New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
TODO: List for myself #29
Labels
help wanted
Extra attention is needed
Comments
C0nw0nk
added a commit
that referenced
this issue
Apr 1, 2020
Performance boost remove last couple of instances of `table.insert` to tick of my TODO list. #29 The performance gained by removing `table.insert` can be seen here. https://springrts.com/wiki/Lua_Performance#TEST_12:_Adding_Table_Items_.28table.insert_vs._.5B_.5D.29 Moved localized variables to top of script since some `os.` , `tostring` and `math.` functions operate in the script configuration section meaning they did not get the performance gains and had to do a meta table look up for the function every run this will boost performance for those too.
C0nw0nk
added a commit
that referenced
this issue
Apr 5, 2020
Added Feature : WAF Web Application Firewall POST Request arguments filter to improve the security and protection of backends and server services behind my script allowing you to block and filter out unwanted POST data from HTML fields and forms to your sites. You can create regex patterns and strings to match SQL injections unwanted code etc. #29 Ticked of the TODO List. Modification : User-Agent strings configuration so that they will match the Regex patterns and showing users how to escape special characters in Regex for Lua with a percentage symbol `%`
Closed
C0nw0nk
added a commit
that referenced
this issue
Apr 21, 2020
WAF Features added : Added ability to inspect URL for malicious content SQL/SQI Injections XSS attacks / exploits. Added ability to inspect query strings and arguements for malicious content / exploits. Added ability to inspect all Request Headers provided by the client connecting. Added ability to inspect cookies for exploits. Marked of the TODO list : #29 Added Feature to pass IP to backend in existing headers like Cloudflare and Such CDN's do https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP- Added Feature to modify headers on site URL's Paths Query Strings etc the reason for this is to strip out unwanted header values that could expose the software the server runs like the "Server" header and to add in custom headers to responses like to get clients to Cache files to save server / site bandwidth and resources.
tks your opensource |
how can I contact you? |
same here, any contact details would be awesome! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A TODO List of things i want to improve and have completed in improving. 馃憡
Performance Optimizations
Remove
table.insert
Here you can see the performance i made the script gain by removingtable.insert
https://springrts.com/wiki/Lua_Performance#TEST_12:_Adding_Table_Items_.28table.insert_vs._.5B_.5D.29 If you think about millions of requests that is a huge impact.Remove uses of
pairs
andipairs
in foreach loops to gain performance. https://springrts.com/wiki/Lua_Performance#TEST_9:_for-loopsReplace
string.gsub
withngx.re.gsub
for cached regex uses Having serious issues with the last couple of instances in my script this is proving to be a night mare to use overstring.gsub
.https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L1432
https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L1437
Anti-DDoS Features
Limit connections / Max requests from an IP to a configurable number lets say 1000 requests a second can also set custom paths, domains, urls etc to protect with this. Completed to be pushed out with update still I am going to finish the Auto feature before releasing this since it is all rolled up in one.
Finish building automated Anti-DDoS detection 10% complete so far.
Rather than manually having to turn the script on / off for certain sites file paths etc the script will have the inteligence to do it itself. Something Cloudflare and such companies also lack in is the ability to have this automated feature to them by the time your under attack its to late your site has been down for some time this feature will prevent the down time.
Increase Web Application Firewall Features
IPv4 and IPv6 blocking and whitelisting including subnet ranges.
User-Agent blocking and whitelisting to block bad bots and exploits / scanners.
Add ability to inspect POST Data / Fields and block malicious POST requests / exploits.
Add ability to inspect URL for malicious content SQL/SQI Injections XSS attacks / exploits.
Add ability to inspect query strings and arguements for malicious content / exploits.
Add ability to inspect all Request Headers provided by the client connecting.
Add ability to inspect cookies for exploits.
Caching Speed and Performance Features
Query String Sorting I was inspired by Cloudflare to build this feature and add it in it is a really useful cool and effective speed feature for all websites Cloudflares loss is that they charge people $3000 dollars for it what is a disgusting thing to do so i give it to you all for free. https://blog.cloudflare.com/increasing-cache-hit-rates-with-query-string-sort/ Added ee2320e
Query String Whitelist Added ee2320e
Query String Removal (It is a blacklist but it will just drop / remove the argument from the URL not block the request) Added ee2320e
The text was updated successfully, but these errors were encountered: