Home

Awesome

URL Protector

This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

Installation

git clone git@bitbucket.org:traxtechnology/url-protector-nginx-module.git
git submodule update --init --recursive
sudo apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev
sudo ./install.sh

If you want to use your custom nginx configuration you need to copy nginx_configure.sh.default to nginx_configure.sh and modify it as you wish. By default we use almost copy of prebuild configuration of nginx-1.12.0 for debian, but without additional dynamic modules.

Usage

Load modules in nginx.conf:

load_module /usr/lib/nginx/modules/ndk_http_module.so;
load_module /usr/lib/nginx/modules/ngx_http_url_protector_module.so;
load_module /usr/lib/nginx/modules/ngx_http_set_misc_module.so;

Add to server config:

location = /test {
    set_unescape_uri $arg_url_unescaped $arg_url;

    set_decryption_key 1234567890;
    set_decrypted_str $arg_decrypted_url $arg_url_unescaped;

    resolver 8.8.8.8;
    proxy_pass $arg_decrypted_url;
}

Note:

Encryption Example

const xxtea = require('xxtea-node');

const url = 'https://en.wikipedia.org/wiki/XXTEA';
const key = '1234567890';
const encryptedData = xxtea.encrypt(xxtea.toBytes(url), xxtea.toBytes(key));
const encryptedStr = new Buffer(encryptedData).toString('base64');

console.log(`http://localhost/test?url=${encodeURIComponent(encryptedStr)}`);
// http://localhost/test?url=Xhy4HUCNVpWRG4dDN1KS9Y8mrHoz6IhJBirn2qcDtl9lBGz6OiFwgA%3D%3D

Note:

Tests

sudo TEST=true ./install.sh

Dependencies