Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
116 Commits 2 Branches 1 Tag
6e5cf2af31c04e7d0542be1b91e8a49147fc60a5
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Thomas Lynch 6e5cf2af31 Make cookie expiry based on issued expiry date from challenge date instead of all expiring on bucket. 
Fixes potential issue of challenges being incorrect if solved right on the bucket change
Allows to solve a challenge at any time (even in the background) and not see the challenge page twice in a small period
Allows for backend to make dynamic expiry of tokens e.g make tor tokens or based on IP reputation not last as long (not implemented atm)
Close #20
2023-02-11 20:57:21 +11:00
haproxy
Reorganise, move code to not be split between haproxy and src folder
2023-02-11 15:06:35 +11:00
img
Update README with new env vars
2022-09-17 19:22:27 +10:00
nginx
close #4
2021-11-26 00:27:47 +11:00
src
Make cookie expiry based on issued expiry date from challenge date instead of all expiring on bucket.
2023-02-11 20:57:21 +11:00
tor
close #4
2021-11-26 00:27:47 +11:00
.gitignore
update gitignore
2021-12-01 14:00:07 +11:00
docker-compose.yml
Close #18 make answers and redirect calls shared between tabs with localstorage to not solve and submit answer multiple times when opening multiple tabs/bookmarks, etc
2023-02-11 16:08:44 +11:00
INSTALLATION.md
Rename POW vars to separately argon_ for argon2 stuff, improve readme and split out INSTALLATION into separate file
2023-02-11 14:43:55 +11:00
LICENSE.md
docs: add license file
2021-06-11 22:41:11 +03:00
README.md
Rename POW vars to separately argon_ for argon2 stuff, improve readme and split out INSTALLATION into separate file
2023-02-11 14:43:55 +11:00

README.md

haproxy-protection

A fork and further development of a proof of concept from https://github.com/mora9715/haproxy_ddos_protector, a HAProxy configuration and lua scripts allowing a challenge-response page where users solve a captcha and/or proof-of-work. Intended to stop bots, spam, ddos.

Integrates with https://gitgud.io/fatchan/haproxy-panel-next to add/remove/edit domains, protection rules, blocked ips, backend server IPs, etc during runtime.

Features / improvements in this fork:

  • Implement a proof-of-work mode, in addition to the existing captcha only mode.
  • Supports either hcaptcha or recaptcha.
  • Support .onion/tor with the HAProxy PROXY protocol, using circuit identifiers as a substitute for IPs.
  • Allow users without javascript to solve the POW by providing a shell script and html form inside noscript tags.
  • Use HAProxy http-request return directive to directly serve files from the edge without a separate backend.
  • Adjustable cookie validity lifetime.
  • Adjustable "mode" ("none", "pow" or "pow+captcha") per domain or domain+path
  • Improved the appearance of the challenge page.
  • Add several useful maps & acls to the haproxy config:
    • Whitelist or blacklist IPs/subnets.
    • Maintenance mode page for selected domains.
  • Fix multiple security issues.
  • Many bugfixes.

Installation

See INSTALLATION.md

Screenshots

nocaptcha captcha

For generous people

Bitcoin (BTC): bc1q4elrlz5puak4m9xy3hfvmpempnpqpu95v8s9m6

Monero (XMR): 89J9DXPLUBr5HjNDNZTEo4WYMFTouSsGjUjBnUCCUxJGUirthnii4naZ8JafdnmhPe4NP1nkWsgcK82Uga7X515nNR1isuh

Oxen (OXEN): LBjExqjDKCFT6Tj198CfK8auAzBERJX1ogtcsjuKZ6AYWTFxwEADLgf2zZ8NHvWCa1UW7vrtY8DJmPYFpj3MEE69CryCvN6

Description
HAProxy configuration and lua scripts implementing a challenge-response page where visitors solve a captcha and/or proof-of-work (cpu intensive) task. Intended to stop bots, spam, ddos, etc.
botchallenge-responseddoshaproxyhcaptchamitigationproof of workspam
Readme 938 KiB
Languages
Lua 94.3%
JavaScript 4.1%
Dockerfile 1.1%
HTML 0.4%
Shell 0.1%