- Fix some docker-compose issues close #14

- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it

README.MD

@@ -1,9 +1,9 @@
 ## HAProxy DDoS protection system
 
 A fork and further development of a proof of concept from https://github.com/mora9715/haproxy_ddos_protector, a HAProxy configuration and lua scripts allowing a challenge-response page where users solve a captcha and/or proof-of-work.
-Intended to stop bots, spam, ddos, etc.
+Intended to stop bots, spam, ddos, 
 
-Will soon™ be accompanied by a control panel allowing to manage clusters of servers with this installed. Allowing you to add/remove/edit domains, protection rules, blocked ips, backend server IPs, etc during runtime.
+Integrates with https://gitgud.io/fatchan/haproxy-panel-next to add/remove/edit domains, protection rules, blocked ips, backend server IPs, etc during runtime.
 
 Improvements in this fork:
 
@@ -57,7 +57,7 @@ Before installing the tool, ensure that HAProxy is built with Lua support and ve
 
 - Copy [haproxy.cfg](haproxy/haproxy.cfg) to /etc/haproxy
   - Edit the `lua-load` directive to be the absolute path to [register.lua](src/scripts/register.lua)
-  - Edit the paths of sha1.js and worker.js in the `http-request return` directive to the absolut path to the respective files in the haproxy/js folder
+  - Edit the paths of challenge.js and worker.js in the `http-request return` directive to the absolut path to the respective files in the haproxy/js folder
 - Copy [dataplaneapi.hcl](haproxy/dataplaneapi.hcl) to /etc/haproxy
 - Copy or link [scripts](src/scripts) to /etc/haproxy/scripts
 - Copy or link [libs](src/libs) to /etc/haproxy/libs (or a path where Lua looks for modules).

docker-compose.yml

@@ -5,13 +5,11 @@ services:
 #      context: ./
 #      dockerfile: tor/Dockerfile
   haproxy:
-    network_mode: "host"
+    ports:
+      - 80:80
     build:
       context: ./
       dockerfile: haproxy/Dockerfile
-    ports:
-      - 80:80 #http
-      - 2000:2000 #port 2000 haproxy socket for external management
     volumes:
       - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
       - ./haproxy/ddos.map:/etc/haproxy/ddos.map
@@ -25,11 +23,13 @@ services:
       - ./src/scripts/:/etc/haproxy/scripts/
       - ./src/libs/:/etc/haproxy/libs/
       - ./haproxy/js/:/var/www/js/
+      - ./haproxy/html/maintenance.html:/var/www/html/maintenance.html
     environment:
-      - RECAPTCHA_SECRET=
-      - RECAPTCHA_SITEKEY=
+      - RECAPTCHA_SECRET=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
+      - RECAPTCHA_SITEKEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
       - CAPTCHA_COOKIE_SECRET=changeme
       - POW_COOKIE_SECRET=changeme
+      - HMAC_COOKIE_SECRET=changeme
       - RAY_ID=docker
       - BUCKET_DURATION=43200
       - BACKEND_NAME=servers

haproxy/backends.map

@@ -0,0 +1 @@
+localhost websrv1

haproxy/ddos.map

@@ -0,0 +1,2 @@
+localhost 1
+localhost/captcha 2

haproxy/haproxy.cfg

@@ -5,6 +5,7 @@ global
 	lua-load /etc/haproxy/scripts/register.lua
 	stats socket /var/run/haproxy.sock mode 666 level admin
 	stats socket *:2000 level admin
+	httpclient.ssl.verify none
 
 defaults
 	mode http
@@ -20,8 +21,8 @@ frontend http-in
 	bind *:80
 
 	# drop requests with invalid host header
-	acl is_existing_vhost hdr(host),lower,map_str(/etc/haproxy/hosts.map) -m found
-	http-request silent-drop unless is_existing_vhost
+	#acl is_existing_vhost hdr(host),lower,map_str(/etc/haproxy/hosts.map) -m found
+	#http-request silent-drop unless is_existing_vhost
 
 	# debug only, /cdn-cgi/trace
 	#http-request return status 200 content-type "text/plain; charset=utf-8" lf-file /etc/haproxy/trace.txt if { path /cdn-cgi/trace }
@@ -40,9 +41,9 @@ frontend http-in
 	acl ddos_mode_enabled base,map(/etc/haproxy/ddos.map) -m bool
 
