||||
|
||||
# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)
|
||||
acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found
|
||||
http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "cache-control" "private, max-age=30" if maintenance_mode
|
||||
use_backend maintenance if maintenance_mode
|
||||
|
||||
# rewrite specific domain+path to domain or domain+path
|
||||
http-request redirect location https://%[base,map(/etc/haproxy/map/rewrite.map)] code 302 if { base,map(/etc/haproxy/map/rewrite.map) -i -m found }
|
||||
@ -114,18 +114,39 @@ frontend http-in
|
||||
# simple example cache for files
|
||||
http-request set-var(txn.path) path
|
||||
acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
|
||||
http-request cache-use basic_cache if can_cache
|
||||
http-response cache-store basic_cache if can_cache
|
||||
|
||||
|
||||
# optional alt-svc header (done after cache so not set in cached responses
|
||||
http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
|
||||
|
||||
acl c0 res.hdr(Cache-Control,0) -m sub max-age=0
|
||||
acl c0 res.hdr(Cache-Control,1) -m sub max-age=0
|
||||
acl c0 res.hdr(Cache-Control,2) -m sub max-age=0
|
||||
acl cf0 res.fhdr(Cache-Control,0) -m sub max-age=0
|
||||
acl cf0 res.fhdr(Cache-Control,1) -m sub max-age=0
|
||||
acl cf0 res.fhdr(Cache-Control,2) -m sub max-age=0
|
||||
http-response set-header X-c0 true if c0
|
||||
http-response set-header X-cf0 true if cf0
|
||||
http-response set-header X-res-hdr0-Cache-Control %[res.hdr(Cache-Control,0)]
|
||||
http-response set-header X-res-hdr1-Cache-Control %[res.hdr(Cache-Control,1)]
|
||||
http-response set-header X-res-hdr2-Cache-Control %[res.hdr(Cache-Control,2)]
|
||||
http-response set-header X-res-fhdr0-Cache-Control %[res.fhdr(Cache-Control,0)]
|
||||
http-response set-header X-res-fhdr1-Cache-Control %[res.fhdr(Cache-Control,1)]
|
||||
http-response set-header X-res-fhdr2-Cache-Control %[res.fhdr(Cache-Control,2)]
|
||||
|
||||
http-request cache-use basic_cache
|
||||
http-response cache-store basic_cache
|
||||
default_backend servers
|
||||
|
||||
cache basic_cache
|
||||
total-max-size 2500
|
||||
total-max-size 250
|
||||
max-object-size 31457280
|
||||
max-age 86400
|
||||
process-vary on
|
||||
|
||||
backend maintenance
|
||||
http-request lua.set-lang-json
|
||||
http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30"
|
||||
|
||||
backend servers
|
||||
balance leastconn
|
||||
|
||||
Reference in New Issue
Block a user