5e9ac793f0
update images, make animated
...
update email in license, duh
2023-02-14 00:47:06 +11:00
80e966b6d4
Revert to 3 dots loader and adjust page style slightly
2023-02-14 00:07:06 +11:00
87f66479d8
- Change to using domain instead of resolving, because cloudflare blocked this even with the host header, and haproxy 2.7 appears to no longer need this 'hack'
...
- Fix issue with matched_expiry being 0 and breaking captcha cookie
- Spacing
2023-02-13 21:59:02 +11:00
5a15eddc4a
rename
2023-02-12 21:25:01 +11:00
52ddc455c9
Merge branch 'next' into 'master'
...
'next' into master
Closes #21 , #18 , and #20
See merge request fatchan/haproxy-protection!3
2023-02-12 02:18:50 +00:00
875e9e5edd
Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket
2023-02-12 13:17:03 +11:00
4e3beaf66d
use 2 threads at least
2023-02-12 09:09:17 +11:00
608a7bc9ef
Update README & LICENSE, definitely belong here now :^)
2023-02-11 23:43:37 +11:00
f231b86544
Ability to choose between sha256 or argon2 with env var close #21
2023-02-11 23:38:59 +11:00
2089d790a2
update INSTALLATION.md
2023-02-11 21:57:03 +11:00
eb92f6c31b
Add back dummy time, shorter (3000ms)
2023-02-11 21:46:29 +11:00
ef938270d8
update docker-compose with correct argon2 envs
2023-02-11 21:45:23 +11:00
9531049aa9
Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout
...
Make cookies sent from captcha/pow response be httponly
2023-02-11 21:39:38 +11:00
9f4c8e8fbb
increase the throttle from 100 -> 1 back to 10 to prevent crashing
2023-02-11 21:05:47 +11:00
1612e342ee
rename BUCKET_DURATION since its now an expiry time
2023-02-11 21:05:10 +11:00
6e5cf2af31
Make cookie expiry based on issued expiry date from challenge date instead of all expiring on bucket.
...
Fixes potential issue of challenges being incorrect if solved right on the bucket change
Allows to solve a challenge at any time (even in the background) and not see the challenge page twice in a small period
Allows for backend to make dynamic expiry of tokens e.g make tor tokens or based on IP reputation not last as long (not implemented atm)
Close #20
2023-02-11 20:57:21 +11:00
a303689641
Close #18 make answers and redirect calls shared between tabs with localstorage to not solve and submit answer multiple times when opening multiple tabs/bookmarks, etc
2023-02-11 16:08:44 +11:00
08a966c121
Reorganise, move code to not be split between haproxy and src folder
2023-02-11 15:06:35 +11:00
0d56079960
Rename POW vars to separately argon_ for argon2 stuff, improve readme and split out INSTALLATION into separate file
2023-02-11 14:43:55 +11:00
4637df4745
add missing basedflare paths to worker and challenge includes
2023-02-11 14:22:34 +11:00
16767e0a97
Add updated maintenance.html with template vars for lf-file
2023-02-11 14:18:36 +11:00
45bc67fae4
Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict
...
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
2023-02-11 14:16:51 +11:00
1c6504e83e
use lua-load-per-thread as per https://cbonte.github.io/haproxy-dconv/2.6/configuration.html\#3.1-lua-load because we don't have any cross request/thread global vars to worry about
2023-01-06 19:04:02 +11:00
b593be8627
Add some reasonable limits to cookie parsing, reduce impact of possible attack
2023-01-06 19:02:20 +11:00
9c17d5b8fc
update url lib, change default settings
2022-11-06 13:42:26 +11:00
d61f320ba9
Dont show negative seconds
2022-10-03 08:36:30 +11:00
c61dd4caa2
No need to div/multiply
2022-10-03 08:36:10 +11:00
fb69c46574
Floor remaining time, remove .
2022-10-02 22:15:06 +11:00
4dd6eec87e
Show pow speed, and estimate remaining time
2022-10-02 22:11:38 +11:00
64e26f65b5
- Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16
...
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW
Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
2022-10-02 04:57:59 +11:00
eb1dc3e378
Slightly change/improve max used cpu threads, and make tor use all that it has
2022-10-01 15:43:14 +10:00
efe430cf3b
Add check for Webassembly support, and error if unsupported
...
Improve errors for 400/500 and failed but check post
Remove spinner when inserting error
2022-10-01 15:36:15 +10:00
eede92d47d
Allow a bit better granularity for the difficulty. Recommend an "easier" challenge in terms of memory and iterations, but higher diff.
...
Make failed request for captcha/bot form show a little error text.
Make CHALLENGE_INCLUDES_IP "1" = on, anything else = off instead of needing to be unset.
2022-10-01 15:33:48 +10:00
434756a7a1
If this fixes what I think it fixes, ill eat my fucking shoe
2022-09-29 21:54:58 +10:00
b43d207847
Make cookie apply to all subdomains
2022-09-28 00:41:04 +10:00
4716cf1be2
Improve & cleanup README, docker-compose, haproxy config
2022-09-25 22:54:51 +10:00
84fe5037b9
Make the staggered start work properly
2022-09-25 14:34:21 +10:00
a6b6bc1510
word-break:break-all on header which can contain long domain name
2022-09-25 00:40:52 +10:00
fe972b0868
Remove unused times variable
2022-09-24 23:11:05 +10:00
a50b35b65d
argon2 implementation
...
- memory and time params customisable as well as "difficulty", default 1 iteration, 6000KB, 3 difficulty.
- updated the noscript bash method to work with argon2
- works in webworkers or main thread, capped at 8 threads (doesn't seem to crash firefox anymore -- we could go higher)
2022-09-24 22:56:55 +10:00
ea3f8bf291
Small docker improvement for better testing/development (no more 503)
2022-09-23 00:41:33 +10:00
d019440bc0
Move POW proof checking to POST and sign a cookie there, kinda like captcha flow, so we can do a more intensive one without it happening on every request. We just check the hmac now.
...
Still TODO actually converting it to argon, but should be straightforward from this point.
Another advantage of making POW check use POST is a better noscript experience. We now provide a box and "submit" button, so they don't have to mess with setting a cookie.
2022-09-23 00:26:20 +10:00
521f9742c1
revert back to 2 thread max again because turns out firefox didnt get better, just tor limits to 1 thread anyway
2022-09-21 21:32:33 +10:00
614b437667
Add ability to include IPs in challenge hash generation, to lock cookies to IPs (like the pre-sig mode)
2022-09-21 21:31:48 +10:00
20a04f23c2
Change wording for public branch
2022-09-21 19:47:47 +10:00
e1c786a1d7
Add example snippet of how to acl/whitelist stats sockte
2022-09-18 19:01:38 +10:00
0af1a740ab
Make captcha submission automatic and not require clicking a "submit" form button
2022-09-18 01:41:02 +10:00
3f40192d55
Update README with new env vars
...
Remove dataplaneapi junk
2022-09-17 19:22:27 +10:00
d115ca6f46
ref #15
2022-09-17 19:06:37 +10:00
194c5bb96c
Check ssl_fc for whether to set captcha cookie as secure close #15
2022-09-17 18:48:28 +10:00