 	# serve challenge page scripts directly from haproxy
-	acl is_sha1_js path /js/sha1.js
+	acl is_challenge_js path /js/challenge.js
 	acl is_worker_js path /js/worker.js
-	http-request return file /var/www/js/sha1.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=300" if is_sha1_js
+	http-request return file /var/www/js/challenge.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=300" if is_challenge_js
 	http-request return file /var/www/js/worker.js status 200 content-type "application/javascript; charset=utf-8" hdr "cache-control" "public, max-age=300" if is_worker_js
 
 	# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)

haproxy/js/challenge.js

@@ -0,0 +1,53 @@
+function finishPow(combined, answer) {
+	const submitButton = document.querySelector('input[type=submit]')
+	if (submitButton) {
+		//button is shown only if captcha is enabled
+		submitButton.disabled = false;
+		submitButton.value = 'Submit';
+	} else {
+		window.location=location.search.slice(1)+location.hash || "/";
+	}
+}
+
+const combined = document.querySelector('[data-pow]').dataset.pow;
+const [_userkey, challenge, _signature] = combined.split("#");
+const start = Date.now();
+if (window.Worker && crypto.subtle) {
+	const threads = Math.min(4,Math.ceil(window.navigator.hardwareConcurrency/2));
+	let finished = false;
+	const messageHandler = (e) => {
+		if (finished) { return; }
+		finished = true;
+		workers.forEach(w => w.terminate());
+		const [workerId, answer] = e.data;
+		console.log('Worker', workerId, 'returned answer', answer, 'in', Date.now()-start+'ms');
+		document.cookie='z_ddos_pow='+combined+'#'+answer+';expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; SameSite=Strict; '+(location.protocol==='https:'?'Secure=true; ':'');
+		const dummyTime = 5000 - (Date.now()-start);
+		window.setTimeout(() => finishPow(combined, answer), dummyTime);
+	}
+	const workers = [];
+	for (let i = 0; i < threads; i++) {
+		const shaWorker = new Worker('/js/worker.js');
+		shaWorker.onmessage = messageHandler;
+		workers.push(shaWorker);
+	}
+	workers.forEach((w, i) => w.postMessage([challenge, i, threads]));
+} else {
+	console.warn('No webworker or crypto.subtle support, using legacy method in main/UI thread!');
+	function sha256(ascii){function rightRotate(value,amount){return(value>>>amount)|(value<<(32-amount))};var mathPow=Math.pow;var maxWord=mathPow(2,32);var lengthProperty='length';var i,j;var result='';var words=[];var asciiBitLength=ascii[lengthProperty]*8;var hash=sha256.h=sha256.h||[];var k=sha256.k=sha256.k||[];var primeCounter=k[lengthProperty];var isComposite={};for(var candidate=2;primeCounter<64;candidate+=1){if(!isComposite[candidate]){for(i=0;i<313;i+=candidate){isComposite[i]=candidate}hash[primeCounter]=(mathPow(candidate,.5)*maxWord)|0;k[primeCounter++]=(mathPow(candidate,1/3)*maxWord)|0}}ascii+='\x80';while(ascii[lengthProperty]%64-56){ascii+='\x00';}for(i=0;i<ascii[lengthProperty];i+=1){j=ascii.charCodeAt(i);if(j>>8){return;}words[i>>2]|=j<<((3-i)%4)*8}words[words[lengthProperty]]=((asciiBitLength/maxWord)|0);words[words[lengthProperty]]=(asciiBitLength);for(j=0;j<words[lengthProperty];){var w=words.slice(j,j+=16);var oldHash=hash;hash=hash.slice(0,8);for(i=0;i<64;i+=1){var i2=i+j;var w15=w[i-15],w2=w[i-2];var a=hash[0],e=hash[4];var temp1=hash[7]+(rightRotate(e,6)^rightRotate(e,11)^rightRotate(e,25))+((e&hash[5])^((~e)&hash[6]))+k[i]+(w[i]=(i<16)?w[i]:(w[i-16]+(rightRotate(w15,7)^rightRotate(w15,18)^(w15>>>3))+w[i-7]+(rightRotate(w2,17)^rightRotate(w2,19)^(w2>>>10)))|0);var temp2=(rightRotate(a,2)^rightRotate(a,13)^rightRotate(a,22))+((a&hash[1])^(a&hash[2])^(hash[1]&hash[2]));hash=[(temp1+temp2)|0].concat(hash);hash[4]=(hash[4]+temp1)|0}for(i=0;i<8;i+=1){hash[i]=(hash[i]+oldHash[i])|0}}for(i=0;i<8;i+=1){for(j=3;j+1;j-=1){var b=(hash[i]>>(j*8))&255;result+=((b<16)?0:'')+b.toString(16)}}return result}
+	let challengeIndex = parseInt(challenge[0], 16);
+	let i = 0
+		, result;
+	while(true) {
+		result = sha256(challenge+i);
+		if(result[challengeIndex] === 0x00
+			&& result[challengeIndex+1] === 0x41){
+			console.log('Worker thread found solution:', i);
+			postMessage([id, i]);
+			break;
+		}
+		i++;
+	}
+	const dummyTime = 5000 - (Date.now()-start);
+	window.setTimeout(() => finishPow(combined, result), dummyTime);
+}

