Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
264 Commits 2 Branches 1 Tag
dev-varnish
Commit Graph

264 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Lynch
4aad3a5e8e Merge branch 'master' into kikeflare 2023-02-14 00:56:39 +11:00
Thomas Lynch
5e9ac793f0 update images, make animated 
update email in license, duh
 2023-02-14 00:47:06 +11:00
Thomas Lynch
80e966b6d4 Revert to 3 dots loader and adjust page style slightly 2023-02-14 00:07:06 +11:00
Thomas Lynch
87f66479d8 - Change to using domain instead of resolving, because cloudflare blocked this even with the host header, and haproxy 2.7 appears to no longer need this 'hack' 
- Fix issue with matched_expiry being 0 and breaking captcha cookie
- Spacing
 2023-02-13 21:59:02 +11:00
Thomas Lynch
5a15eddc4a rename 2023-02-12 21:25:01 +11:00
Thomas Lynch
52ddc455c9 Merge branch 'next' into 'master' 
'next' into master

Closes #21, #18, and #20

See merge request fatchan/haproxy-protection!3
 2023-02-12 02:18:50 +00:00
Thomas Lynch
875e9e5edd Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket 2023-02-12 13:17:03 +11:00
Thomas Lynch
8e673aaf3f Merge branch 'next' into kikeflare 2023-02-12 09:10:38 +11:00
Thomas Lynch
4e3beaf66d use 2 threads at least 2023-02-12 09:09:17 +11:00
Thomas Lynch
d1adb677ba fix footerlogo path 2023-02-12 09:04:16 +11:00
Thomas Lynch
0b648a3ce3 maintenance page fix 2023-02-12 00:34:09 +11:00
Thomas Lynch
12ff24e2d5 Merge branch 'next' into kikeflare 2023-02-11 23:50:35 +11:00
Thomas Lynch
608a7bc9ef Update README & LICENSE, definitely belong here now :^) 2023-02-11 23:43:37 +11:00
Thomas Lynch
f231b86544 Ability to choose between sha256 or argon2 with env var close #21 2023-02-11 23:38:59 +11:00
Thomas Lynch
2089d790a2 update INSTALLATION.md 2023-02-11 21:57:03 +11:00
Thomas Lynch
eb92f6c31b Add back dummy time, shorter (3000ms) 2023-02-11 21:46:29 +11:00
Thomas Lynch
ef938270d8 update docker-compose with correct argon2 envs 2023-02-11 21:45:23 +11:00
Thomas Lynch
9531049aa9 Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout 
Make cookies sent from captcha/pow response be httponly
 2023-02-11 21:39:38 +11:00
Thomas Lynch
9f4c8e8fbb increase the throttle from 100 -> 1 back to 10 to prevent crashing 2023-02-11 21:05:47 +11:00
Thomas Lynch
1612e342ee rename BUCKET_DURATION since its now an expiry time 2023-02-11 21:05:10 +11:00
Thomas Lynch
6e5cf2af31 Make cookie expiry based on issued expiry date from challenge date instead of all expiring on bucket. 
Fixes potential issue of challenges being incorrect if solved right on the bucket change
Allows to solve a challenge at any time (even in the background) and not see the challenge page twice in a small period
Allows for backend to make dynamic expiry of tokens e.g make tor tokens or based on IP reputation not last as long (not implemented atm)
Close #20
 2023-02-11 20:57:21 +11:00
Thomas Lynch
a303689641 Close #18 make answers and redirect calls shared between tabs with localstorage to not solve and submit answer multiple times when opening multiple tabs/bookmarks, etc 2023-02-11 16:08:44 +11:00
Thomas Lynch
08a966c121 Reorganise, move code to not be split between haproxy and src folder 2023-02-11 15:06:35 +11:00
Thomas Lynch
0d56079960 Rename POW vars to separately argon_ for argon2 stuff, improve readme and split out INSTALLATION into separate file 2023-02-11 14:43:55 +11:00
Thomas Lynch
4637df4745 add missing basedflare paths to worker and challenge includes 2023-02-11 14:22:34 +11:00
Thomas Lynch
16767e0a97 Add updated maintenance.html with template vars for lf-file 2023-02-11 14:18:36 +11:00
Thomas Lynch
45bc67fae4 Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict 
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
 2023-02-11 14:16:51 +11:00
Thomas Lynch
43297c931a Merge branch 'master' into kikeflare 2023-01-06 19:14:21 +11:00
Thomas Lynch
1c6504e83e use lua-load-per-thread as per https://cbonte.github.io/haproxy-dconv/2.6/configuration.html\#3.1-lua-load because we don't have any cross request/thread global vars to worry about 2023-01-06 19:04:02 +11:00
Thomas Lynch
b593be8627 Add some reasonable limits to cookie parsing, reduce impact of possible attack 2023-01-06 19:02:20 +11:00
Thomas Lynch
9f290e97f2 Merge branch 'master' into kikeflare 2022-11-06 13:43:57 +11:00
Thomas Lynch
9c17d5b8fc update url lib, change default settings 2022-11-06 13:42:26 +11:00
Thomas Lynch
434586c657 Merge branch 'master' into kikeflare 2022-10-02 21:39:45 +00:00
Thomas Lynch
d61f320ba9 Dont show negative seconds 2022-10-03 08:36:30 +11:00
Thomas Lynch
c61dd4caa2 No need to div/multiply 2022-10-03 08:36:10 +11:00
Thomas Lynch
fb69c46574 Floor remaining time, remove . 2022-10-02 22:15:06 +11:00
Thomas Lynch
4dd6eec87e Show pow speed, and estimate remaining time 2022-10-02 22:11:38 +11:00
Thomas Lynch
f285934bf1 Remove unused sha script 2022-10-02 06:19:32 +00:00
Thomas Lynch
33a1aa02a9 Merge branch 'master' into kikeflare 2022-10-02 06:18:26 +00:00
Thomas Lynch
64e26f65b5 - Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16 
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW

Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
 2022-10-02 04:57:59 +11:00
Thomas Lynch
55eb293675 Merge branch 'master' into kikeflare 2022-10-01 05:53:17 +00:00
Thomas Lynch
eb1dc3e378 Slightly change/improve max used cpu threads, and make tor use all that it has 2022-10-01 15:43:14 +10:00
Thomas Lynch
efe430cf3b Add check for Webassembly support, and error if unsupported 
Improve errors for 400/500 and failed but check post
Remove spinner when inserting error
 2022-10-01 15:36:15 +10:00
Thomas Lynch
eede92d47d Allow a bit better granularity for the difficulty. Recommend an "easier" challenge in terms of memory and iterations, but higher diff. 
Make failed request for captcha/bot form show a little error text.
Make CHALLENGE_INCLUDES_IP "1" = on, anything else = off instead of needing to be unset.
 2022-10-01 15:33:48 +10:00
Thomas Lynch
e7e5d718a3 Merge branch 'master' into kikeflare 2022-09-29 13:14:09 +00:00
Thomas Lynch
434756a7a1 If this fixes what I think it fixes, ill eat my fucking shoe 2022-09-29 21:54:58 +10:00
Thomas Lynch
b43d207847 Make cookie apply to all subdomains 2022-09-28 00:41:04 +10:00
Thomas Lynch
4716cf1be2 Improve & cleanup README, docker-compose, haproxy config argon2 2022-09-25 22:54:51 +10:00
Thomas Lynch
1a1faf9e03 Merge branch 'argon2' into kikeflare 2022-09-25 04:38:02 +00:00
Thomas Lynch
84fe5037b9 Make the staggered start work properly 2022-09-25 14:34:21 +10:00