Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement ability to send js challenge according custom rules #2104

Open
EvgeniiMekhanik opened this issue Apr 18, 2024 · 2 comments · May be fixed by #2131
Open

Implement ability to send js challenge according custom rules #2104

EvgeniiMekhanik opened this issue Apr 18, 2024 · 2 comments · May be fixed by #2131
Labels
enhancement
Milestone
0.9 - LA

Comments

@EvgeniiMekhanik
Copy link
Contributor

Currently if js challenge is enabled in our config we send js challenge to client on challengeble request (request with Accept header text/html). However, in CloudFare this is implemented differently. CloudFare allow the administrator to set up rules (which can be very defferent) according to which a challenge is sent to the client. It is a very good implementation, so we decide to implement the same ability in our config
@EvgeniiMekhanik EvgeniiMekhanik self-assigned this Apr 18, 2024
@EvgeniiMekhanik EvgeniiMekhanik added this to the 0.9 - LA milestone Apr 18, 2024
@krizhanovsky
Copy link
Contributor

krizhanovsky commented Apr 18, 2024
edited
Loading

We discussed in the chat that we should add a new ACTION for HTTPtables - jsch. I.e. we can write rules like

http_chain {
    hdr "accept" == '*; */*' -> jsch;
    mark == 1 -> jsch;

Please note that */* in the first rule can be in any place of the the value, so we might need something like '*/*', so we need #496 for this (there is no strict dependency, but we do need regexps for real work with HTTPtables).

Also please create a functional tests for this feature or a task for the tests.

This JSCH usage should be deployed on our website

With the discussion #2025 (comment) need to add a best practice examples to the Wiki how to properly configure JSCH based on Accept header. E.g. see https://developers.cloudflare.com/waf/reference/cloudflare-challenges/

@krizhanovsky krizhanovsky mentioned this issue May 1, 2024
Merged
@biathlon3 biathlon3 linked a pull request Jun 7, 2024 that will close this issue
Implementation of the ability to send js challenge according with custom rules. #2131
Open
@biathlon3 biathlon3 mentioned this issue Jun 7, 2024
Open
@krizhanovsky krizhanovsky assigned ttaym and unassigned biathlon3 Sep 6, 2024
@krizhanovsky
Copy link
Contributor

#2131 is the appropriate PR. tempesta-tech/tempesta-test#626 is the testing issue and is the PR for this tempesta-tech/tempesta-test#627

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
0.9 - LA
4 participants
@krizhanovsky @ttaym @EvgeniiMekhanik @biathlon3