Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/simon987/ngx_http_js_challenge_module

Simple javascript proof-of-work based access for Nginx with virtually no overhead. (Similar to Cloudflare's anti-DDoS feature)
https://github.com/simon987/ngx_http_js_challenge_module

anti-ddos nginx proof-of-work

Last synced: about 1 month ago
JSON representation

Simple javascript proof-of-work based access for Nginx with virtually no overhead. (Similar to Cloudflare's anti-DDoS feature)

Awesome Lists containing this project

README 

        

## ngx_http_js_challenge_module



![GitHub](https://img.shields.io/github/license/simon987/ngx_http_js_challenge_module.svg)

[![CodeFactor](https://www.codefactor.io/repository/github/simon987/ngx_http_js_challenge_module/badge)](https://www.codefactor.io/repository/github/simon987/ngx_http_js_challenge_module)



[Demo website](https://ngx-js-demo.simon987.net/)



Simple javascript proof-of-work based access for Nginx with virtually no overhead.



Easy installation: just add `load_module /path/to/ngx_http_js_challenge_module.so;` to your

`nginx.conf` file and follow the [configuration instructions](#configuration).





  




### Configuration



**Simple configuration**

```nginx

server {

    js_challenge on;

    js_challenge_secret "change me!";



    # ...

}

```



**Advanced configuration**

```nginx

server {

    js_challenge on;

    js_challenge_secret "change me!";

    js_challenge_html /path/to/body.html;

    js_challenge_bucket_duration 3600;

    js_challenge_title "Verifying your browser...";



    location /static {

        js_challenge off;

        alias /static_files/;

    }



    location /sensitive {

        js_challenge_bucket_duration 600;

        #...

    }



    #...

}

```



* `js_challenge on|off` Toggle javascript challenges for this config block

* `js_challenge_secret "secret"` Secret for generating the challenges. DEFAULT: "changeme"

* `js_challenge_html "/path/to/file.html"` Path to html file to be inserted in the `` tag of the interstitial page

* `js_challenge_title "title"` Will be inserted in the `` tag of the interstitial page. DEFAULT: "Verifying your browser..."

* `js_challenge_bucket_duration time` Interval to prompt js challenge, in seconds. DEFAULT: 3600



### Installation



1. Add `load_module ngx_http_js_challenge_module.so;` to `/etc/nginx/nginx.conf`

1. Reload `nginx -s reload`



### Build from source



These steps have to be performed on machine with compatible configuration (same nginx, glibc, openssl version etc.)



1. Install dependencies

    ```bash

    apt install libperl-dev libgeoip-dev libgd-dev libxslt1-dev libpcre3-dev

    ```

2. Download nginx tarball corresponding to your current version (Check with `nginx -v`)

    ```bash

   wget https://nginx.org/download/nginx-1.16.1.tar.gz

   tar -xzf nginx-1.16.1.tar.gz

   export NGINX_PATH=$(pwd)/nginx-1.16.1/

    ```

3. Compile the module

    ```bash

    git clone https://github.com/simon987/ngx_http_js_challenge_module

    cd ngx_http_js_challenge_module

    ./build.sh

    ```

4. The dynamic module can be found at `${NGINX_PATH}/objs/ngx_http_js_challenge_module.so`



### Known limitations / TODO



* Users with cookies disabled will be stuck in an infinite refresh loop (TODO: redirect with a known query param, if no cookie is specified but the query arg is set, display an error page)

* If nginx is behind a reverse proxy/load balancer, the same challenge will be sent to different users and/or the response cookie will be invalidated when the user is re-routed to another server. (TODO: use the x-real-ip header when available)