haproxy/js/worker.js

@@ -5,19 +5,14 @@ async function hash(data, method) {
 }
 
 onmessage = async function(e) {
-	const [challenge, difficulty, id, threads] = e.data;
-	console.log('Worker thread', id,'got challenge', challenge, 'with difficulty', difficulty);
+	const [challenge, id, threads] = e.data;
+	console.log('Worker thread', id,'got challenge', challenge);
 	let i = id;
 	let challengeIndex = parseInt(challenge[0], 16);
 	while(true) {
-		let result = await hash(challenge+i, 'sha-1');
-		let middle = true;
-		for(let imiddle = 1; imiddle <= difficulty; imiddle++) {
-			middle = (middle && (result[challengeIndex+imiddle] === 0x00));
-		}
-		if(result[challengeIndex] === 0xb0
-			&& middle === true
-			&& result[challengeIndex+difficulty+1] === 0x0b){
+		let result = await hash(challenge+i, 'sha-256');
+		if(result[challengeIndex] === 0x00
+			&& result[challengeIndex+1] === 0x41){
 			console.log('Worker thread found solution:', i);
 			postMessage([id, i]);
 			break;

src/libs/randbytes.lua

@@ -0,0 +1,105 @@
+-- randbytes.lua
+-- Colin 'Oka' Hall-Coates
+-- MIT, 2015
+-- https://github.com/okabsd/randbytes
+local defaults = setmetatable ({
+  bytes = 4,
+  mask = 256,
+  file = 'urandom',
+  filetable = {'urandom', 'random'}
+}, { __newindex = function () return false end })
+
+local files = {
+  urandom = false,
+  random = false
+}
+
+local utils = {}
+
+function utils:gettable (...)
+  local t, r = {...}, defaults.filetable
+  if #t > 0 then r = t end
+  return r
+end
+
+function utils:open (...)
+  for _, f in next, self:gettable (...) do
+    for k, _ in next, files do
+      if k == f then
+        files[f] = assert (io.open ('/dev/'..f, 'rb'))
+      end
+    end
+  end
+end
+
+function utils:close (...)
+  for _, f in next, self:gettable (...) do
+    for k, _ in next, files do
+      if files[f] and k == f then
+        files[f] = not assert (files[f]:close ())
+      end
+    end
+  end
+end
+
+function utils:reader (f, b)
+  if f then
+    return f:read (b or defaults.bytes)
+  end
+end
+
+local randbytes = {
+  generate = function (f, ...)
+    if f then
+      local n, m = 0, select (2, ...) or defaults.mask
+      local s = utils:reader (f, select (1, ...))
+
+      for i = 1, s:len () do
+        n = m * n + s:byte (i)
+      end
+
+      return n
+    end
+  end
+}
+
+function randbytes:open (...)
+  utils:open (...)
+  return self
+end
+
+function randbytes:close (...)
+  utils:close (...)
+  return self
+end
+
+function randbytes:uread (...)
+  return utils:reader (files.urandom, ...)
+end
+
+function randbytes:read (...)
+  return utils:reader (files.random, ...)
+end
+
+function randbytes:urandom (...)
+  return self.generate (files.urandom, ...)
+end
+
+function randbytes:random (...)
+  return self.generate (files.random, ...)
+end
+
+function randbytes:setdefault (k, v)
+  defaults[k] = v or defaults[k]
+  return defaults[k]
+end
+
+utils:open ()
+
+return setmetatable (randbytes, {
+  __call = function (t, ...)
+    return utils:reader (files[defaults.file], ...)
+  end,
+  __metatable = false,
+  __newindex = function () return false end
+})

src/libs/utils.lua

@@ -3,10 +3,13 @@ local _M = {}
 local sha = require("sha")
 local secret_bucket_duration = tonumber(os.getenv("BUCKET_DURATION"))
 
