mirror of
				https://github.com/simon987/ngx_http_js_challenge_module.git
				synced 2025-10-25 18:36:53 +00:00 
			
		
		
		
	Can we add this to log the requests in the error.log? It can be filtered after with the rsyslog. (https://www.thegeekdiary.com/etc-rsyslog-conf-setup-a-filter-to-discard-or-redirect-messages/)
ngx_http_js_challenge_module
Simple javascript proof-of-work based access for Nginx with virtually no overhead.
Easy installation: just add load_module /path/to/ngx_http_js_challenge_module.so; to your
nginx.conf file and follow the configuration instructions.
Configuration
Simple configuration
server {
    js_challenge on;
    js_challenge_secret "change me!";
    # ...
}
Advanced configuration
server {
    js_challenge on;
    js_challenge_secret "change me!";
    js_challenge_html /path/to/body.html;
    js_challenge_bucket_duration 3600;
    js_challenge_title "Verifying your browser...";
    location /static {
        js_challenge off;
        alias /static_files/;
    }
    location /sensitive {
        js_challenge_bucket_duration 600;
        #...
    }
    #...
}
- js_challenge on|offToggle javascript challenges for this config block
- js_challenge_secret "secret"Secret for generating the challenges. DEFAULT: "changeme"
- js_challenge_html "/path/to/file.html"Path to html file to be inserted in the- <body>tag of the interstitial page
- js_challenge_title "title"Will be inserted in the- <title>tag of the interstitial page. DEFAULT: "Verifying your browser..."
- js_challenge_bucket_duration timeInterval to prompt js challenge, in seconds. DEFAULT: 3600
Installation
- Add load_module ngx_http_js_challenge_module.so;to/etc/nginx/nginx.conf
- Reload nginx -s reload
Build from source
These steps have to be performed on machine with compatible configuration (same nginx, glibc, openssl version etc.)
- Install dependencies
apt install libperl-dev libgeoip-dev libgd-dev libxslt1-dev libpcre3-dev
- Download nginx tarball corresponding to your current version (Check with nginx -v)wget https://nginx.org/download/nginx-1.16.1.tar.gz tar -xzf nginx-1.16.1.tar.gz export NGINX_PATH=$(pwd)/nginx-1.16.1/
- Compile the module
git clone https://github.com/simon987/ngx_http_js_challenge_module cd ngx_http_js_challenge_module ./build.sh
- The dynamic module can be found at ${NGINX_PATH}/objs/ngx_http_js_challenge_module.so
Known limitations / TODO
- Users with cookies disabled will be stuck in an infinite refresh loop (TODO: redirect with a known query param, if no cookie is specified but the query arg is set, display an error page)
- If nginx is behind a reverse proxy/load balancer, the same challenge will be sent to different users and/or the response cookie will be invalidated when the user is re-routed to another server. (TODO: use the x-real-ip header when available)
Description
				
					Languages
				
				
								
								
									C
								
								98%
							
						
							
								
								
									Shell
								
								2%
							
						
					