Skip to content
/ url-protector-nginx-module Public

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

License

MIT license
9 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

trax-retail/url-protector-nginx-module

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
images
images
 
 
module
module
 
 
t
t
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 
nginx_configure.sh.default
nginx_configure.sh.default
 
 

Repository files navigation

URL Protector

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

Installation

git clone git@bitbucket.org:traxtechnology/url-protector-nginx-module.git
git submodule update --init --recursive
sudo apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev
sudo ./install.sh

If you want to use your custom nginx configuration you need to copy nginx_configure.sh.default to nginx_configure.sh and modify it as you wish. By default we use almost copy of prebuild configuration of nginx-1.12.0 for debian, but without additional dynamic modules.

Usage

Load modules in nginx.conf:

load_module /usr/lib/nginx/modules/ndk_http_module.so;
load_module /usr/lib/nginx/modules/ngx_http_url_protector_module.so;
load_module /usr/lib/nginx/modules/ngx_http_set_misc_module.so;

Add to server config:

location = /test {
    set_unescape_uri $arg_url_unescaped $arg_url;

    set_decryption_key 1234567890;
    set_decrypted_str $arg_decrypted_url $arg_url_unescaped;

    resolver 8.8.8.8;
    proxy_pass $arg_decrypted_url;
}

Note:

  • Path /usr/lib/nginx/modules/ may be different in your system.
  • Usually, path to your nginx.conf is /etc/nginx/nginx.conf.
  • Use your own resolver to avoid DNS spoofing attack. Use nm-tool | grep DNS to determine which one you use.
  • ngx_http_set_misc_module is used only to decode URI, but it's important for this example.

Encryption Example

const xxtea = require('xxtea-node');

const url = 'https://en.wikipedia.org/wiki/XXTEA';
const key = '1234567890';
const encryptedData = xxtea.encrypt(xxtea.toBytes(url), xxtea.toBytes(key));
const encryptedStr = new Buffer(encryptedData).toString('base64');

console.log(`http://localhost/test?url=${encodeURIComponent(encryptedStr)}`);
// http://localhost/test?url=Xhy4HUCNVpWRG4dDN1KS9Y8mrHoz6IhJBirn2qcDtl9lBGz6OiFwgA%3D%3D

Note:

  • We use xxtea-node npm package in this example.
  • Decryption key length should be not less what average URL size.
  • If your URLs are predictable, add random part to avoid chosen-plaintext attack.

Tests

sudo TEST=true ./install.sh

Dependencies

About

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

9 stars

Watchers

38 watching

Forks

5 forks
Report repository

Releases 1

v1.0 Latest
Sep 19, 2017

Packages

No packages published

Languages