Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout

Browse Source 
Make cookies sent from captcha/pow response be httponly
This commit is contained in:
Thomas Lynch
2023-02-11 21:39:38 +11:00
parent 9f4c8e8fbb
commit 9531049aa9
3 changed files with 17 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/lua/scripts/bot-check.lua
View File

@ -38,7 +38,7 @@ local hmac_cookie_secret = os.getenv("HMAC_COOKIE_SECRET")
local ray_id = os.getenv("RAY_ID")
-- load captcha map and set hcaptcha/recaptch based off env vars
local captcha_map = Map.new("/etc/haproxy/ddos.map", Map._str);
local captcha_map = Map.new("/etc/haproxy/map/ddos.map", Map._str);
local captcha_provider_domain = ""
local captcha_classname = ""
local captcha_script_src = ""
@ -68,8 +68,8 @@ function _M.setup_servers()
if backend_name == nil or server_prefix == nil then
return;
end
local hosts_map = Map.new("/etc/haproxy/hosts.map", Map._str);
local handle = io.open("/etc/haproxy/hosts.map", "r")
local hosts_map = Map.new("/etc/haproxy/map/hosts.map", Map._str);
local handle = io.open("/etc/haproxy/map/hosts.map", "r")
local line = handle:read("*line")
local counter = 1
while line do
@ -77,7 +77,7 @@ function _M.setup_servers()
local port_index = backend_host:match'^.*():'
local backend_hostname = backend_host:sub(0, port_index-1)
local backend_port = backend_host:sub(port_index + 1)
core.set_map("/etc/haproxy/backends.map", domain, server_prefix..counter)
core.set_map("/etc/haproxy/map/backends.map", domain, server_prefix..counter)
local proxy = core.proxies[backend_name].servers[server_prefix..counter]
proxy:set_addr(backend_hostname, backend_port)
proxy:set_ready()
@ -214,7 +214,7 @@ function _M.view(applet)
applet:add_header(
"set-cookie",
string.format(
"_basedflare_pow=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; Domain=.%s; SameSite=Strict;%s",
"_basedflare_pow=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; Domain=.%s; SameSite=Strict; HttpOnly;%s",
combined_cookie,
applet.headers['host'][0],
secure_cookie_flag
@ -268,7 +268,7 @@ function _M.view(applet)
applet:add_header(
"set-cookie",
string.format(
"_basedflare_captcha=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; Domain=.%s; SameSite=Strict;%s",
"_basedflare_captcha=%s; Expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/; Domain=.%s; SameSite=Strict; HttpOnly;%s",
combined_cookie,
applet.headers['host'][0],
secure_cookie_flag