WeebDataHoarder
0473109e60
http: allow specifying Go DNS resolver on config backends
2025-04-27 13:16:42 +02:00
WeebDataHoarder
c33531d7eb
cmd: log errors with ERROR severity via slog, additionally print newline string, fixes #12
2025-04-27 12:17:18 +02:00
WeebDataHoarder
01ef63abea
challenge: quote expected challenge name on error
2025-04-25 23:20:53 +02:00
WeebDataHoarder
0b9f077b6c
context: delete query parameters set by go-away
2025-04-25 22:48:34 +02:00
WeebDataHoarder
a85aa95dbd
cmd: support changing path from well-known prefix, allow configuring full path
2025-04-25 22:16:09 +02:00
WeebDataHoarder
a1f97adde8
metrics: fix global state reset on policy reload
2025-04-25 22:11:08 +02:00
WeebDataHoarder
bca5b25f28
docker: include default snippets onto Dockerfile, allow multiple snippets folders, closes #8
2025-04-25 18:09:25 +02:00
WeebDataHoarder
398675aa3c
config: Add string replacement for templates, add example config.yml ( close #10 )
2025-04-25 17:32:45 +02:00
WeebDataHoarder
4d7436c51b
cel: use generic env from https://codeberg.org/gone/http-cel
2025-04-25 12:08:55 +02:00
WeebDataHoarder
bc0eaeca21
metrics: Add rule action metrics
2025-04-25 11:40:39 +02:00
WeebDataHoarder
d6d69d0192
metrics: track DEFAULT rule hit
2025-04-25 11:40:38 +02:00
WeebDataHoarder
47f9f6fee6
metrics: Added prometheus metrics for rules and challenges
2025-04-25 11:27:42 +02:00
WeebDataHoarder
9541c58eeb
settings: introduce settings YAML file to complement cmd arguments
2025-04-24 18:26:06 +02:00
WeebDataHoarder
96870cc192
dnsbl: normal error handling on resolution error
2025-04-24 00:02:06 +02:00
WeebDataHoarder
3bbd50764a
challenge: add cookie prefix to cookies tied to host/pubkey to prevent reuse
2025-04-23 22:38:14 +02:00
WeebDataHoarder
49e46e7e9f
condition: fix http query values context
2025-04-23 22:29:17 +02:00
WeebDataHoarder
cd372e1512
challenge: Skip already issued challenges
2025-04-23 22:06:11 +02:00
WeebDataHoarder
cef915b353
http: use Query.Get instead of FormValue, allows POST through
2025-04-23 21:30:39 +02:00
WeebDataHoarder
cb02fb20e9
cmd: print current version name on cmd and Via header
2025-04-23 20:46:17 +02:00
WeebDataHoarder
57755112ea
ci: check example policy files
...
cmd: add check parameter
2025-04-23 20:35:20 +02:00
WeebDataHoarder
6bb7ca979d
Implement cache for networks
2025-04-23 20:35:20 +02:00
WeebDataHoarder
a0224cb21c
policy: allow fetching ASN directly via RADb WHOIS service
2025-04-23 20:35:20 +02:00
WeebDataHoarder
9719c0ff39
Support atomically swapping http handler for passhtrough
2025-04-23 20:35:20 +02:00
WeebDataHoarder
3b11792594
Implement policy snippets
2025-04-23 20:35:20 +02:00
WeebDataHoarder
ead41055ca
Condition, rules, state and action refactor / rewrite
...
Add nested rules
Add backend action, allow wildcard in backends
Remove poison from tree, update README with action table
Allow defining pass/fail actions on challenge,
Remove redirect/referer parameters on backend pass
Set challenge cookie tied to host
Rewrite DNSBL condition into a challenge
Allow passing an arbitrary path for assets to js challenges
Optimize programs exhaustively on compilation
Activation instead of map for CEL context, faster map access, new network override
Return valid host on cookie setting in case Host is an IP address.
bug: does not work with IPv6, see https://github.com/golang/go/issues/65521
Apply TLS fingerprinter on GetConfigForClient instead of GetCertificate
Cleanup go-away cookies before passing to backend
Code action for specifically replying with an HTTP code
2025-04-23 20:35:20 +02:00
WeebDataHoarder
c84c67439e
Only error when target network list is not reachable
2025-04-15 19:23:04 +02:00
WeebDataHoarder
b0aa9ff450
Status code 200 -> http.StatusOK
2025-04-15 19:19:34 +02:00
WeebDataHoarder
39fbcf92d2
Return in case of not matching poison
2025-04-13 20:39:47 +02:00
WeebDataHoarder
cc89b8657f
Only serve poison if encoding for it exists
2025-04-13 11:15:24 +02:00
WeebDataHoarder
f2005d5051
Ensure JA3N is stringified on logger
2025-04-12 15:36:54 +02:00
WeebDataHoarder
617e40099f
Check fingerprint ptr before usage
2025-04-12 13:56:25 +02:00
WeebDataHoarder
ca49c99cad
Add support for JA3N / JA4 TLS fingerprinting
2025-04-12 02:13:05 +02:00
WeebDataHoarder
87c2845952
Send request data early
2025-04-11 06:22:48 +02:00
WeebDataHoarder
7829eece77
Added backend IP header support
2025-04-11 06:02:01 +02:00
WeebDataHoarder
ca4101df7c
Use self-redirect on cookie challenge
2025-04-10 05:27:44 +02:00
WeebDataHoarder
527f1342e8
Issue token then redirect to verify under cookie challenge
2025-04-10 05:15:48 +02:00
WeebDataHoarder
ce111f6ae9
Add DNSBL querying in conditions
2025-04-08 22:11:58 +02:00
WeebDataHoarder
153870acc0
Serve pprof server when debug mode is enabled
2025-04-08 20:06:28 +02:00
WeebDataHoarder
186904e020
Mark challenge keys with whether client was ipv4 or ipv6, allow retrying IPv4 -> IPv6 happy eyeballs automatically
2025-04-08 14:07:24 +02:00
WeebDataHoarder
f80d6ebd15
Set X-Away-Id on response
2025-04-08 13:13:19 +02:00
WeebDataHoarder
10dc2a0177
Remove Sec-Ch-Ua and Sec-Ch-Ua-Platform from challenge key
2025-04-08 12:49:55 +02:00
WeebDataHoarder
baf9df9f0a
Allow conditions on challenges, and early hint deadline
2025-04-08 11:40:16 +02:00
WeebDataHoarder
f272a5ae72
Load challenge as style
2025-04-08 02:38:53 +02:00
WeebDataHoarder
2ce9709667
New challenge for HTTP/2 clients, preload-link
2025-04-08 02:17:03 +02:00
WeebDataHoarder
b3f471bb30
Pass http challenge if we passed it previously on the request
2025-04-07 23:44:29 +02:00
WeebDataHoarder
1c2d1e008c
Added refresh button to challenges and deny pages where reasonable, ensure no open redirect or other
2025-04-07 19:24:22 +02:00
WeebDataHoarder
e08a5697f6
Minor cleanup of challenges code, bind session http cookies to issued tokens
2025-04-07 19:00:53 +02:00
WeebDataHoarder
0968e6feae
Move challenge structs to external state
2025-04-07 16:22:16 +02:00
WeebDataHoarder
02f3c1cb19
Rearranged wasm challenge utils
2025-04-06 12:51:27 +02:00
WeebDataHoarder
65561ab00e
Add wasm helper, wasm test utility
2025-04-06 11:44:06 +02:00