-function _M.generate_secret(context, salt, is_applet, iterations)
+function _M.generate_secret(context, salt, user_key, is_applet)
+
+	-- time bucket for expiry
 	local start_sec = core.now()['sec']
 	local bucket = start_sec - (start_sec % secret_bucket_duration)
-	local ip = context.sf:src()
+
+	-- user agent to counter very dumb spammers
 	local user_agent = ""
 	if is_applet == true then
 		user_agent = context.headers['user-agent'] or {}
@@ -15,13 +18,17 @@ function _M.generate_secret(context, salt, is_applet, iterations)
 		--note req_fhdr not req_hdr otherwise commas in useragent become a delimiter
 		user_agent = context.sf:req_fhdr('user-agent') or ""
 	end
-	if iterations == nil then
-		--hcaptcha secret is just this
-		return context.sc:xxh32(salt .. bucket .. ip .. user_agent)
-	else
-		--POW secret adds the iteration number by the user
-		return sha.sha1(salt .. bucket .. ip .. user_agent .. iterations)
+
+	return sha.sha256(salt .. bucket .. user_key .. user_agent)
+
 end
+
+function _M.split(inputstr, sep)
+	local t = {}
+	for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
+		table.insert(t, str)
+	end
+	return t
 end
 
 return _M

src/scripts/hcaptcha.lua

@@ -5,11 +5,14 @@ local utils = require("utils")
 local cookie = require("cookie")
 local json = require("json")
 local sha = require("sha")
+local randbytes = require("randbytes")
+--require("print_r")
 
 local captcha_secret = os.getenv("HCAPTCHA_SECRET") or os.getenv("RECAPTCHA_SECRET")
 local captcha_sitekey = os.getenv("HCAPTCHA_SITEKEY") or os.getenv("RECAPTCHA_SITEKEY")
 local captcha_cookie_secret = os.getenv("CAPTCHA_COOKIE_SECRET")
 local pow_cookie_secret = os.getenv("POW_COOKIE_SECRET")
+local hmac_cookie_secret = os.getenv("HMAC_COOKIE_SECRET")
 local ray_id = os.getenv("RAY_ID")
 
 local captcha_map = Map.new("/etc/haproxy/ddos.map", Map._str);
@@ -99,7 +102,7 @@ local body_template = [[
 			<p>Security and Performance by <a href="https://gitgud.io/fatchan/haproxy-protection/">haproxy-protection</a></p>
 			<p>Vey ID: <code>%s</code></p>
 		</footer>
-		<script src="/js/sha1.js"></script>
+		<script src="/js/challenge.js"></script>
 	</body>
 </html>
 ]]
@@ -154,8 +157,15 @@ function _M.view(applet)
 	local response_status_code
 	if applet.method == "GET" then
 
-		-- get challenge string for proof of work
-		generated_work = utils.generate_secret(applet, pow_cookie_secret, true, "")
+		-- get the user_key#challenge#sig
+		local user_key = sha.bin_to_hex(randbytes(16))
+		local challenge_hash = utils.generate_secret(applet, pow_cookie_secret, user_key, true)
+		local signature = sha.hmac(sha.sha256, hmac_cookie_secret, user_key .. challenge_hash)
+		local combined_challenge = user_key .. "#" .. challenge_hash .. "#" .. signature
+		-- print_r(user_key)
+		-- print_r(challenge_hash)
+		-- print_r(signature)
+		-- print_r(combined_challenge)
 
 		-- define body sections
 		local site_name_body = ""
@@ -173,7 +183,6 @@ function _M.view(applet)
 		if captcha_map_lookup == 2 then
 			captcha_enabled = true
 		end
-		--
 
 		-- pow at least is always enabled when reaching bot-check page
 		site_name_body = string.format(site_name_section_template, host)
@@ -181,18 +190,15 @@ function _M.view(applet)
 			captcha_body = string.format(captcha_section_template, captcha_classname, captcha_sitekey, captcha_script_src)
 		else
 			pow_body = pow_section_template
-			noscript_extra_body = string.format(noscript_extra_template, generated_work)
+			noscript_extra_body = string.format(noscript_extra_template, combined_challenge)
 		end
 
