842df64c5e
Update haproxy dockerfile for newer lua and fix ca-certificate installation
...
Add verify_none option in server registration (for development testing of SSL backends)
2025-03-16 22:49:00 +11:00
30eb129bd8
Push ssl testing
2025-03-16 15:55:49 +11:00
84ddfbc719
Add geo routing to different backends for same domain
2025-03-15 12:45:22 +11:00
c0a2f77f8b
Read from ddos_config table to determine if nojs script should be shown (allowing to be disabled per domain or path
2025-03-09 23:06:59 +11:00
f233c1f06d
Switch to unix sockets for varnish<->haproxy comms
...
Remove some cruft from old caching
2024-11-12 19:58:38 +11:00
0d5e39cad1
Implement varnish for caching alongside haproxy, remove using internal haproxy cache
2024-11-12 18:41:02 +11:00
89ff3637d4
Add an optional USE_INTER_FONT to insert inter css tags and extra css for font
...
Separate css out into variable to template into body template with first stage template compile
2024-09-17 21:15:04 +10:00
f7dc984d60
Testing new ACLs for query string
2024-07-11 21:09:24 +10:00
25f702d157
Add ACL so alt-svc header is only sent when geo continent not matching server env
2024-01-28 17:44:07 +11:00
3f1852dd1b
Add env var example for maxconn and cache total-max-size
2023-10-19 21:34:02 +11:00
d687e54d17
Test with updated dataplaneapi for map fix and exclusing backends in sync, change to .yml, and empty backends map
2023-09-03 01:16:14 +10:00
bdd2213c6b
haproxy 2.8 dockerfile, remove testing cert, change ddos map for json testing
2023-06-15 22:02:42 +10:00
1df8277ee2
Bugfix to declaration of crawler whitelist map, reduce difficulty for testing
2023-06-10 12:51:56 +10:00
b70fd56201
Test with http3 quic and updated dockerfile with haproxy 2.8
2023-06-08 00:00:05 +10:00
10c875e689
update config for crawler-whitelist, cleanup a few things in the example
2023-06-04 13:04:13 +10:00
22b6b4795e
WIP of configurable challenge settings per-domain with a ddos_config map and handling
2023-05-21 20:13:23 +10:00
2af32627eb
Start on localisation ref #22
2023-04-19 23:08:15 +10:00
3cc7482084
Fully convert to data plane api
...
Change global ACL to a map to realtime update with data plane api
Change how on setartup servers are registered in lua
2023-02-18 15:14:40 +11:00
875e9e5edd
Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket
2023-02-12 13:17:03 +11:00
f231b86544
Ability to choose between sha256 or argon2 with env var close #21
2023-02-11 23:38:59 +11:00
ef938270d8
update docker-compose with correct argon2 envs
2023-02-11 21:45:23 +11:00
9531049aa9
Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout
...
Make cookies sent from captcha/pow response be httponly
2023-02-11 21:39:38 +11:00
1612e342ee
rename BUCKET_DURATION since its now an expiry time
2023-02-11 21:05:10 +11:00
a303689641
Close #18 make answers and redirect calls shared between tabs with localstorage to not solve and submit answer multiple times when opening multiple tabs/bookmarks, etc
2023-02-11 16:08:44 +11:00
08a966c121
Reorganise, move code to not be split between haproxy and src folder
2023-02-11 15:06:35 +11:00
64e26f65b5
- Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16
...
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW
Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
2022-10-02 04:57:59 +11:00
eede92d47d
Allow a bit better granularity for the difficulty. Recommend an "easier" challenge in terms of memory and iterations, but higher diff.
...
Make failed request for captcha/bot form show a little error text.
Make CHALLENGE_INCLUDES_IP "1" = on, anything else = off instead of needing to be unset.
2022-10-01 15:33:48 +10:00
4716cf1be2
Improve & cleanup README, docker-compose, haproxy config
2022-09-25 22:54:51 +10:00
a50b35b65d
argon2 implementation
...
- memory and time params customisable as well as "difficulty", default 1 iteration, 6000KB, 3 difficulty.
- updated the noscript bash method to work with argon2
- works in webworkers or main thread, capped at 8 threads (doesn't seem to crash firefox anymore -- we could go higher)
2022-09-24 22:56:55 +10:00
ea3f8bf291
Small docker improvement for better testing/development (no more 503)
2022-09-23 00:41:33 +10:00
614b437667
Add ability to include IPs in challenge hash generation, to lock cookies to IPs (like the pre-sig mode)
2022-09-21 21:31:48 +10:00
0af1a740ab
Make captcha submission automatic and not require clicking a "submit" form button
2022-09-18 01:41:02 +10:00
3f40192d55
Update README with new env vars
...
Remove dataplaneapi junk
2022-09-17 19:22:27 +10:00
598790cb4f
- Fix some docker-compose issues close #14
...
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
2022-09-17 02:45:27 +10:00
7dbc14feb3
remove my grecaptcha secrets (invalidated now thx :^)
2022-09-12 23:43:11 +10:00
0d991770cf
google recaptcha v2 support
2022-09-12 23:37:21 +10:00
e406ac46ca
Merge branch 'lua-httpclient-test'
2022-01-19 18:09:30 +11:00
52da926ed2
set ssl verify none on template servers
...
make trace for debug plain for no xss and add ms to timestamp
2022-01-02 01:31:21 +11:00
2fbba3c8f8
haproxy 2.5 docker
2021-12-30 17:42:24 +11:00
7de768d731
/cdn-cgi/trace test
2021-12-30 00:13:14 +11:00
06b28c8650
add dataplaneapi for --save-map-files, and bugfix some small things. custom domain/backendip working pretty well now
2021-12-27 20:42:27 +11:00
9557c06aa1
update, dynamic backends based on hostname ,can be updated live control panel/management socket
2021-12-26 23:56:15 +11:00
6f52ee8977
improved, now handles domain OR path protection with 0, 1, 2 setting for none, pow, captcha
...
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
2021-12-04 21:42:27 +11:00
727bca1623
close #2
2021-12-01 13:59:14 +11:00
b21cc9e90d
expose port 80 in docker-compsoe example
2021-12-01 13:53:56 +11:00
6d9ec35d9d
readme improvement
2021-11-26 17:19:12 +11:00
bec6bddf40
close #4
2021-11-26 00:27:47 +11:00
c16a554754
charset=utf8 to some service repsonses, "ray id" show in captcha page
2021-11-25 18:20:31 +11:00
48382434c4
change haproxy pathing from /usr/share/etc to /etc
2021-11-25 18:16:07 +11:00
508e45ae9c
change path for scripts
2021-11-24 12:09:38 +11:00
