Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Read from ddos_config table to determine if nojs script should be shown (allowing to be disabled per domain or path

Browse Source
This commit is contained in:
Thomas Lynch
2025-03-09 21:31:15 +11:00
parent 63a6933aa4
commit c0a2f77f8b
6 changed files with 34 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.yml
View File

@ -46,8 +46,8 @@ services:
nginx: nginx:
ports: ports:
- 81:80 - 1081:80
- 82:80 - 1082:80
image: "nginx:latest" image: "nginx:latest"
volumes: volumes:
- ./nginx:/usr/share/nginx/html - ./nginx:/usr/share/nginx/html

7
haproxy/haproxy.cfg
View File

@ -59,6 +59,9 @@ frontend http-in
# bind 127.0.0.1:80 accept-proxy # bind 127.0.0.1:80 accept-proxy
option forwardfor option forwardfor
# custom log format
log-format "{\"cc\":%{+Q}[capture.req.hdr(1)],\"cip\":\"%ci\",\"cp\":\"%cp\",\"hh\":%{+Q}[capture.req.hdr(0)],\"backend\":\"%b\",\"server\":\"%s\",\"timers\":\"%TR/%Tw/%Tc/%Tr/%Ta\",\"status\":\"%ST\",\"bytes\":\"%B\",\"bs\":\"%U\",\"conns\":\"%ac/%fc/%bc/%sc/%rc\",\"q\":\"%sq/%bq\",\"req\":%{+Q,+E}r,\"GeoIP_Source\":\"GeoIP_Source=%ci\"}"
# optional geoip handling (maps required) and alt-svc header addition # optional geoip handling (maps required) and alt-svc header addition
http-request set-var(req.xcc) src,map_ip(/etc/haproxy/map/geoip.map) http-request set-var(req.xcc) src,map_ip(/etc/haproxy/map/geoip.map)
http-request set-var(req.asn) src,map_ip(/etc/haproxy/map/iptoasn.map) http-request set-var(req.asn) src,map_ip(/etc/haproxy/map/iptoasn.map)
@ -139,8 +142,8 @@ frontend http-in
# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo) # acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)
acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found
#http-request lua.set-lang-json http-request lua.set-lang-json
#http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
# optional alt-svc header (done after cache so not set in cached responses # optional alt-svc header (done after cache so not set in cached responses
acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}" acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"

1
haproxy/map/ddos.map
View File

@ -0,0 +1 @@
localhost {"m":1,"t":false}

2
haproxy/map/ddos_config.map
View File

@ -1 +1 @@
localhost {"pd":27,"pt":"sha256","cex":999,"cip":false} localhost {"pd":27,"pt":"sha256","cex":999,"cip":false,"js":true}

2
haproxy/map/hosts.map
View File

@ -1 +1 @@
localhost 127.0.0.1:81 localhost 127.0.0.1:1081

2
src/lua/scripts/bot-check.lua
View File

@ -187,6 +187,7 @@ function _M.view(applet)
templates.pow_section, templates.pow_section,
ll["This process is automatic, please wait a moment..."] ll["This process is automatic, please wait a moment..."]
) )
if ddos_config["js"] ~= false then
local noscript_extra local noscript_extra
local noscript_prompt local noscript_prompt
if ddos_config["pt"] == "argon2" then if ddos_config["pt"] == "argon2" then
@ -210,6 +211,7 @@ function _M.view(applet)
ll["Paste the script output into the box and submit:"] ll["Paste the script output into the box and submit:"]
) )
end end
end
-- sub in the body sections -- sub in the body sections
response_body = string.format( response_body = string.format(