f6ec537cb0
Test another stick table, track req.query
2024-07-07 23:03:11 +10:00
53a679fc76
add missing global configs for master-worker mode and crt base
2024-06-30 22:36:54 +10:00
25f702d157
Add ACL so alt-svc header is only sent when geo continent not matching server env
2024-01-28 17:44:07 +11:00
3f1852dd1b
Add env var example for maxconn and cache total-max-size
2023-10-19 21:34:02 +11:00
1dd69fd924
Add geo blocking for country and continent, changes get_ip_var lua script section to use two tables
2023-10-15 18:13:52 +11:00
e36add4ee7
Add asn blocking
2023-09-09 21:39:45 +10:00
93cac69798
Make blocked and whitelist maps multi tenant
2023-09-07 16:47:21 +10:00
d687e54d17
Test with updated dataplaneapi for map fix and exclusing backends in sync, change to .yml, and empty backends map
2023-09-03 01:16:14 +10:00
eb82a3d391
ne wjson map format for excluding exits
2023-06-15 22:01:53 +10:00
1df8277ee2
Bugfix to declaration of crawler whitelist map, reduce difficulty for testing
2023-06-10 12:51:56 +10:00
ab5614e702
Revert dockerfile because 2.8 and http/3 still has some issues with lua
2023-06-08 00:14:25 +10:00
b70fd56201
Test with http3 quic and updated dockerfile with haproxy 2.8
2023-06-08 00:00:05 +10:00
10c875e689
update config for crawler-whitelist, cleanup a few things in the example
2023-06-04 13:04:13 +10:00
22b6b4795e
WIP of configurable challenge settings per-domain with a ddos_config map and handling
2023-05-21 20:13:23 +10:00
14922d7e2f
Refactor fetching header for difference between applet and transaction mode.
...
Improve locale_strings map by re json.encode.
Add method to put translation jsons into txn var and read with a json_query fetch inside template files not served by a lua view e.g. maintenance page
2023-05-21 15:18:55 +10:00
88ba9f264b
add /.basedflare/pow-icon (useful with rewrite for custom loading image)
2023-04-29 15:43:35 +10:00
f1cf3f6390
frontend js translations
2023-04-20 21:23:50 +10:00
93c01c05c5
Update redirect to new redirect and rewrite
...
Add example geoip config
Add example alt-svc config
Update README
2023-04-19 21:04:44 +10:00
5fd4ae842c
Add new (optional) auto script to be optionally included in frontend sites, will auto solve POW when low time left
...
Allow bot-check to return json format to be compatible with that
Update challenge script
2023-04-14 01:42:56 +10:00
a6f3613b6a
More concise wording, offer a .min.js for scripts
2023-04-11 21:13:25 +10:00
40da57544a
Support multiple backends per domain with the help of some lua
2023-04-06 22:40:03 +10:00
9478892614
Allow proper ssl verification for backends (With a privately managed CA of course)
2023-03-18 15:21:21 +11:00
5b98b5b15c
simple redirect map
2023-03-04 20:18:54 +11:00
3cc7482084
Fully convert to data plane api
...
Change global ACL to a map to realtime update with data plane api
Change how on setartup servers are registered in lua
2023-02-18 15:14:40 +11:00
875e9e5edd
Add back dataplaneapi in anticipation of using it to control haproxy rather than haproxy-sdk runtime socket
2023-02-12 13:17:03 +11:00
9531049aa9
Update haproxy config, scripts & docker-compose to use simpler mroe organised files layout
...
Make cookies sent from captcha/pow response be httponly
2023-02-11 21:39:38 +11:00
08a966c121
Reorganise, move code to not be split between haproxy and src folder
2023-02-11 15:06:35 +11:00
45bc67fae4
Move everything under paths like /.basedflare/ instead of putting stuff in paths where it might conflict
...
