fatchan
/
haproxy-protection
mirror of https://gitgud.io/fatchan/haproxy-protection.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
HAProxy configuration and lua scripts implementing a challenge-response page where visitors solve a captcha and/or proof-of-work (cpu intensive) task. Intended to stop bots, spam, ddos, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
240 Commits
2 Branches
1 Tag
1.4 MiB
 
 
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Thomas Lynch a0ff482b17
Cleanup server registration and fix for Haproxy 3.0 because newline delimited commands are rejected. Now must be separated by semicolon. 		2 weeks ago
haproxy Testing new ACLs for query string 2 weeks ago
nginx Fully convert to data plane api 1 year ago
src Cleanup server registration and fix for Haproxy 3.0 because newline delimited commands are rejected. Now must be separated by semicolon. 2 weeks ago
tor close #4 3 years ago
.gitignore add missing global configs for master-worker mode and crt base 4 weeks ago
INSTALLATION.md update config for crawler-whitelist, cleanup a few things in the example 1 year ago
LICENSE-GPL-3.0.txt GPL-3.0 from now on 1 year ago
LICENSE.txt GPL-3.0 from now on 1 year ago
README.md ditto of jschan repo change 2 months ago
docker-compose.yml Testing new ACLs for query string 2 weeks ago

README.md

haproxy-protection

HAProxy configuration and lua scripts allowing a challenge-response page where users solve a captcha and/or proof-of-work. Intended to stop bots, spam, ddos.

Integrates with https://gitgud.io/fatchan/haproxy-panel-next to add/remove/edit domains, protection rules, blocked ips, backend server IPs, etc during runtime.

Originally inspired by a proof of concept from https://github.com/mora9715/haproxy_ddos_protector.

Features / improvements in this fork:

  • Implement a proof-of-work mode, in addition to the existing captcha only mode.
  • Ability to choose between argon2 or sha256 proof of work modes.
  • Sharing POW answers with storage events to prevent unnecessary re-solving when opening multiple tabs.
  • Supports either hcaptcha or recaptcha.
  • Support .onion/tor with the HAProxy PROXY protocol, using circuit identifiers as a substitute for IPs.
  • Allow users without javascript to solve the POW by providing a shell script and html form inside noscript tags.
  • Use HAProxy http-request return directive to directly serve files from the edge without a separate backend.
  • Adjustable cookie validity lifetime.
  • Adjustable "mode" ("none", "pow" or "pow+captcha") per domain or domain+path
  • Improved the appearance of the challenge page.
  • Add several useful maps & acls to the haproxy config:
    • Whitelist or blacklist IPs/subnets.
    • Rerwite/redirect specific paths or whole domains.
    • Maintenance mode page for selected domains.
  • Geoip mapping support for alt-svc headers.
  • Support simple load balancing to multiple backends per domain dynamically.
  • Multiple language support with locales files (currently en-US and pt-PT).
  • Fix multiple security issues.
  • Many bugfixes.

Installation

See INSTALLATION.md

For generous people

Bitcoin (BTC): bc1q4elrlz5puak4m9xy3hfvmpempnpqpu95v8s9m6

Monero (XMR): 89J9DXPLUBr5HjNDNZTEo4WYMFTouSsGjUjBnUCCUxJGUirthnii4naZ8JafdnmhPe4NP1nkWsgcK82Uga7X515nNR1isuh