Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
283 Commits 2 Branches 1 Tag
241c04a1b2c808a8815c6ad6c8fe5389d0587c82
Commit Graph

283 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Lynch
241c04a1b2 Add health check setup in server registration 
Add observe layer4 inter to default server line
Fix 3rd nginx and update docker-compose
Remove x-haproxy-cn header fetch because it only needs to be a static fetch of haproxy_cn, since the logic overwrite it to be equivalent
 2025-03-28 21:27:21 +11:00
Thomas Lynch
566762d608 Improve backend geo routing to avoid going to further backend for non matching user and proxy cn 2025-03-19 21:10:25 +11:00
Thomas Lynch
fca0eb03b8 Fix the fetch context in server selection not having txn.cdn available, pull from header directly instead 2025-03-17 19:06:28 +11:00
Thomas Lynch
a65d7b90d1 update example maps 2025-03-16 23:03:50 +11:00
Thomas Lynch
842df64c5e Update haproxy dockerfile for newer lua and fix ca-certificate installation 
Add verify_none option in server registration (for development testing of SSL backends)
 2025-03-16 22:49:00 +11:00
Thomas Lynch
fdbd19ba30 Remove debug prints 2025-03-16 15:57:56 +11:00
Thomas Lynch
30eb129bd8 Push ssl testing 2025-03-16 15:55:49 +11:00
Thomas Lynch
488eb02210 Fix some issues with runtime socket because geo server splitting used invalid character 
Add additional challenge, not enabled yet
 2025-03-16 14:08:39 +11:00
Thomas Lynch
a259d5189f varnish tweaks 2025-03-15 17:34:29 +11:00
Thomas Lynch
6f10291892 First iteration of working geo routing 2025-03-15 17:31:20 +11:00
Thomas Lynch
84ddfbc719 Add geo routing to different backends for same domain 2025-03-15 12:45:22 +11:00
Thomas Lynch
c0a2f77f8b Read from ddos_config table to determine if nojs script should be shown (allowing to be disabled per domain or path 2025-03-09 23:06:59 +11:00
Thomas Lynch
63a6933aa4 Update challenge.js to try/catch each attempt at clearing subdomain cookies to ignore "rejected for domain" errors 2025-01-25 10:12:00 +11:00
Thomas Lynch
2011f60377 Fix some variables to be local scope instead of globals 2025-01-19 00:23:23 +11:00
Thomas Lynch
413deac66b Change bot-check cookie to Lax because that only breaks cross-site navigations without providing any real securit ybenefit 2024-12-08 12:41:53 +11:00
Thomas Lynch
923957d0e7 Change variable to table map name, for checking against whitelist for admin bypass 2024-11-30 03:55:40 +11:00
Thomas Lynch
ba05a88ca8 Allow admin accounts whitelists to bypass for all domains even if not matching in domtoacc map 2024-11-29 15:22:08 +11:00
Thomas Lynch
bbec69b89b Remove redundant and fix forwarded IP in varnish config 
Skip unnecessary methods in haproxy instead of giving extra work to varnish (kept the check in vcl)
 2024-11-29 15:19:11 +11:00
Thomas Lynch
2261c2432f Update varnish with critical transit_buffer option 2024-11-21 22:12:28 +11:00
Thomas Lynch
d0b21d4ce1 Fix BANing 2024-11-13 21:25:58 +11:00
Thomas Lynch
f2ad095874 Add suppoer for handling BAN requests 2024-11-13 21:08:23 +11:00
Thomas Lynch
174609313f Update handling for cookies/authed requests 2024-11-13 16:38:34 +11:00
Thomas Lynch
83c2b397e8 fix max-age parsing, remove some varnish ehaders 2024-11-13 16:15:40 +11:00
Thomas Lynch
0016aa5204 Clean up some sockets locations 
Remove vcl_init for secret initialisation
 2024-11-13 14:20:50 +11:00
Thomas Lynch
bd8079743f add header restriction to cache purging 2024-11-12 20:33:04 +11:00
Thomas Lynch
ad659aa1c5 server name typo 2024-11-12 20:00:14 +11:00
Thomas Lynch
f233c1f06d Switch to unix sockets for varnish<->haproxy comms 
Remove some cruft from old caching
 2024-11-12 19:58:38 +11:00
Thomas Lynch
0d5e39cad1 Implement varnish for caching alongside haproxy, remove using internal haproxy cache 2024-11-12 18:41:02 +11:00
Thomas Lynch
6643e3f7db default to empty string if nil map lookup in css map 2024-10-21 18:14:53 +11:00
Thomas Lynch
f6e1adf1c5 clear css map 2024-10-21 18:11:28 +11:00
Thomas Lynch
7e44a236a1 Add the custom css map (for bot-check page so far) 2024-10-21 00:07:03 +11:00
Thomas Lynch
f9a3798edb Escape first %s in string format, no need to template in %s... 2024-09-17 21:15:59 +10:00
Thomas Lynch
89ff3637d4 Add an optional USE_INTER_FONT to insert inter css tags and extra css for font 
Separate css out into variable to template into body template with first stage template compile
 2024-09-17 21:15:04 +10:00
Thomas Lynch
c2074eec5f Precompute captcha section on startup since its based on (what) an ENV 
Remove unused captcha_backend_name and captcha backend in config, not needed since haproxy 2.7
 2024-09-16 22:30:00 +10:00
Thomas Lynch
601a2b3989 Merge branch 'dev-wl' 2024-09-16 21:13:21 +10:00
Thomas Lynch
45f81f96ae Optimizations, remove a call to string.format, remove an if in else/if for deciding pow and/or captcha check 2024-09-16 21:00:20 +10:00
Thomas Lynch
ab841ef752 Fix the removed return from commenting out updateElem, undoes unnecessary buggy check from previous commit 2024-08-18 19:57:20 +10:00
Thomas Lynch
90df19cbed Update challenge to skip undefined worker answers 2024-08-18 19:51:38 +10:00
Thomas Lynch
f1d827f3b3 Improve red class, make not fullwidth and left aligned text 2024-08-15 23:06:22 +10:00
Thomas Lynch
51e5f82d68 Update challenge.min.js 2024-08-15 22:57:12 +10:00
Thomas Lynch
7ab93e33e7 minify bot check page css 2024-08-15 22:56:30 +10:00
Thomas Lynch
c29a14ffd8 Remove updateelem calls to hide some unnecessary messages in frontend scripts 
Update spacing of some elements on bot check page
 2024-08-15 22:50:29 +10:00
Thomas Lynch
ba62d322a4 Update bot-check page styling 2024-08-15 22:45:17 +10:00
Thomas Lynch
a0ff482b17 Cleanup server registration and fix for Haproxy 3.0 because newline delimited commands are rejected. Now must be separated by semicolon. 2024-07-11 21:10:03 +10:00
Thomas Lynch
f7dc984d60 Testing new ACLs for query string 2024-07-11 21:09:24 +10:00
Thomas Lynch
f6ec537cb0 Test another stick table, track req.query 2024-07-07 23:03:11 +10:00
Thomas Lynch
53a679fc76 add missing global configs for master-worker mode and crt base 2024-06-30 22:36:54 +10:00
Thomas Lynch
5e60a42383 Bump haproxy to 3.0 in docker build 2024-06-11 15:23:33 +10:00
Thomas Lynch
2920f11ffa ditto of jschan repo change 2024-06-07 16:23:40 +10:00
Thomas Lynch
25f702d157 Add ACL so alt-svc header is only sent when geo continent not matching server env 2024-01-28 17:44:07 +11:00