Giters

trax-retail / url-protector-nginx-module

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

URL Protector

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

Installation

git clone git@bitbucket.org:traxtechnology/url-protector-nginx-module.git
git submodule update --init --recursive
sudo apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev
sudo ./install.sh

If you want to use your custom nginx configuration you need to copy nginx_configure.sh.default to nginx_configure.sh and modify it as you wish. By default we use almost copy of prebuild configuration of nginx-1.12.0 for debian, but without additional dynamic modules.

Usage

Load modules in nginx.conf:

load_module /usr/lib/nginx/modules/ndk_http_module.so;
load_module /usr/lib/nginx/modules/ngx_http_url_protector_module.so;
load_module /usr/lib/nginx/modules/ngx_http_set_misc_module.so;

Add to server config:

location = /test {
    set_unescape_uri $arg_url_unescaped $arg_url;

    set_decryption_key 1234567890;
    set_decrypted_str $arg_decrypted_url $arg_url_unescaped;

    resolver 8.8.8.8;
    proxy_pass $arg_decrypted_url;
}

Note:

  • Path /usr/lib/nginx/modules/ may be different in your system.
  • Usually, path to your nginx.conf is /etc/nginx/nginx.conf.
  • Use your own resolver to avoid DNS spoofing attack. Use nm-tool | grep DNS to determine which one you use.
  • ngx_http_set_misc_module is used only to decode URI, but it's important for this example.

Encryption Example

const xxtea = require('xxtea-node');

const url = 'https://en.wikipedia.org/wiki/XXTEA';
const key = '1234567890';
const encryptedData = xxtea.encrypt(xxtea.toBytes(url), xxtea.toBytes(key));
const encryptedStr = new Buffer(encryptedData).toString('base64');

console.log(`http://localhost/test?url=${encodeURIComponent(encryptedStr)}`);
// http://localhost/test?url=Xhy4HUCNVpWRG4dDN1KS9Y8mrHoz6IhJBirn2qcDtl9lBGz6OiFwgA%3D%3D

Note:

  • We use xxtea-node npm package in this example.
  • Decryption key length should be not less what average URL size.
  • If your URLs are predictable, add random part to avoid chosen-plaintext attack.

Tests

sudo TEST=true ./install.sh

Dependencies

About

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

License:MIT License

Languages

Language:C 44.8%Language:Shell 30.7%Language:Perl 24.4%