Add HAProxy PoW challenge, simple bad bot blocking, and adjust mounts
All checks were successful
Build And Deploy / build-and-deploy (push) Successful in 1m16s
All checks were successful
Build And Deploy / build-and-deploy (push) Successful in 1m16s
Replace single deploy/haproxy.cfg with deploy/haproxy/{haproxy.cfg,challenge.html}.
HAProxy now runs a WebCrypto-based proof-of-work challenge using a stick-table,
URI normalization and a challenge backend. docker-compose mounts the haproxy
directory, and also switches the site DB volume to ./db to be consistent. Update robots.txt.ts to
add a honeypot path for bad bot blocking.
This commit is contained in:
parent
1162c53c8f
commit
f014330b14
5 changed files with 233 additions and 45 deletions
143
deploy/haproxy/challenge.html
Normal file
143
deploy/haproxy/challenge.html
Normal file
|
|
@ -0,0 +1,143 @@
|
|||
<!doctype html>
|
||||
<meta name="viewport" content="width=device-width" />
|
||||
<title>Challenge Accepted!</title>
|
||||
<style>
|
||||
body {
|
||||
background: #ddd;
|
||||
color: #000;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
#progress {
|
||||
position: absolute;
|
||||
margin: 0;
|
||||
top: 50%%;
|
||||
left: 50%%;
|
||||
transform: translate(-50%%, -50%%);
|
||||
text-align: center;
|
||||
font-size: 125%%;
|
||||
}
|
||||
#progressBar {
|
||||
font-size: 250%%;
|
||||
user-select: none;
|
||||
}
|
||||
#progressBar.done {
|
||||
transition:
|
||||
font-size 2s linear,
|
||||
opacity 2s linear;
|
||||
font-size: 1000%%;
|
||||
opacity: 0.5;
|
||||
}
|
||||
.animate {
|
||||
animation: spin 2s infinite linear;
|
||||
}
|
||||
@keyframes spin {
|
||||
to {
|
||||
transform: rotate(360deg);
|
||||
}
|
||||
}
|
||||
iframe {
|
||||
display: none;
|
||||
}
|
||||
footer {
|
||||
position: fixed;
|
||||
bottom: 4px;
|
||||
width: 100%%;
|
||||
text-align: center;
|
||||
}
|
||||
</style>
|
||||
<form method="post" target="post" action="/_challenge" name="challenge">
|
||||
<input type="hidden" name="ip" value="%[src]" />
|
||||
<input type="hidden" name="ts" value="%[date]" />
|
||||
<input type="hidden" name="diff" value="4" />
|
||||
<input type="hidden" name="tries" value="" />
|
||||
</form>
|
||||
<div id="progress">
|
||||
<span id="progressText"></span>
|
||||
<div id="progressBar"></div>
|
||||
</div>
|
||||
<iframe srcdoc="" src="about:blank" name="post"></iframe>
|
||||
<script>
|
||||
"use strict";
|
||||
|
||||
async function challenge(diff, ip, ts) {
|
||||
let te = new TextEncoder();
|
||||
let tries = 0;
|
||||
progressText.innerText = "✋ Checking connection, please wait";
|
||||
progressBar.innerText = "🌀";
|
||||
progressBar.className = "animate";
|
||||
for (; tries < 10_000_000; tries++) {
|
||||
let hash = await crypto.subtle.digest(
|
||||
"SHA-256",
|
||||
te.encode([ip, location.hostname, ts, tries].join(";")),
|
||||
);
|
||||
let y = new Uint8Array(hash);
|
||||
let i = 0;
|
||||
while (i < diff / 2) {
|
||||
if (y[i] > 0x0f) break;
|
||||
if (i * 2 + 1 >= diff) return tries;
|
||||
if (y[i++] > 0) break;
|
||||
if (i * 2 >= diff) return tries;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async function startChallenge(form) {
|
||||
if (!("subtle" in window.crypto)) {
|
||||
if (location.protocol !== "https:") {
|
||||
progress.innerText =
|
||||
"No WebCrypto support. This must be served over a HTTPS connection.";
|
||||
} else {
|
||||
progress.innerText =
|
||||
"No WebCrypto support in your browser. " +
|
||||
"This is required to pass the challenge.";
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
let backoff = 0;
|
||||
let tryOnce = (_) => {
|
||||
if (backoff > 8) {
|
||||
progressText.innerText =
|
||||
"Failed to submit after several tries. Try reloading.";
|
||||
return;
|
||||
}
|
||||
setTimeout(
|
||||
async (_) => submitAnswer(form),
|
||||
1000 * (Math.pow(2, backoff++) - 1),
|
||||
);
|
||||
};
|
||||
form.addEventListener("error", tryOnce);
|
||||
let iframe = document.querySelector("iframe");
|
||||
iframe.addEventListener("load", (_) =>
|
||||
location.hash.length ? location.reload() : location.replace(location),
|
||||
);
|
||||
tryOnce();
|
||||
}
|
||||
|
||||
async function submitAnswer(form) {
|
||||
let start = new Date();
|
||||
let tries = await challenge(form.diff.value, form.ip.value, form.ts.value);
|
||||
if (tries === undefined) {
|
||||
progressText.innerText =
|
||||
"Unable to calculate challenge. Try reloading or a different browser.";
|
||||
progressBar.innerText = "🤯";
|
||||
progressBar.className = "error";
|
||||
return;
|
||||
}
|
||||
form.tries.value = tries;
|
||||
progressText.innerText = "Took " + (new Date() - start) + "ms";
|
||||
console.log(`${tries} tries.\n${progressText.innerText}`);
|
||||
progressBar.className = "done";
|
||||
progressBar.innerText = "✅";
|
||||
form.submit();
|
||||
}
|
||||
|
||||
window.addEventListener("load", (_) =>
|
||||
startChallenge(document.forms.challenge),
|
||||
);
|
||||
</script>
|
||||
<noscript
|
||||
>Malicious scrapers break the web. To continue, you'll need JavaScript
|
||||
enabled.</noscript
|
||||
>
|
||||
Loading…
Add table
Add a link
Reference in a new issue