Configure JavaScript Challenge
On This Page:
Objective
This guide provides instructions on how to configure the javascript challenge for the application traffic. The javascript challenge functionality enables the load balancer to perform client browser compatibility test by redirecting to a page with javascript. For more information on the load balancer, see Load Balancing and Service Mesh.
Enabling this functionality allows only those clients that are capable of executing javascript(mostly browsers) to complete the HTTP request.
When load balancer is configured to execute javascript challenge, it redirects the browser to a HTML page embedded with javascript for every new HTTP request. The Load balancer chooses a set of random numbers for every new client and sends these numbers along with an encrypted answer with the request such that it embed these numbers as input in the javascript.
Javascript runs on the browser of requestor and performs a complex mathematical operation. The script submits the answer to the load balancer. Load balancer validates the answer by comparing the calculated answer with the decrypted answer (which was encrypted when it was sent back as reply) and allows the request to the upstream server only if the answer is correct.
The load balancer tags response header with a cookie to avoid javascript challenge for subsequent requests.
The javascript challenge serves following purposes:
- Validate that the request is coming from a browser that is capable of running javascript
- Force the browser to run a complex operation that requires it to spend a large number of CPU cycles. This slows down a potential DoS attack by making it difficult to launch a large request flood without having to spend even larger CPU cost at their end.
Prerequisites
The following prerequisites apply:
- Note: If you do not have an account, see Create an Account.
- A HTTP load balancer advertising your application.
- Note: See HTTP Load Balancer for instructions on configuring HTTP load balancer. See Deploy for deploying your applications in a Distributed Cloud network cloud or edge cloud.
Configuration
Enabling the javascript challenge requires you to optionally prepare a custom message page encoded in Base64 format and apply it in the HTTP load balancer configuration. This example shows preparing a custom page and enabling the javascript challenge with it.
Configuration Sequence
Enabling javascript challenge requires you to perform the following sequence of actions.
Phase | Description |
---|---|
Prepare Custom Page for Redirection. | Prepare a page to which the load balancer redirects. |
Enable JavaScript Challenge | Apply the custom page in load balancer configuration. |
Prepare Custom Page for Redirection
The load balancer redirects to a page with default message or a custom message while performing the javascript challenge. The custom message can be in plain text or a HTML element such as a paragraph and applied to the load balancer through its configuration option. This example shows preparing a custom message in HTML paragraph.
Perform the following to prepare a custom message.
Step 1: Create a file with your custom message.
Create a file with your message in plain text or embedded in a HTML element such as paragraph. This example shows a sample message in a paragraph element stored in the test-redirect
file.
<p>
Hello !!! Please wait
</p>
Step 2: Apply Base64 encoding to the file.
Convert the file using Base64 encoding and store the output string for later use.
openssl base64 -in test-redirect
PHA+CgpIZWxsbyAhISEgUGxlYXNlIHdhaXQgCgo8L3A+Cg==
Enable JavaScript Challenge
Step 1: Navigate to the HTTP Load Balancers page.
- Select the
Load Balancers
service. - Select the desired namespace from the
Namespace
drop-down menu. - Navigate to
Manage
->Load Balancers
->HTTP Load Balancers
.
Step 2: Enable security options and select javascript challenge.
- Click
...
->Edit
for your load balancer to open its configuration edit form. - Scroll down to the
Security Configuration
section and enableShow Advanced Fields
. - Select the
Javascript Challenge
option from the list of options for theSelect Type of Challenge
field.
- Click
Configure
to open javascript challenge configuration form.
Step 3: Set javascript challenge fields.
- In the
Javascript Challenge Parameters
section, enableShow Advanced Fields
. - Enter a value in the
Javascript Delay
field in milliseconds. This example sets 2000 milliseconds. - Enter value in the
Cookie Expiration Period
in seconds. The load balancer performs javascript challenge again after cookie expiration.
Note: Once javascript challenge is performed, the subsequent requests do not undergo the javascript challenge until the cookie expiration.
- Enter the Base64 encoded string in the
Custom Message for Javascript Challenge
field. The string must be entered in thestring:///<Base64 String>
format.
Note: Use the Base64 string generated in the Prepare Custom Page for Redirection chapter and prepend the
string:///
string to it.
Step 4: Complete enabling javascript challenge.
Click Apply
to enable the javascript configuration. Click Save and Exit
to apply the configuration to load balancer.
Verify JavaScript Challenge Functionality
After enabling javascript challenge functionality, you can send request to the application domain from a browser and check if the load balancer redirects to the page you configured.
Step 1: Send request from the browser to your application domain.
Send a request by loading the domain specified in the load balancer configuration. This example shows the request for the hipster
application deployed.
Step 2: Verify the javascript challenge.
Check if the custom page you configured is displayed. After the configured delay, verify if the load balancer redirects to your application site. This example shows that after the delay, the load balancer loads the requested hipster
application page.
Note: You can check the status of the javascript challenge functionality for any issues. Go to the
HTTP Load Balancers
page and use the...
->Show Child Objects
option of the load balancer. Then switch to theStatus
tab and use the drop down to show route status for a particular site.