Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
91 Commits 2 Branches 1 Tag
ea3f8bf291ae244247d0432f95d6665422238bc0
Commit Graph

91 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Lynch
ea3f8bf291 Small docker improvement for better testing/development (no more 503) 2022-09-23 00:41:33 +10:00
Thomas Lynch
d019440bc0 Move POW proof checking to POST and sign a cookie there, kinda like captcha flow, so we can do a more intensive one without it happening on every request. We just check the hmac now. 
Still TODO actually converting it to argon, but should be straightforward from this point.
Another advantage of making POW check use POST is a better noscript experience. We now provide a box and "submit" button, so they don't have to mess with setting a cookie.
 2022-09-23 00:26:20 +10:00
Thomas Lynch
521f9742c1 revert back to 2 thread max again because turns out firefox didnt get better, just tor limits to 1 thread anyway 2022-09-21 21:32:33 +10:00
Thomas Lynch
614b437667 Add ability to include IPs in challenge hash generation, to lock cookies to IPs (like the pre-sig mode) 2022-09-21 21:31:48 +10:00
Thomas Lynch
20a04f23c2 Change wording for public branch 2022-09-21 19:47:47 +10:00
Thomas Lynch
e1c786a1d7 Add example snippet of how to acl/whitelist stats sockte 2022-09-18 19:01:38 +10:00
Thomas Lynch
0af1a740ab Make captcha submission automatic and not require clicking a "submit" form button 2022-09-18 01:41:02 +10:00
Thomas Lynch
3f40192d55 Update README with new env vars 
Remove dataplaneapi junk
 2022-09-17 19:22:27 +10:00
Thomas Lynch
d115ca6f46 ref #15 2022-09-17 19:06:37 +10:00
Thomas Lynch
194c5bb96c Check ssl_fc for whether to set captcha cookie as secure close #15 2022-09-17 18:48:28 +10:00
Thomas Lynch
3f7e48def6 update the nojs terminal script 2022-09-17 04:38:42 +10:00
Thomas Lynch
207c3af05b Patch some bugs in the updated challenge.js especially related to the fallback mode 2022-09-17 04:04:27 +10:00
Thomas Lynch
598790cb4f - Fix some docker-compose issues close #14 
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
 2022-09-17 02:45:27 +10:00
Thomas Lynch
7dbc14feb3 remove my grecaptcha secrets (invalidated now thx :^) 2022-09-12 23:43:11 +10:00
Thomas Lynch
0d991770cf google recaptcha v2 support 2022-09-12 23:37:21 +10:00
Thomas Lynch
c9e007639e - Make the "checking your browser for robots" look more like cloudflare 
- Reduce the default concurrency of the frontend script to 2 threads because any higher seems to crash firefox (and its quick enough even with 2 threads anyway)
- Remove the footerlogo from challenge and maintenance page, and update the link
 2022-09-10 08:23:09 +10:00
Thomas Lynch
77518cee69 maintenance mode 2022-04-26 07:30:34 +00:00
Thomas Lynch
d3d4b12607 fix in some situations useragent can be nil 2022-04-26 13:07:12 +10:00
Thomas Lynch
05602ced24 update readme 2022-04-25 14:33:30 +10:00
Thomas Lynch
76e9cad8a8 add map for whitelisting ip/subnets. also cleanup the config a bit. 2022-04-25 01:07:57 +10:00
Thomas Lynch
d5a83be478 Change last stage of the noscript command option to bash instead of sh. 
Even if a lot of distros just symlink sh > bash the script needs to do some substitutions not supported in sh, so it's more correct. Who doesnt have bash these days anyway?
 2022-02-20 23:14:39 +11:00
Thomas Lynch
640f80bb56 for noscript users, in pow only mode (not when hcaptcha enabled), the page now includes a small encoded script that will get the correct captcha value. Slower than javascript, but good enough. 2022-02-20 01:01:40 +11:00
Thomas Lynch
1bf8992371 link to repo until new site ready 2022-01-27 22:39:13 +11:00
Thomas Lynch
c3a3648469 readme update, 
remove ssl from haproxy since its just the docker example
 2022-01-22 13:00:31 +11:00
Thomas Lynch
7ea0fe7dc8 improve check for captcha map fetches by domain and domain+path. 
old code was just dumb, dunno what i was thinking.
now domain+path takes priority and can be lower or hight level, not just higher level than domain only.