 		-- sub in the body sections
-		response_body = string.format(body_template, generated_work, site_name_body, pow_body, captcha_body, noscript_extra_body, ray_id)
+		response_body = string.format(body_template, combined_challenge, site_name_body, pow_body, captcha_body, noscript_extra_body, ray_id)
 		response_status_code = 403
 	elseif applet.method == "POST" then
 		local parsed_body = url.parseQuery(applet.receive(applet))
 		local user_captcha_response = parsed_body["h-captcha-response"] or parsed_body["g-recaptcha-response"]
---		require("print_r")
---		print_r(captcha_provider_domain)
---		print_r(user_captcha_response)
 		if user_captcha_response then
 			local captcha_url = string.format(
 				"https://%s%s",
@@ -217,10 +223,14 @@ function _M.view(applet)
 				api_response = {}
 			end
 			if api_response.success == true then
-				local floating_hash = utils.generate_secret(applet, captcha_cookie_secret, true, nil)
+				-- for captcha, they dont need to solve a POW but we check the user_hash and sig later
+				local user_key = sha.bin_to_hex(randbytes(16))
+				local user_hash = utils.generate_secret(applet, captcha_cookie_secret, user_key, true)
+				local signature = sha.hmac(sha.sha256, hmac_cookie_secret, user_key .. user_hash)
+				local combined_cookie = user_key .. "#" .. user_hash .. "#" .. signature
 				applet:add_header(
 					"set-cookie",
-					string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; SameSite=Strict; Secure=true;", floating_hash)
+					string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; SameSite=Strict; Secure=true;", combined_cookie)
 				)
 			end
 		end
@@ -253,26 +263,57 @@ function _M.decide_checks_necessary(txn)
 	-- otherwise, domain+path was set to 0 (whitelist) or there is no entry in the map
 end
 
--- check if captcha token is valid, separate secret from POW
+-- check if captcha cookie is valid, separate secret from POW
 function _M.check_captcha_status(txn)
 	local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
-	local expected_cookie = utils.generate_secret(txn, captcha_cookie_secret, false, nil)
-	if parsed_request_cookies["z_ddos_captcha"] == expected_cookie then
+	local received_captcha_cookie = parsed_request_cookies["z_ddos_captcha"] or ""
+	local split_cookie = utils.split(received_captcha_cookie, "#")
+	if #split_cookie ~= 3 then
+		return
+	end
+	local given_user_key = split_cookie[1]
+	local given_user_hash = split_cookie[2]
+	local given_signature = split_cookie[3]
+	-- regenerate the user hash and compare it
+	local generated_user_hash = utils.generate_secret(txn, captcha_cookie_secret, given_user_key, false)
+	if generated_user_hash ~= given_user_hash then
+		return
+	end
+	-- regenerate the signature and compare it
+	local generated_signature = sha.hmac(sha.sha256, hmac_cookie_secret, given_user_key .. given_user_hash)
+	if given_signature == generated_signature then
 		return txn:set_var("txn.captcha_passed", true)
 	end
 end
 
--- check if pow token is valid
+-- check if pow cookie is valid
 function _M.check_pow_status(txn)
 	local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
-	if parsed_request_cookies["z_ddos_pow"] then
-		local generated_work = utils.generate_secret(txn, pow_cookie_secret, false, "")
-		local iterations = parsed_request_cookies["z_ddos_pow"]
-		local completed_work = sha.sha1(generated_work .. iterations)
-		local challenge_offset = tonumber(generated_work:sub(1,1),16) * 2
-		if completed_work:sub(challenge_offset+1, challenge_offset+4) == 'b00b' then -- i dont know lua properly :^)
-			return txn:set_var("txn.pow_passed", true)
+	local received_pow_cookie = parsed_request_cookies["z_ddos_pow"] or ""
+	-- split the cookie up
+	local split_cookie = utils.split(received_pow_cookie, "#")
+	if #split_cookie ~= 4 then
+		return
 	end
+	local given_user_key = split_cookie[1]
+	local given_challenge_hash = split_cookie[2]
+	local given_signature = split_cookie[3]
+	local given_nonce = split_cookie[4]
+	-- regenerate the challenge and compare it
+	local generated_challenge_hash = utils.generate_secret(txn, pow_cookie_secret, given_user_key, false)
+	if given_challenge_hash ~= generated_challenge_hash then
+		return
+	end
+	-- regenerate the signature and compare it
+	local generated_signature = sha.hmac(sha.sha256, hmac_cookie_secret, given_user_key .. given_challenge_hash)
+	if given_signature ~= generated_signature then
+		return
+	end
+	-- check the work
+	local completed_work = sha.sha256(generated_challenge_hash .. given_nonce)
+	local challenge_offset = tonumber(generated_challenge_hash:sub(1,1),16) * 2
+	if completed_work:sub(challenge_offset+1, challenge_offset+4) == '0041' then -- i dont know lua properly :^)
+		return txn:set_var("txn.pow_passed", true)
 	end
 end