Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
275 Commits 2 Branches 1 Tag
a259d5189ffbc4820001c01706297bfdaf1fc30e
Commit Graph

68 Commits

Author SHA1 Message Date
Thomas Lynch
84ddfbc719 Add geo routing to different backends for same domain 2025-03-15 12:45:22 +11:00
Thomas Lynch
c0a2f77f8b Read from ddos_config table to determine if nojs script should be shown (allowing to be disabled per domain or path 2025-03-09 23:06:59 +11:00
Thomas Lynch
bbec69b89b Remove redundant and fix forwarded IP in varnish config 
Skip unnecessary methods in haproxy instead of giving extra work to varnish (kept the check in vcl)
 2024-11-29 15:19:11 +11:00
Thomas Lynch
0016aa5204 Clean up some sockets locations 
Remove vcl_init for secret initialisation
 2024-11-13 14:20:50 +11:00
Thomas Lynch
ad659aa1c5 server name typo 2024-11-12 20:00:14 +11:00
Thomas Lynch
f233c1f06d Switch to unix sockets for varnish<->haproxy comms 
Remove some cruft from old caching
 2024-11-12 19:58:38 +11:00
Thomas Lynch
0d5e39cad1 Implement varnish for caching alongside haproxy, remove using internal haproxy cache 2024-11-12 18:41:02 +11:00
Thomas Lynch
c2074eec5f Precompute captcha section on startup since its based on (what) an ENV 
Remove unused captcha_backend_name and captcha backend in config, not needed since haproxy 2.7
 2024-09-16 22:30:00 +10:00
Thomas Lynch
f7dc984d60 Testing new ACLs for query string 2024-07-11 21:09:24 +10:00
Thomas Lynch
f6ec537cb0 Test another stick table, track req.query 2024-07-07 23:03:11 +10:00
Thomas Lynch
53a679fc76 add missing global configs for master-worker mode and crt base 2024-06-30 22:36:54 +10:00
Thomas Lynch
25f702d157 Add ACL so alt-svc header is only sent when geo continent not matching server env 2024-01-28 17:44:07 +11:00
Thomas Lynch
3f1852dd1b Add env var example for maxconn and cache total-max-size 2023-10-19 21:34:02 +11:00
Thomas Lynch
1dd69fd924 Add geo blocking for country and continent, changes get_ip_var lua script section to use two tables 2023-10-15 18:13:52 +11:00
Thomas Lynch
e36add4ee7 Add asn blocking 2023-09-09 21:39:45 +10:00
Thomas Lynch
93cac69798 Make blocked and whitelist maps multi tenant 2023-09-07 16:47:21 +10:00
Thomas Lynch
d687e54d17 Test with updated dataplaneapi for map fix and exclusing backends in sync, change to .yml, and empty backends map 2023-09-03 01:16:14 +10:00
Thomas Lynch
eb82a3d391 ne wjson map format for excluding exits 2023-06-15 22:01:53 +10:00
Thomas Lynch
1df8277ee2 Bugfix to declaration of crawler whitelist map, reduce difficulty for testing 2023-06-10 12:51:56 +10:00
Thomas Lynch
ab5614e702 Revert dockerfile because 2.8 and http/3 still has some issues with lua 2023-06-08 00:14:25 +10:00
Thomas Lynch
b70fd56201 Test with http3 quic and updated dockerfile with haproxy 2.8 2023-06-08 00:00:05 +10:00
Thomas Lynch
10c875e689 update config for crawler-whitelist, cleanup a few things in the example 2023-06-04 13:04:13 +10:00
Thomas Lynch
22b6b4795e WIP of configurable challenge settings per-domain with a ddos_config map and handling 2023-05-21 20:13:23 +10:00
Thomas Lynch
14922d7e2f Refactor fetching header for difference between applet and transaction mode. 
Improve locale_strings map by re json.encode.
Add method to put translation jsons into txn var and read with a json_query fetch inside template files not served by a lua view e.g. maintenance page
 2023-05-21 15:18:55 +10:00
Thomas Lynch
88ba9f264b add /.basedflare/pow-icon (useful with rewrite for custom loading image) 2023-04-29 15:43:35 +10:00
Thomas Lynch
f1cf3f6390 frontend js translations 2023-04-20 21:23:50 +10:00
Thomas Lynch
93c01c05c5 Update redirect to new redirect and rewrite 
Add example geoip config
Add example alt-svc config
Update README
 2023-04-19 21:04:44 +10:00
Thomas Lynch
5fd4ae842c Add new (optional) auto script to be optionally included in frontend sites, will auto solve POW when low time left 
Allow bot-check to return json format to be compatible with that
Update challenge script
 2023-04-14 01:42:56 +10:00
Thomas Lynch
a6f3613b6a More concise wording, offer a .min.js for scripts 2023-04-11 21:13:25 +10:00
Thomas Lynch
40da57544a Support multiple backends per domain with the help of some lua 2023-04-06 22:40:03 +10:00
Thomas Lynch
9478892614 Allow proper ssl verification for backends (With a privately managed CA of course) 2023-03-18 15:21:21 +11:00
Thomas Lynch
5b98b5b15c simple redirect map 2023-03-04 20:18:54 +11:00
Thomas Lynch
3cc7482084 Fully convert to data plane api 
Change global ACL to a map to realtime update with data plane api
Change how on setartup servers are registered in lua
 2023-02-18 15:14:40 +11:00
Thomas Lynch
875e9e5edd Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket 2023-02-12 13:17:03 +11:00
Thomas Lynch
9531049aa9 Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout 
Make cookies sent from captcha/pow response be httponly
 2023-02-11 21:39:38 +11:00
Thomas Lynch
08a966c121 Reorganise, move code to not be split between haproxy and src folder 2023-02-11 15:06:35 +11:00
Thomas Lynch
45bc67fae4 Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict 
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
 2023-02-11 14:16:51 +11:00
Thomas Lynch
1c6504e83e use lua-load-per-thread as per https://cbonte.github.io/haproxy-dconv/2.6/configuration.html\#3.1-lua-load because we don't have any cross request/thread global vars to worry about 2023-01-06 19:04:02 +11:00
Thomas Lynch
64e26f65b5 - Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16 
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW

Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
 2022-10-02 04:57:59 +11:00
Thomas Lynch
4716cf1be2 Improve & cleanup README, docker-compose, haproxy config 2022-09-25 22:54:51 +10:00
Thomas Lynch
a50b35b65d argon2 implementation 
- memory and time params customisable as well as "difficulty", default 1 iteration, 6000KB, 3 difficulty.
- updated the noscript bash method to work with argon2
- works in webworkers or main thread, capped at 8 threads (doesn't seem to crash firefox anymore -- we could go higher)
 2022-09-24 22:56:55 +10:00
Thomas Lynch
e1c786a1d7 Add example snippet of how to acl/whitelist stats sockte 2022-09-18 19:01:38 +10:00
Thomas Lynch
3f40192d55 Update README with new env vars 
Remove dataplaneapi junk
 2022-09-17 19:22:27 +10:00
Thomas Lynch
598790cb4f - Fix some docker-compose issues close #14 
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
 2022-09-17 02:45:27 +10:00
Thomas Lynch
0d991770cf google recaptcha v2 support 2022-09-12 23:37:21 +10:00
Thomas Lynch
77518cee69 maintenance mode 2022-04-26 07:30:34 +00:00
Thomas Lynch
76e9cad8a8 add map for whitelisting ip/subnets. also cleanup the config a bit. 2022-04-25 01:07:57 +10:00
Thomas Lynch
c3a3648469 readme update, 
remove ssl from haproxy since its just the docker example
 2022-01-22 13:00:31 +11:00
Thomas Lynch
52da926ed2 set ssl verify none on template servers 
make trace for debug plain for no xss and add ms to timestamp
 2022-01-02 01:31:21 +11:00
Thomas Lynch
7e2e8d6de3 remove debug template page 2021-12-30 01:41:48 +11:00