Move templates to own file instead of in main lua script
Rename some stuff from "hcatpcha" to more correct "captcha" and "bot-check" because we no longer only have hcaptcha
Clean some code and add a few comments
2023-02-11 14:16:51 +11:00
1c6504e83e
use lua-load-per-thread as per https://cbonte.github.io/haproxy-dconv/2.6/configuration.html\#3.1-lua-load because we don't have any cross request/thread global vars to worry about
2023-01-06 19:04:02 +11:00
64e26f65b5
- Add ability to communicate with Tor control port and close circuits. Can be called from lua or as a http-request lua... call to do it based off an ACL. close #16
...
- Make POW checked before captcha in POST handler, since they both must be submittedin captcha mode, we don't want to send POST to /siteverify if they didnt even solve the POW
Other:
- Change (improve) split util to leave empty table entries for repeated delimiters
- Minor frontend script bugfix so error messages display properly in captcha mode
- Wrap submit button of noscript pow form to next line
2022-10-02 04:57:59 +11:00
4716cf1be2
Improve & cleanup README, docker-compose, haproxy config
2022-09-25 22:54:51 +10:00
a50b35b65d
argon2 implementation
...
- memory and time params customisable as well as "difficulty", default 1 iteration, 6000KB, 3 difficulty.
- updated the noscript bash method to work with argon2
- works in webworkers or main thread, capped at 8 threads (doesn't seem to crash firefox anymore -- we could go higher)
2022-09-24 22:56:55 +10:00
e1c786a1d7
Add example snippet of how to acl/whitelist stats sockte
2022-09-18 19:01:38 +10:00
3f40192d55
Update README with new env vars
...
Remove dataplaneapi junk
2022-09-17 19:22:27 +10:00
598790cb4f
- Fix some docker-compose issues close #14
...
- Move to new scheme with some hashing, sigs, and a random user key. close #13
- Change to sha256 rather than sha1 (temporary, but i guess its slightly more secure which is nice for now) ref #10
- Change POW output checked value
- Add lib for randombytes, udpate lua sha lib
- Remove outdated difficulty checks in frontend (was hardcoded 0 anyway) and since algo change is coming soon, there is no need to keep it
2022-09-17 02:45:27 +10:00
0d991770cf
google recaptcha v2 support
2022-09-12 23:37:21 +10:00
77518cee69
maintenance mode
2022-04-26 07:30:34 +00:00
76e9cad8a8
add map for whitelisting ip/subnets. also cleanup the config a bit.
2022-04-25 01:07:57 +10:00
c3a3648469
readme update,
...
remove ssl from haproxy since its just the docker example
2022-01-22 13:00:31 +11:00
52da926ed2
set ssl verify none on template servers
...
make trace for debug plain for no xss and add ms to timestamp
2022-01-02 01:31:21 +11:00
7e2e8d6de3
remove debug template page
2021-12-30 01:41:48 +11:00
7de768d731
/cdn-cgi/trace test
2021-12-30 00:13:14 +11:00
e9111471b7
add simple cache and x-cache info header for example/testing
2021-12-28 01:25:15 +11:00
06b28c8650
add dataplaneapi for --save-map-files, and bugfix some small things. custom domain/backendip working pretty well now
2021-12-27 20:42:27 +11:00
9557c06aa1
update, dynamic backends based on hostname ,can be updated live control panel/management socket
2021-12-26 23:56:15 +11:00
6f52ee8977
improved, now handles domain OR path protection with 0, 1, 2 setting for none, pow, captcha
...
global override does POW only (for now --or can be easily changed for captcha+pow) until i make that customisable level too
no more confusing inverted map
use maps correctly as k:v
cleaned up some stuff
added comments
2021-12-04 21:42:27 +11:00
bec6bddf40
close #4
2021-11-26 00:27:47 +11:00
48382434c4
change haproxy pathing from /usr/share/etc to /etc
2021-11-25 18:16:07 +11:00
5a4a02beba
switch 2 maps, one for ddos enabled, the other to disable captcha leaving only POW
...
minor change script messages
todo: update CLI to allow changing
2021-11-24 19:37:56 +11:00
9f26e53798
combine POW and captcha into one
2021-11-24 05:23:33 +11:00