 2022-01-19 23:15:18 +11:00
Thomas Lynch
e406ac46ca Merge branch 'lua-httpclient-test' 2022-01-19 18:09:30 +11:00
Thomas Lynch
d38713b4cb haproxy snapshot fixes bug, and use url biuld query to make body for hcaptcha post 2022-01-19 18:01:08 +11:00
Thomas Lynch
5007106c3a space to 4 tabs 2022-01-03 01:16:46 +11:00
Thomas Lynch
b63daef8e1 readme fix, improve, remove old shit cli and interaction diagram 2022-01-02 16:52:45 +11:00
Thomas Lynch
52da926ed2 set ssl verify none on template servers 
make trace for debug plain for no xss and add ms to timestamp
 2022-01-02 01:31:21 +11:00
Thomas Lynch
c2be84c4f8 body not sending, needs fix 2021-12-31 00:28:56 +11:00
Thomas Lynch
9787471004 use POST for hcaptcha submission instead of get, since their docs says get is not supported even if it works 2021-12-30 23:50:25 +11:00
Thomas Lynch
2fbba3c8f8 haproxy 2.5 docker 2021-12-30 17:42:24 +11:00
Thomas Lynch
7e2e8d6de3 remove debug template page 2021-12-30 01:41:48 +11:00
Thomas Lynch
83cecb6a18 fhdr for user-agent 2021-12-30 01:25:25 +11:00
Thomas Lynch
ba2880a1d5 dont run setup_servers without the env vars 2021-12-30 00:24:49 +11:00
Thomas Lynch
7de768d731 /cdn-cgi/trace test 2021-12-30 00:13:14 +11:00
Thomas Lynch
e9111471b7 add simple cache and x-cache info header for example/testing 2021-12-28 01:25:15 +11:00
Thomas Lynch
6e32998426 remove unused import 2021-12-28 01:17:59 +11:00
Thomas Lynch
06b28c8650 add dataplaneapi for --save-map-files, and bugfix some small things. custom domain/backendip working pretty well now 2021-12-27 20:42:27 +11:00
Thomas Lynch
9557c06aa1 update, dynamic backends based on hostname ,can be updated live control panel/management socket 2021-12-26 23:56:15 +11:00
Thomas Lynch
6f52ee8977 improved, now handles domain OR path protection with 0, 1, 2 setting for none, pow, captcha 
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
 2021-12-04 21:42:27 +11:00
Thomas Lynch
e6ed817746 update gitignore 2021-12-01 14:00:07 +11:00
Thomas Lynch
727bca1623 close #2 2021-12-01 13:59:14 +11:00
Thomas Lynch
2b0b15781e fix useragent bug in utils due to not using req_fhdr instead of req_hdr http://cbonte.github.io/haproxy-dconv/2.4/configuration.html\#7.3.6-req.fhdr close #3 2021-12-01 13:55:05 +11:00
Thomas Lynch
bc55ce5a93 reduce concurrency of client check again to max 4 thread 2021-12-01 13:54:21 +11:00
Thomas Lynch
b21cc9e90d expose port 80 in docker-compsoe example 2021-12-01 13:53:56 +11:00
Thomas Lynch
54be416a39 add crypto.subtle check for lokinet and idiots using non-tor browser for .onion 2021-11-30 02:27:19 +11:00
Thomas Lynch
876d0835bc change script threads to hardwareconcurrency/2 instead of -1, because it can still cause browsers to be sluggish or crash moreso on powerful machines 2021-11-27 01:02:37 +11:00
Thomas Lynch
6d9ec35d9d readme improvement 2021-11-26 17:19:12 +11:00