68621ecf8e
set the log format first, +Q vars still show up
2025-03-31 23:53:09 +11:00
9107985f44
Add lfp mapping and include in log line as an example
2025-03-31 23:47:02 +11:00
455612e998
Add custom tfp example for writing custom case scripts, todo make not apply only to captcha
2025-03-31 23:39:27 +11:00
241c04a1b2
Add health check setup in server registration
...
Add observe layer4 inter to default server line
Fix 3rd nginx and update docker-compose
Remove x-haproxy-cn header fetch because it only needs to be a static fetch of haproxy_cn, since the logic overwrite it to be equivalent
2025-03-28 21:27:21 +11:00
842df64c5e
Update haproxy dockerfile for newer lua and fix ca-certificate installation
...
Add verify_none option in server registration (for development testing of SSL backends)
2025-03-16 22:49:00 +11:00
488eb02210
Fix some issues with runtime socket because geo server splitting used invalid character
...
Add additional challenge, not enabled yet
2025-03-16 14:08:39 +11:00
84ddfbc719
Add geo routing to different backends for same domain
2025-03-15 12:45:22 +11:00
c0a2f77f8b
Read from ddos_config table to determine if nojs script should be shown (allowing to be disabled per domain or path
2025-03-09 23:06:59 +11:00
bbec69b89b
Remove redundant and fix forwarded IP in varnish config
...
Skip unnecessary methods in haproxy instead of giving extra work to varnish (kept the check in vcl)
2024-11-29 15:19:11 +11:00
0016aa5204
Clean up some sockets locations
...
Remove vcl_init for secret initialisation
2024-11-13 14:20:50 +11:00
ad659aa1c5
server name typo
2024-11-12 20:00:14 +11:00
f233c1f06d
Switch to unix sockets for varnish<->haproxy comms
...
Remove some cruft from old caching
2024-11-12 19:58:38 +11:00
0d5e39cad1
Implement varnish for caching alongside haproxy, remove using internal haproxy cache
2024-11-12 18:41:02 +11:00
c2074eec5f
Precompute captcha section on startup since its based on (what) an ENV
...
Remove unused captcha_backend_name and captcha backend in config, not needed since haproxy 2.7
2024-09-16 22:30:00 +10:00
f7dc984d60
Testing new ACLs for query string
2024-07-11 21:09:24 +10:00
f6ec537cb0
Test another stick table, track req.query
2024-07-07 23:03:11 +10:00
53a679fc76
add missing global configs for master-worker mode and crt base
2024-06-30 22:36:54 +10:00
25f702d157
Add ACL so alt-svc header is only sent when geo continent not matching server env
2024-01-28 17:44:07 +11:00
3f1852dd1b
Add env var example for maxconn and cache total-max-size
2023-10-19 21:34:02 +11:00
1dd69fd924
Add geo blocking for country and continent, changes get_ip_var lua script section to use two tables
2023-10-15 18:13:52 +11:00
e36add4ee7
Add asn blocking
2023-09-09 21:39:45 +10:00
93cac69798
Make blocked and whitelist maps multi tenant
2023-09-07 16:47:21 +10:00
d687e54d17
Test with updated dataplaneapi for map fix and exclusing backends in sync, change to .yml, and empty backends map
2023-09-03 01:16:14 +10:00
eb82a3d391
ne wjson map format for excluding exits
2023-06-15 22:01:53 +10:00
1df8277ee2
Bugfix to declaration of crawler whitelist map, reduce difficulty for testing
2023-06-10 12:51:56 +10:00
ab5614e702
Revert dockerfile because 2.8 and http/3 still has some issues with lua
2023-06-08 00:14:25 +10:00
b70fd56201
Test with http3 quic and updated dockerfile with haproxy 2.8
2023-06-08 00:00:05 +10:00
10c875e689
update config for crawler-whitelist, cleanup a few things in the example
2023-06-04 13:04:13 +10:00
22b6b4795e
WIP of configurable challenge settings per-domain with a ddos_config map and handling
2023-05-21 20:13:23 +10:00
14922d7e2f
Refactor fetching header for difference between applet and transaction mode.
...
Improve locale_strings map by re json.encode.
Add method to put translation jsons into txn var and read with a json_query fetch inside template files not served by a lua view e.g. maintenance page
2023-05-21 15:18:55 +10:00
88ba9f264b
add /.basedflare/pow-icon (useful with rewrite for custom loading image)
2023-04-29 15:43:35 +10:00
f1cf3f6390
frontend js translations
2023-04-20 21:23:50 +10:00
93c01c05c5
Update redirect to new redirect and rewrite
...
Add example geoip config
Add example alt-svc config
Update README
2023-04-19 21:04:44 +10:00
5fd4ae842c
Add new (optional) auto script to be optionally included in frontend sites, will auto solve POW when low time left
...
Allow bot-check to return json format to be compatible with that
Update challenge script
2023-04-14 01:42:56 +10:00
a6f3613b6a
More concise wording, offer a .min.js for scripts
2023-04-11 21:13:25 +10:00
40da57544a
Support multiple backends per domain with the help of some lua
2023-04-06 22:40:03 +10:00
9478892614
Allow proper ssl verification for backends (With a privately managed CA of course)
2023-03-18 15:21:21 +11:00
5b98b5b15c
simple redirect map
2023-03-04 20:18:54 +11:00
3cc7482084
Fully convert to data plane api
...
Change global ACL to a map to realtime update with data plane api
Change how on setartup servers are registered in lua
2023-02-18 15:14:40 +11:00
875e9e5edd
Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket
2023-02-12 13:17:03 +11:00
9531049aa9
Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout
...
Make cookies sent from captcha/pow response be httponly
2023-02-11 21:39:38 +11:00
08a966c121
Reorganise, move code to not be split between haproxy and src folder
2023-02-11 15:06:35 +11:00
45bc67fae4
Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict
...
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
2023-02-11 14:16:51 +11:00
1c6504e83e
use lua-load-per-thread as per https://cbonte.github.io/haproxy-dconv/2.6/configuration.html\#3.1-lua-load because we don't have any cross request/thread global vars to worry about
2023-01-06 19:04:02 +11:00
64e26f65b5
- Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16
...
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW
Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
2022-10-02 04:57:59 +11:00
4716cf1be2
Improve & cleanup README, docker-compose, haproxy config
2022-09-25 22:54:51 +10:00
a50b35b65d
argon2 implementation
...
- memory and time params customisable as well as "difficulty", default 1 iteration, 6000KB, 3 difficulty.
- updated the noscript bash method to work with argon2
- works in webworkers or main thread, capped at 8 threads (doesn't seem to crash firefox anymore -- we could go higher)
2022-09-24 22:56:55 +10:00
e1c786a1d7
Add example snippet of how to acl/whitelist stats sockte
2022-09-18 19:01:38 +10:00
3f40192d55
Update README with new env vars
...
Remove dataplaneapi junk
2022-09-17 19:22:27 +10:00
598790cb4f
- Fix some docker-compose issues close #14
...
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
2022-09-17 02:45:27 +10:00
