mirror of
https://gitgud.io/fatchan/haproxy-protection.git
synced 2025-05-09 02:05:37 +00:00
40 lines
1.2 KiB
INI
40 lines
1.2 KiB
INI
global
|
|
daemon
|
|
maxconn 256
|
|
log stdout format raw local0 debug
|
|
lua-load /usr/local/etc/haproxy/scripts/register.lua
|
|
stats socket /var/run/haproxy.sock mode 666 level admin
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect 5000ms
|
|
timeout client 50000ms
|
|
timeout server 50000ms
|
|
|
|
frontend http-in
|
|
bind *:80
|
|
|
|
acl ddos_mode_enabled hdr_cnt(xr3la1rfFc) eq 0
|
|
acl pow_passed var(txn.pow_passed) -m bool
|
|
acl captcha_passed var(txn.captcha_passed) -m bool
|
|
|
|
acl on_captcha_url path -m beg /bot-check
|
|
acl is_excluded path_end -i .js .ico
|
|
|
|
use_backend servers if is_excluded
|
|
|
|
http-request use-service lua.hcaptcha-view if on_captcha_url !is_excluded
|
|
http-request lua.hcaptcha-check if !is_excluded !on_captcha_url ddos_mode_enabled
|
|
http-request lua.pow-check if !is_excluded !on_captcha_url ddos_mode_enabled
|
|
|
|
http-request redirect location /bot-check?%[capture.req.uri] code 302 if !captcha_passed !on_captcha_url ddos_mode_enabled !is_excluded OR !pow_passed !on_captcha_url ddos_mode_enabled !is_excluded
|
|
|
|
default_backend servers
|
|
|
|
backend servers
|
|
server server1 nginx:80 maxconn 32
|
|
|
|
backend hcaptcha
|
|
mode http
|
|
server hcaptcha hcaptcha.com:443
|