~ryanford/lua-resty-tarpit

lua-resty-tarpit - capture and delay unwanted requests
47836ef3 — Ryan Ford 2 months ago
use non dev version
03fa78c3 — Ryan Ford 2 months ago
use 3 space indents in codeblocks
5ba247cd — Ryan Ford 2 months ago
format markdown

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~ryanford/lua-resty-tarpit
read/write
git@git.sr.ht:~ryanford/lua-resty-tarpit

You can also use your local clone with git send-email.

#Name

lua-resty-tarpit - capture and delay unwanted requests

#Credit to Original Author

This repo and the accompanying "rock" is just a repackage of Robert Paprocki's (p0pr0ck5) excellent original work meant to be more accessible to those using Luarocks in lieu of OPM. In addition to the different file structure, I have opted to use NGINX's 444 "silent fail" instead of the rather cheeky 418 "I'm a teapot" response for slowed response failures. Any additional changes are plainly available in the git history.

#Status

The original author claims (at time of fork) that:

lua-resty-tarpit is in early development and is considered production ready.

I do not have plans to further develop their work, and present this "as is" for all intents.

#Description

lua-resty-tarpit provides rate-limit protection for sensitive resources. It leverages Nginx's non-blocking archtitecture to artificially increase response latency for resources that are repeatedly accessed. This functionality is designed to protect resources that are publicly accessible, but vulnerable to some form of brute-force attack (e.g., web application admnistrative login pages). It was inspired by the TARPIT iptables module.

#Installation

luarocks install lua-resty-tarpit

#Synopsis

http {
   lua_shared_dict tarpit 10m;
}

server {
   location /login { # or whatever resource you want to protect
      access_by_lua '
         local t = require "tarpit"
         t.tarpit(
            5, -- request limit
            5, -- reset timer
            1, -- delay time
         )
      ';
   }
}

#Limitations

This repo is provided "as is" at the time of forking. The original author claims:

lua-resty-tarpit is undergoing continual development and improvement, and as such, may be limited in its functionality and performance. Currently known limitations can be found within the issue tracker for this repo.

#License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/

#Bugs

Please report bugs by creating a ticket with the issue tracker.