mirror of
https://gitgud.io/fatchan/haproxy-protection.git
synced 2025-05-09 02:05:37 +00:00
Add custom tfp example for writing custom case scripts, todo make not apply only to captcha
This commit is contained in:
@@ -18,7 +18,7 @@ RUN set -eux; \
|
||||
--uid 99 \
|
||||
haproxy
|
||||
|
||||
ENV HAPROXY_URL http://www.haproxy.org/download/3.0/src/snapshot/haproxy-ss-LATEST.tar.gz
|
||||
ENV HAPROXY_URL http://www.haproxy.org/download/3.1/src/snapshot/haproxy-ss-LATEST.tar.gz
|
||||
ENV DATAPLANEAPI_URL https://github.com/haproxytech/dataplaneapi/releases/download/v2.7.5/dataplaneapi_2.7.5_Linux_x86_64.tar.gz
|
||||
|
||||
# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
|
||||
|
@@ -6,12 +6,15 @@ global
|
||||
maxconn "${HAPROXY_MAXCONN}"
|
||||
log stdout format raw local0 debug
|
||||
lua-load /etc/haproxy/scripts/register-servers.lua
|
||||
lua-load-per-thread /etc/haproxy/scripts/tfp.lua
|
||||
lua-load-per-thread /etc/haproxy/scripts/register-bot-check.lua
|
||||
stats socket /var/run/haproxy.sock mode 666 level admin
|
||||
stats socket 127.0.0.1:1999 level admin
|
||||
httpclient.ssl.verify none
|
||||
# Allow larger buffer size for return-file of argon scripts
|
||||
tune.bufsize 51200
|
||||
expose-deprecated-directives
|
||||
tune.ssl.capture-buffer-size 200
|
||||
|
||||
defaults
|
||||
log global
|
||||
@@ -51,7 +54,7 @@ frontend http-in
|
||||
|
||||
# Clearnet http (you'll have to figure out https yourself)
|
||||
bind *:80
|
||||
# bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem alpn h3,h2,http/1.1
|
||||
bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem alpn h2,http/1.1
|
||||
# bind quic4@*:443 ssl crt /etc/haproxy/certs/haproxy.pem
|
||||
# http-response set-header alt-svc "h3=\":443\";ma=900;"
|
||||
|
||||
@@ -59,9 +62,12 @@ frontend http-in
|
||||
# bind 127.0.0.1:80 accept-proxy
|
||||
option forwardfor
|
||||
|
||||
# tfp lua dev test
|
||||
http-request lua.set_tfp
|
||||
|
||||
# custom log format
|
||||
log-format "{\"cc\":%{+Q}[capture.req.hdr(1)],\"cip\":\"%ci\",\"cp\":\"%cp\",\"hh\":%{+Q}[capture.req.hdr(0)],\"backend\":\"%b\",\"server\":\"%s\",\"timers\":\"%TR/%Tw/%Tc/%Tr/%Ta\",\"status\":\"%ST\",\"bytes\":\"%B\",\"bs\":\"%U\",\"conns\":\"%ac/%fc/%bc/%sc/%rc\",\"q\":\"%sq/%bq\",\"req\":%{+Q,+E}r,\"GeoIP_Source\":\"GeoIP_Source=%ci\"}"
|
||||
|
||||
log-format "{\"cc\":%{+Q}[capture.req.hdr(1)],\"tp\":%{+Q}[var(txn.fp_custom)],\"cip\":\"%ci\",\"cp\":\"%cp\",\"hh\":%{+Q}[capture.req.hdr(0)],\"backend\":\"%b\",\"server\":\"%s\",\"timers\":\"%TR/%Tw/%Tc/%Tr/%Ta\",\"status\":\"%ST\",\"bytes\":\"%B\",\"bs\":\"%U\",\"conns\":\"%ac/%fc/%bc/%sc/%rc\",\"q\":\"%sq/%bq\",\"req\":%{+Q,+E}r,\"GeoIP_Source\":\"GeoIP_Source=%ci\"}"
|
||||
|
||||
# optional geoip handling (maps required) and alt-svc header addition
|
||||
http-request set-var(req.xcc) src,map_ip(/etc/haproxy/map/geoip.map)
|
||||
http-request set-var(req.asn) src,map_ip(/etc/haproxy/map/iptoasn.map)
|
||||
@@ -169,7 +175,7 @@ backend haproxy-to-varnish-cache
|
||||
|
||||
backend servers
|
||||
balance roundrobin
|
||||
default-server ssl verify required ca-file ca-certificates.crt sni req.hdr(Host) check observe layer4 inter 30
|
||||
default-server ssl verify required ca-file ca-certificates.crt sni req.hdr(Host) check observe layer4 inter 30s
|
||||
use-server %[lua.get_server_names] if TRUE
|
||||
|
||||
backend bot_check_post_throttle
|
||||
|
1
haproxy/map/bfp.map
Normal file
1
haproxy/map/bfp.map
Normal file
@@ -0,0 +1 @@
|
||||
#
|
@@ -0,0 +1 @@
|
||||
localhost {"m":0,"t":false}
|
||||
|
@@ -1 +1 @@
|
||||
localhost {"pd":27,"pt":"sha256","cex":999,"cip":false,"js":true}
|
||||
localhost {"pd":21,"pt":"sha256","cex":999,"cip":true,"js":true}
|
||||
|
1
haproxy/map/lfp.map
Normal file
1
haproxy/map/lfp.map
Normal file
@@ -0,0 +1 @@
|
||||
#
|
Reference in New Issue
Block a user