fatchan
/
haproxy-protection
mirror of https://gitgud.io/fatchan/haproxy-protection.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
HAProxy configuration and lua scripts implementing a challenge-response page where visitors solve a captcha and/or proof-of-work (cpu intensive) task. Intended to stop bots, spam, ddos, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
211 Commits
1 Branch
1 Tag
1.4 MiB
 
 
 
 
Tag: Branch: Tree: 844cff1baa
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '844cff1baa'
${ noResults }
Go to file
Thomas Lynch 844cff1baa
Don't check for wasm support when using sha256 challenge type 		10 months ago
haproxy haproxy 2.8 dockerfile, remove testing cert, change ddos map for json testing 11 months ago
nginx Fully convert to data plane api 1 year ago
src Don't check for wasm support when using sha256 challenge type 10 months ago
tor close #4 3 years ago
.gitignore Don't check for wasm support when using sha256 challenge type 10 months ago
INSTALLATION.md update config for crawler-whitelist, cleanup a few things in the example 12 months ago
LICENSE-GPL-3.0.txt GPL-3.0 from now on 1 year ago
LICENSE.txt GPL-3.0 from now on 1 year ago
README.md Update README.md 10 months ago
docker-compose.yml haproxy 2.8 dockerfile, remove testing cert, change ddos map for json testing 11 months ago

README.md

haproxy-protection

HAProxy configuration and lua scripts allowing a challenge-response page where users solve a captcha and/or proof-of-work. Intended to stop bots, spam, ddos.

Integrates with https://gitgud.io/fatchan/haproxy-panel-next to add/remove/edit domains, protection rules, blocked ips, backend server IPs, etc during runtime.

Originally inspired by a proof of concept from https://github.com/mora9715/haproxy_ddos_protector.

Features / improvements in this fork:

  • Implement a proof-of-work mode, in addition to the existing captcha only mode.
  • Ability to choose between argon2 or sha256 proof of work modes.
  • Sharing POW answers with storage events to prevent unnecessary re-solving when opening multiple tabs.
  • Supports either hcaptcha or recaptcha.
  • Support .onion/tor with the HAProxy PROXY protocol, using circuit identifiers as a substitute for IPs.
  • Allow users without javascript to solve the POW by providing a shell script and html form inside noscript tags.
  • Use HAProxy http-request return directive to directly serve files from the edge without a separate backend.
  • Adjustable cookie validity lifetime.
  • Adjustable "mode" ("none", "pow" or "pow+captcha") per domain or domain+path
  • Improved the appearance of the challenge page.
  • Add several useful maps & acls to the haproxy config:
    • Whitelist or blacklist IPs/subnets.
    • Rerwite/redirect specific paths or whole domains.
    • Maintenance mode page for selected domains.
  • Geoip mapping support for alt-svc headers.
  • Support simple load balancing to multiple backends per domain dynamically.
  • Multiple language support with locales files (currently en-US and pt-PT).
  • Fix multiple security issues.
  • Many bugfixes.

Installation

See INSTALLATION.md

For generous people

Bitcoin (BTC): bc1q4elrlz5puak4m9xy3hfvmpempnpqpu95v8s9m6

Monero (XMR): 89J9DXPLUBr5HjNDNZTEo4WYMFTouSsGjUjBnUCCUxJGUirthnii4naZ8JafdnmhPe4NP1nkWsgcK82Uga7X515nNR1isuh

Oxen (OXEN): LBjExqjDKCFT6Tj198CfK8auAzBERJX1ogtcsjuKZ6AYWTFxwEADLgf2zZ8NHvWCa1UW7vrtY8DJmPYFpj3MEE69CryCvN6