Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TODO: List for myself #29

Open
13 of 15 tasks
C0nw0nk opened this issue Mar 26, 2020 · 3 comments
Open
13 of 15 tasks

TODO: List for myself #29

C0nw0nk opened this issue Mar 26, 2020 · 3 comments
Assignees
@C0nw0nk
Labels
help wanted Extra attention is needed

Comments

@C0nw0nk
Copy link
Owner

C0nw0nk commented Mar 26, 2020
edited

A TODO List of things i want to improve and have completed in improving. 馃憡

Performance Optimizations

Anti-DDoS Features

  • Limit connections / Max requests from an IP to a configurable number lets say 1000 requests a second can also set custom paths, domains, urls etc to protect with this. Completed to be pushed out with update still I am going to finish the Auto feature before releasing this since it is all rolled up in one.

  • Finish building automated Anti-DDoS detection 10% complete so far.
    Rather than manually having to turn the script on / off for certain sites file paths etc the script will have the inteligence to do it itself. Something Cloudflare and such companies also lack in is the ability to have this automated feature to them by the time your under attack its to late your site has been down for some time this feature will prevent the down time.

Increase Web Application Firewall Features

  • IPv4 and IPv6 blocking and whitelisting including subnet ranges.

  • User-Agent blocking and whitelisting to block bad bots and exploits / scanners.

  • Add ability to inspect POST Data / Fields and block malicious POST requests / exploits.

  • Add ability to inspect URL for malicious content SQL/SQI Injections XSS attacks / exploits.

  • Add ability to inspect query strings and arguements for malicious content / exploits.

  • Add ability to inspect all Request Headers provided by the client connecting.

  • Add ability to inspect cookies for exploits.

Caching Speed and Performance Features

  • Query String Sorting I was inspired by Cloudflare to build this feature and add it in it is a really useful cool and effective speed feature for all websites Cloudflares loss is that they charge people $3000 dollars for it what is a disgusting thing to do so i give it to you all for free. https://blog.cloudflare.com/increasing-cache-hit-rates-with-query-string-sort/ Added ee2320e

  • Query String Whitelist Added ee2320e

  • Query String Removal (It is a blacklist but it will just drop / remove the argument from the URL not block the request) Added ee2320e
@C0nw0nk C0nw0nk added the help wanted Extra attention is needed label Mar 26, 2020
@C0nw0nk C0nw0nk self-assigned this Mar 26, 2020
@C0nw0nk C0nw0nk pinned this issue Mar 29, 2020
C0nw0nk added a commit that referenced this issue Apr 1, 2020
@C0nw0nk
Update anti_ddos_challenge.lua
71a2697 
Performance boost remove last couple of instances of `table.insert` to tick of my TODO list. #29

The performance gained by removing `table.insert` can be seen here. https://springrts.com/wiki/Lua_Performance#TEST_12:_Adding_Table_Items_.28table.insert_vs._.5B_.5D.29

Moved localized variables to top of script since some `os.` , `tostring` and `math.` functions operate in the script configuration section meaning they did not get the performance gains and had to do a meta table look up for the function every run this will boost performance for those too.
C0nw0nk added a commit that referenced this issue Apr 5, 2020
@C0nw0nk
Update anti_ddos_challenge.lua
a676eb6 
Added Feature : WAF Web Application Firewall POST Request arguments filter to improve the security and protection of backends and server services behind my script allowing you to block and filter out unwanted POST data from HTML fields and forms to your sites. You can create regex patterns and strings to match SQL injections unwanted code etc. #29 Ticked of the TODO List.

Modification : User-Agent strings configuration so that they will match the Regex patterns and showing users how to escape special characters in Regex for Lua with a percentage symbol `%`
@C0nw0nk C0nw0nk mentioned this issue Apr 8, 2020
Closed
C0nw0nk added a commit that referenced this issue Apr 21, 2020
@C0nw0nk
Update anti_ddos_challenge.lua
1a67833 
WAF Features added :
Added ability to inspect URL for malicious content SQL/SQI Injections XSS attacks / exploits.
Added ability to inspect query strings and arguements for malicious content / exploits.
Added ability to inspect all Request Headers provided by the client connecting.
Added ability to inspect cookies for exploits.

Marked of the TODO list : #29

Added Feature to pass IP to backend in existing headers like Cloudflare and Such CDN's do https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-

Added Feature to modify headers on site URL's Paths Query Strings etc the reason for this is to strip out unwanted header values that could expose the software the server runs like the "Server" header and to add in custom headers to responses like to get clients to Cache files to save server / site bandwidth and resources.
@chenluyong
Copy link

tks your opensource

@dwabs
Copy link

dwabs commented Jul 29, 2020

how can I contact you?

@venomone
Copy link

same here, any contact details would be awesome!

@C0nw0nk C0nw0nk unpinned this issue Jul 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@C0nw0nk C0nw0nk

Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@C0nw0nk @chenluyong @dwabs @venomone