d019440bc0
Move POW proof checking to POST and sign a cookie there, kinda like captcha flow, so we can do a more intensive one without it happening on every request. We just check the hmac now.
...
Still TODO actually converting it to argon, but should be straightforward from this point.
Another advantage of making POW check use POST is a better noscript experience. We now provide a box and "submit" button, so they don't have to mess with setting a cookie.
2022-09-23 00:26:20 +10:00
521f9742c1
revert back to 2 thread max again because turns out firefox didnt get better, just tor limits to 1 thread anyway
2022-09-21 21:32:33 +10:00
614b437667
Add ability to include IPs in challenge hash generation, to lock cookies to IPs (like the pre-sig mode)
2022-09-21 21:31:48 +10:00
20a04f23c2
Change wording for public branch
2022-09-21 19:47:47 +10:00
e1c786a1d7
Add example snippet of how to acl/whitelist stats sockte
2022-09-18 19:01:38 +10:00
0af1a740ab
Make captcha submission automatic and not require clicking a "submit" form button
2022-09-18 01:41:02 +10:00
3f40192d55
Update README with new env vars
...
Remove dataplaneapi junk
2022-09-17 19:22:27 +10:00
d115ca6f46
ref #15
2022-09-17 19:06:37 +10:00
194c5bb96c
Check ssl_fc for whether to set captcha cookie as secure close #15
2022-09-17 18:48:28 +10:00
3f7e48def6
update the nojs terminal script
2022-09-17 04:38:42 +10:00
207c3af05b
Patch some bugs in the updated challenge.js especially related to the fallback mode
2022-09-17 04:04:27 +10:00
598790cb4f
- Fix some docker-compose issues close #14
...
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
2022-09-17 02:45:27 +10:00
7dbc14feb3
remove my grecaptcha secrets (invalidated now thx :^)
2022-09-12 23:43:11 +10:00
0d991770cf
google recaptcha v2 support
2022-09-12 23:37:21 +10:00
c9e007639e
- Make the "checking your browser for robots" look more like cloudflare
...
- Reduce the default concurrency of the frontend script to 2 threads because any higher seems to crash firefox (and its quick enough even with 2 threads anyway)
- Remove the footerlogo from challenge and maintenance page, and update the link
2022-09-10 08:23:09 +10:00
77518cee69
maintenance mode
2022-04-26 07:30:34 +00:00
d3d4b12607
fix in some situations useragent can be nil
2022-04-26 13:07:12 +10:00
05602ced24
update readme
2022-04-25 14:33:30 +10:00
76e9cad8a8
add map for whitelisting ip/subnets. also cleanup the config a bit.
2022-04-25 01:07:57 +10:00
d5a83be478
Change last stage of the noscript command option to bash instead of sh.
...
Even if a lot of distros just symlink sh > bash the script needs to do some substitutions not supported in sh, so it's more correct. Who doesnt have bash these days anyway?
2022-02-20 23:14:39 +11:00
640f80bb56
for noscript users, in pow only mode (not when hcaptcha enabled), the page now includes a small encoded script that will get the correct captcha value. Slower than javascript, but good enough.
2022-02-20 01:01:40 +11:00
1bf8992371
link to repo until new site ready
2022-01-27 22:39:13 +11:00
c3a3648469
readme update,
...
remove ssl from haproxy since its just the docker example
2022-01-22 13:00:31 +11:00
7ea0fe7dc8
improve check for captcha map fetches by domain and domain+path.
...
old code was just dumb, dunno what i was thinking.
now domain+path takes priority and can be lower or hight level, not just higher level than domain only.
2022-01-19 23:15:18 +11:00
e406ac46ca
Merge branch 'lua-httpclient-test'
2022-01-19 18:09:30 +11:00
d38713b4cb
haproxy snapshot fixes bug, and use url biuld query to make body for hcaptcha post
2022-01-19 18:01:08 +11:00
5007106c3a
space to 4 tabs
2022-01-03 01:16:46 +11:00
b63daef8e1
readme fix, improve, remove old shit cli and interaction diagram
2022-01-02 16:52:45 +11:00
52da926ed2
set ssl verify none on template servers
...
make trace for debug plain for no xss and add ms to timestamp
2022-01-02 01:31:21 +11:00
c2be84c4f8
body not sending, needs fix
2021-12-31 00:28:56 +11:00
9787471004
use POST for hcaptcha submission instead of get, since their docs says get is not supported even if it works
2021-12-30 23:50:25 +11:00
2fbba3c8f8
haproxy 2.5 docker
2021-12-30 17:42:24 +11:00
7e2e8d6de3
remove debug template page
2021-12-30 01:41:48 +11:00
83cecb6a18
fhdr for user-agent
2021-12-30 01:25:25 +11:00
ba2880a1d5
dont run setup_servers without the env vars
2021-12-30 00:24:49 +11:00
7de768d731
/cdn-cgi/trace test
2021-12-30 00:13:14 +11:00
e9111471b7
add simple cache and x-cache info header for example/testing
2021-12-28 01:25:15 +11:00
6e32998426
remove unused import
2021-12-28 01:17:59 +11:00
06b28c8650
add dataplaneapi for --save-map-files, and bugfix some small things. custom domain/backendip working pretty well now
2021-12-27 20:42:27 +11:00
9557c06aa1
update, dynamic backends based on hostname ,can be updated live control panel/management socket
2021-12-26 23:56:15 +11:00
6f52ee8977
improved, now handles domain OR path protection with 0, 1, 2 setting for none, pow, captcha
...
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
2021-12-04 21:42:27 +11:00
e6ed817746
update gitignore
2021-12-01 14:00:07 +11:00
727bca1623
close #2
2021-12-01 13:59:14 +11:00
2b0b15781e
fix useragent bug in utils due to not using req_fhdr instead of req_hdr http://cbonte.github.io/haproxy-dconv/2.4/configuration.html\#7.3.6-req.fhdr close #3
2021-12-01 13:55:05 +11:00
bc55ce5a93
reduce concurrency of client check again to max 4 thread
2021-12-01 13:54:21 +11:00
b21cc9e90d
expose port 80 in docker-compsoe example
2021-12-01 13:53:56 +11:00
54be416a39
add crypto.subtle check for lokinet and idiots using non-tor browser for .onion
2021-11-30 02:27:19 +11:00
876d0835bc
change script threads to hardwareconcurrency/2 instead of -1, because it can still cause browsers to be sluggish or crash moreso on powerful machines
2021-11-27 01:02:37 +11:00
6d9ec35d9d
readme improvement
2021-11-26 17:19:12 +11:00
e651d25dbb
remove unnecessary layer of tcp mode for stripping proxy, works just fine without it
2021-11-26 14:43:43 +11:00
