Open EvgeniiMekhanik opened 2 months ago
We discussed in the chat that we should add a new ACTION
for HTTPtables - jsch
. I.e. we can write rules like
http_chain {
hdr "accept" == '*; */*' -> jsch;
mark == 1 -> jsch;
Please note that */*
in the first rule can be in any place of the the value, so we might need something like '*/*', so we need #496 for this (there is no strict dependency, but we do need regexps for real work with HTTPtables).
Also please create a functional tests for this feature or a task for the tests.
This JSCH usage should be deployed on our website
With the discussion https://github.com/tempesta-tech/tempesta/pull/2025#discussion_r1536913848 need to add a best practice examples to the Wiki how to properly configure JSCH based on Accept header. E.g. see https://developers.cloudflare.com/waf/reference/cloudflare-challenges/
Currently if js challenge is enabled in our config we send js challenge to client on challengeble request (request with Accept header text/html). However, in CloudFare this is implemented differently. CloudFare allow the administrator to set up rules (which can be very defferent) according to which a challenge is sent to the client. It is a very good implementation, so we decide to implement the same ability in our config