Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: remove ratelimiting functionality,

Browse Source 
add on-demand global / per-domain ddos protection enabling
add automatic redirect from captcha page back to the requested source
prettify the captcha page
This commit is contained in:
Eugene Prodan
2021-06-10 23:08:45 +03:00
parent d2137f445e
commit ae2564d4db
17 changed files with 235 additions and 1331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
haproxy/Dockerfile
View File

@ -97,7 +97,7 @@ ADD haproxy/docker-entrypoint.sh /usr/local/bin/
RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat
# This is terrible mess but we need it for simple testing purposes of our POC
RUN apt-get update && apt-get install libssl-dev make nano wget gcc libreadline-dev unzip git -y
RUN apt-get update && apt-get install libssl-dev make nano wget gcc libreadline-dev unzip git socat -y
RUN wget http://www.lua.org/ftp/lua-5.3.5.tar.gz &&\
tar -zxf lua-5.3.5.tar.gz &&\
cd lua-5.3.5 &&\

0
haproxy/domains_under_ddos.txt Normal file
View File

16
haproxy/haproxy.cfg
View File

@ -3,6 +3,7 @@ global
maxconn 256
log stdout format raw local0 debug
lua-load /usr/local/etc/haproxy/scripts/register.lua
stats socket /var/run/haproxy.sock mode 666 level admin
defaults
mode http
@ -12,16 +13,17 @@ defaults
frontend http-in
bind *:80
default_backend servers
http-request lua.hcaptcha-redirect if !{ path -m beg /captcha }
http-request use-service lua.hello-world if { path /hello_world }
http-request use-service lua.hcaptcha-view if { path /captcha/ }
http-request lua.ratelimit if !{ path -m beg /captcha }
acl ddos_mode_enabled hdr_cnt(xr3la1rfFc) eq 0
acl domain_under_ddos hdr(host) -i -f /usr/local/etc/haproxy/domains_under_ddos.txt
acl captcha_passed var(txn.captcha_passed) -m bool
acl on_captcha_url path -m beg /captcha
redirect prefix /captcha code 301 if !captcha_passed !on_captcha_url
http-request lua.hcaptcha-redirect if !{ path -m beg /captcha }
http-request use-service lua.hcaptcha-view if { path /captcha }
http-request redirect location /captcha?%[capture.req.uri] code 301 if !captcha_passed !on_captcha_url ddos_mode_enabled OR domain_under_ddos
default_backend servers
backend servers
server server1 nginx:80 maxconn 32