Cavemanon/haproxy-protection
9
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
91 Commits 2 Branches 1 Tag
ea3f8bf291ae244247d0432f95d6665422238bc0
Commit Graph

44 Commits

Author SHA1 Message Date
Thomas Lynch
ea3f8bf291 Small docker improvement for better testing/development (no more 503) 2022-09-23 00:41:33 +10:00
Thomas Lynch
d019440bc0 Move POW proof checking to POST and sign a cookie there, kinda like captcha flow, so we can do a more intensive one without it happening on every request. We just check the hmac now. 
Still TODO actually converting it to argon, but should be straightforward from this point.
Another advantage of making POW check use POST is a better noscript experience. We now provide a box and "submit" button, so they don't have to mess with setting a cookie.
 2022-09-23 00:26:20 +10:00
Thomas Lynch
521f9742c1 revert back to 2 thread max again because turns out firefox didnt get better, just tor limits to 1 thread anyway 2022-09-21 21:32:33 +10:00
Thomas Lynch
e1c786a1d7 Add example snippet of how to acl/whitelist stats sockte 2022-09-18 19:01:38 +10:00
Thomas Lynch
0af1a740ab Make captcha submission automatic and not require clicking a "submit" form button 2022-09-18 01:41:02 +10:00
Thomas Lynch
3f40192d55 Update README with new env vars 
Remove dataplaneapi junk
 2022-09-17 19:22:27 +10:00
Thomas Lynch
207c3af05b Patch some bugs in the updated challenge.js especially related to the fallback mode 2022-09-17 04:04:27 +10:00
Thomas Lynch
598790cb4f - Fix some docker-compose issues close #14 
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
 2022-09-17 02:45:27 +10:00
Thomas Lynch
0d991770cf google recaptcha v2 support 2022-09-12 23:37:21 +10:00
Thomas Lynch
c9e007639e - Make the "checking your browser for robots" look more like cloudflare 
- Reduce the default concurrency of the frontend script to 2 threads because any higher seems to crash firefox (and its quick enough even with 2 threads anyway)
- Remove the footerlogo from challenge and maintenance page, and update the link
 2022-09-10 08:23:09 +10:00
Thomas Lynch
77518cee69 maintenance mode 2022-04-26 07:30:34 +00:00
Thomas Lynch
76e9cad8a8 add map for whitelisting ip/subnets. also cleanup the config a bit. 2022-04-25 01:07:57 +10:00
Thomas Lynch
c3a3648469 readme update, 
remove ssl from haproxy since its just the docker example
 2022-01-22 13:00:31 +11:00
Thomas Lynch
e406ac46ca Merge branch 'lua-httpclient-test' 2022-01-19 18:09:30 +11:00
Thomas Lynch
d38713b4cb haproxy snapshot fixes bug, and use url biuld query to make body for hcaptcha post 2022-01-19 18:01:08 +11:00
Thomas Lynch
52da926ed2 set ssl verify none on template servers 
make trace for debug plain for no xss and add ms to timestamp
 2022-01-02 01:31:21 +11:00
Thomas Lynch
2fbba3c8f8 haproxy 2.5 docker 2021-12-30 17:42:24 +11:00
Thomas Lynch
7e2e8d6de3 remove debug template page 2021-12-30 01:41:48 +11:00
Thomas Lynch
83cecb6a18 fhdr for user-agent 2021-12-30 01:25:25 +11:00
Thomas Lynch
7de768d731 /cdn-cgi/trace test 2021-12-30 00:13:14 +11:00
Thomas Lynch
e9111471b7 add simple cache and x-cache info header for example/testing 2021-12-28 01:25:15 +11:00
Thomas Lynch
06b28c8650 add dataplaneapi for --save-map-files, and bugfix some small things. custom domain/backendip working pretty well now 2021-12-27 20:42:27 +11:00
Thomas Lynch
9557c06aa1 update, dynamic backends based on hostname ,can be updated live control panel/management socket 2021-12-26 23:56:15 +11:00
Thomas Lynch
6f52ee8977 improved, now handles domain OR path protection with 0, 1, 2 setting for none, pow, captcha 
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
 2021-12-04 21:42:27 +11:00
Thomas Lynch
bc55ce5a93 reduce concurrency of client check again to max 4 thread 2021-12-01 13:54:21 +11:00
Thomas Lynch
54be416a39 add crypto.subtle check for lokinet and idiots using non-tor browser for .onion 2021-11-30 02:27:19 +11:00
Thomas Lynch
876d0835bc change script threads to hardwareconcurrency/2 instead of -1, because it can still cause browsers to be sluggish or crash moreso on powerful machines 2021-11-27 01:02:37 +11:00
Thomas Lynch
e651d25dbb remove unnecessary layer of tcp mode for stripping proxy, works just fine without it 2021-11-26 14:43:43 +11:00
Thomas Lynch
bec6bddf40 close #4 2021-11-26 00:27:47 +11:00
Thomas Lynch
48382434c4 change haproxy pathing from /usr/share/etc to /etc 2021-11-25 18:16:07 +11:00
Thomas Lynch
5a4a02beba switch 2 maps, one for ddos enabled, the other to disable captcha leaving only POW 
minor change script messages
todo: update CLI to allow changing
 2021-11-24 19:37:56 +11:00
Thomas Lynch
9f26e53798 combine POW and captcha into one 2021-11-24 05:23:33 +11:00
Thomas Lynch
6400d98975 make the useragent header fetch properly 
add a salt to the generate_secret function -- that was kinda important right? lol
just pass through to `end` if not POST or GET
make it not use calls to hostname and dig in lua scripts, use haproxy backend resolving instead
improve the template a lot and make it theme-matched to my site and similar to ngx_http_js_challenge robot page
fix various bugs
 2021-11-24 00:34:41 +11:00
Eugene Prodan
26ae929644 refactor: get rid of luarocks completely, better exceptions handling 2021-06-14 01:21:38 +03:00
Eugene Prodan
ff669a9e64 refactor: organize lua dependencies 2021-06-12 00:55:15 +03:00
Eugene Prodan
a4b4e84544 feat: added CLI to manage ddos protection system 2021-06-11 22:14:43 +03:00
Eugene Prodan
ae2564d4db refactor: remove ratelimiting functionality, 
add on-demand global / per-domain ddos protection enabling
add automatic redirect from captcha page back to the requested source
prettify the captcha page
 2021-06-10 23:08:45 +03:00
followcube
bda2f31996 refactor: sets ratelimit as action 2021-06-08 22:45:51 +03:00
followcube
7b83affae5 asdas 2021-06-08 21:58:43 +03:00
followcube
182b6e0000 rasras 2021-06-08 21:53:20 +03:00
Eugene Prodan
888a11da83 feat: added action to validate ddos protection cookie 2021-06-08 20:17:16 +03:00
Eugene Prodan
0f7bd9951b feat: added functionality to set quasi-random cookie if captcha is passed 2021-06-08 00:40:37 +03:00
Eugene Prodan
0fde9b873b feat: added captcha serving service to haproxy 2021-06-07 23:44:39 +03:00
Eugene Prodan
e67aced62e feat: building haproxy from scratch with required lua modules 2021-06-07 00:32:47 +03:00