c28e4d438e
Remove unnecessary code in getpath method
2023-08-06 19:22:09 +10:00
a82483224b
Fix issue with pplet.qs taking whole query but not parsing the path out of it for the map loopup, caused issues with selecting captcha mode
2023-08-06 17:45:52 +10:00
aee6cf9899
Update minified script
2023-07-20 01:14:04 +10:00
faaf1fb743
Actually fix that
2023-07-20 01:11:23 +10:00
844cff1baa
Don't check for wasm support when using sha256 challenge type
2023-07-19 20:55:48 +10:00
eb82a3d391
ne wjson map format for excluding exits
2023-06-15 22:01:53 +10:00
fa4680aaa6
Add translation json_query vars to error pages thanks to @l29utp0
2023-06-04 12:51:34 +10:00
22b6b4795e
WIP of configurable challenge settings per-domain with a ddos_config map and handling
2023-05-21 20:13:23 +10:00
14922d7e2f
Refactor fetching header for difference between applet and transaction mode.
...
Improve locale_strings map by re json.encode.
Add method to put translation jsons into txn var and read with a json_query fetch inside template files not served by a lua view e.g. maintenance page
2023-05-21 15:18:55 +10:00
c93ca7f16c
Remove . prefix on cookie domain
2023-04-29 23:02:13 +10:00
32c5e2dfca
Fix using incorrect prompt for noscript sha256 vs argon2
2023-04-29 22:57:34 +10:00
88e954575f
copy pt pt o pt br
2023-04-29 18:56:15 +10:00
88ba9f264b
add /.basedflare/pow-icon (useful with rewrite for custom loading image)
2023-04-29 15:43:35 +10:00
88345216dd
minify js
2023-04-20 21:29:59 +10:00
f1cf3f6390
frontend js translations
2023-04-20 21:23:50 +10:00
2af32627eb
Start on localisation ref #22
2023-04-19 23:08:15 +10:00
615049a59e
Update auto script
2023-04-15 00:27:18 +10:00
493bfd88f9
Add and improve auto background solve
2023-04-14 21:47:01 +10:00
8523a87592
Fix auto.js minification breaking and window for argon check
2023-04-14 01:58:05 +10:00
5e2943064a
Move ...s in template
2023-04-14 01:44:52 +10:00
5fd4ae842c
Add new (optional) auto script to be optionally included in frontend sites, will auto solve POW when low time left
...
Allow bot-check to return json format to be compatible with that
Update challenge script
2023-04-14 01:42:56 +10:00
a6f3613b6a
More concise wording, offer a .min.js for scripts
2023-04-11 21:13:25 +10:00
8b361f89c5
Image on bot-check adn css tweak, change footers to basedflare link in template, maintenance, bot-check
2023-04-10 17:48:44 +10:00
37bbec9f3b
add missing map
2023-04-06 22:47:21 +10:00
40da57544a
Support multiple backends per domain with the help of some lua
2023-04-06 22:40:03 +10:00
35668c9b58
adjust dummytime logic and start time
2023-03-23 01:13:41 +11:00
94567f69ff
Improve appearance and affordance of challenge pages with some template and js tweaks
2023-03-19 13:07:41 +11:00
9478892614
Allow proper ssl verification for backends (With a privately managed CA of course)
2023-03-18 15:21:21 +11:00
521e4ab335
not bold h3, hide generic favicon, white bg instead off offwhite
2023-03-06 19:47:50 +11:00
4c97df8fb1
test ssl verify none to backends
2023-03-02 22:18:25 +11:00
3cc7482084
Fully convert to data plane api
...
Change global ACL to a map to realtime update with data plane api
Change how on setartup servers are registered in lua
2023-02-18 15:14:40 +11:00
80e966b6d4
Revert to 3 dots loader and adjust page style slightly
2023-02-14 00:07:06 +11:00
87f66479d8
- Change to using domain instead of resolving, because cloudflare blocked this even with the host header, and haproxy 2.7 appears to no longer need this 'hack'
...
- Fix issue with matched_expiry being 0 and breaking captcha cookie
- Spacing
2023-02-13 21:59:02 +11:00
4e3beaf66d
use 2 threads at least
2023-02-12 09:09:17 +11:00
f231b86544
Ability to choose between sha256 or argon2 with env var close #21
2023-02-11 23:38:59 +11:00
eb92f6c31b
Add back dummy time, shorter (3000ms)
2023-02-11 21:46:29 +11:00
9531049aa9
Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout
...
Make cookies sent from captcha/pow response be httponly
2023-02-11 21:39:38 +11:00
9f4c8e8fbb
increase the throttle from 100 -> 1 back to 10 to prevent crashing
2023-02-11 21:05:47 +11:00
1612e342ee
rename BUCKET_DURATION since its now an expiry time
2023-02-11 21:05:10 +11:00
6e5cf2af31
Make cookie expiry based on issued expiry date from challenge date instead of all expiring on bucket.
...
Fixes potential issue of challenges being incorrect if solved right on the bucket change
Allows to solve a challenge at any time (even in the background) and not see the challenge page twice in a small period
Allows for backend to make dynamic expiry of tokens e.g make tor tokens or based on IP reputation not last as long (not implemented atm)
Close #20
2023-02-11 20:57:21 +11:00
a303689641
Close #18 make answers and redirect calls shared between tabs with localstorage to not solve and submit answer multiple times when opening multiple tabs/bookmarks, etc
2023-02-11 16:08:44 +11:00
08a966c121
Reorganise, move code to not be split between haproxy and src folder
2023-02-11 15:06:35 +11:00
0d56079960
Rename POW vars to separately argon_ for argon2 stuff, improve readme and split out INSTALLATION into separate file
2023-02-11 14:43:55 +11:00
45bc67fae4
Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict
...
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
2023-02-11 14:16:51 +11:00
b593be8627
Add some reasonable limits to cookie parsing, reduce impact of possible attack
2023-01-06 19:02:20 +11:00
9c17d5b8fc
update url lib, change default settings
2022-11-06 13:42:26 +11:00
4dd6eec87e
Show pow speed, and estimate remaining time
2022-10-02 22:11:38 +11:00
64e26f65b5
- Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16
...
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW
Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
2022-10-02 04:57:59 +11:00
eede92d47d
Allow a bit better granularity for the difficulty. Recommend an "easier" challenge in terms of memory and iterations, but higher diff.
...
Make failed request for captcha/bot form show a little error text.
Make CHALLENGE_INCLUDES_IP "1" = on, anything else = off instead of needing to be unset.
2022-10-01 15:33:48 +10:00
434756a7a1
If this fixes what I think it fixes, ill eat my fucking shoe
2022-09-29 21:54:58 +10:00
