Configure JavaScript Challenge

Objective

This guide provides instructions on how to configure the javascript challenge for the application traffic. The javascript challenge functionality enables the load balancer to perform client browser compatibility test by redirecting to a page with javascript. For more information on the loadbalancer, see Load Balancing and Service Mesh.

Enabling this functionality allows only those clients that are capable of executing javascript(mostly browsers) to complete the HTTP request.

When load balancer is configured to execute javascript challenge, it redirects the browser to a HTML page embedded with javascript for every new HTTP request. The Load balancer chooses a set of random numbers for every new client and sends these numbers along with an encrypted answer with the request such that it embed these numbers as input in the javascript.

Javascript runs on the browser of requestor and performs a complex mathematical operation. The script submits the answer to the load balancer. Load balancer validates the answer by comparing the calculated answer with the decrypted answer (which was encrypted when it was sent back as reply) and allows the request to the upstream server only if the answer is correct.

The load balancer tags response header with a cookie to avoid javascript challenge for subsequent requests.

The javascript challenge serves following purposes:

  • Validate that the request is coming from a browser that is capable of running javascript
  • Force the browser to run a complex operation that requires it to spend a large number of CPU cycles. This slows down a potential DoS attack by making it difficult to launch a large request flood without having to spend even larger CPU cost at their end.

Prerequisites

The following prerequisites apply:


Configuration

Enabling the javascript challenge requires you to prepare a custom message page encoded in Base64 format and apply it in the virtual host configuration.

Configuration Sequence

Enabling javascript challenge requires you to perform the following sequence of actions.

Phase Description
Prepare Custom Page for Redirection. Prepare a page to which the load balancer redirects.
Enable JavaScript Challenge Apply the custom page in virtual host configuration.

Prepare Custom Page for Redirection

The load balancer (virtual host) requires to redirect to a page with custom message in plain text or a HTML element such as a paragraph while performing the javascript challenge. Perform the following to prepare a custom message.

Step 1: Create a HTML file your message in plain text or embedded in a HTML element such as paragraph. This example shows a sample message in a paragraph element stored in the test-redirect file.

<p>

Hello !!! Please wait 

</p>

Step 2: Convert the file using Base64 encoding and store the output string for later use.

openssl base64 -in test-redirect

PHA+CgpIZWxsbyAhISEgUGxlYXNlIHdhaXQgCgo8L3A+Cg==

Enable JavaScript Challenge

Step 1: Log into the Volterra console and change to your namespace. Select Manage from the configuration menu and Virtual Hosts in the options. Click ... -> Edit against your virtual host to open virtual host configuration form.

Vhedit
Figure: Edit Configuration of Virtual Host

Step 2: Scroll down the configuration form and click the Javascript Challenge option to open the javascript challenge configuration form.

VhJSC
Figure: Virtual Host Javascript Challenge Option

Step 3: Enter the configuration values in the javascript challenge form as per the following guidelines:

  • Select the Enable checkbox to turn the javascript challenge on.
  • Enter a value in the Javascript Delay field in milliseconds. This example shows 1000 milliseconds.
  • Enter value in the Cookie Expiry period in seconds. The load balancer performs javascript challenge again after cookie expiry.

Note: Once javascript challenge is performed, the subsequent requests do not undergo the javascript challenge till the cookie expiry.

  • Enter the Base64 encoded string in the Custom page for Javascript Challenge Redirect field. The string must be entered in the string:///<Base64 String> format.

Note: Use the Base64 string generated in the Prepare Custom Page for Redirection chapter and prepend the string:/// string to it.

VhJSCFileds
Figure: Javascript Challenge Configuration Fields

Step 4: Click Apply to enable the javascript configuration. Click Save changes to apply the configuration to virtual host.


Verify JavaScript Challenge Functionality

After enabling javascript challenge functionality, you can send request to the application website from a browser and check if the virtual host redirects to the page you configured.

Step 1: Send request from the browser to your application site by loading the domain specified in the virtual host configuration. This example shows the request for the bookstore application deployed.

VhRedirJSC
Figure: Javascript Challenge Redirection Message Page

Step 2: After the configured delay, verify if the virtual host redirects to your application site. This example shows that after the delay of 1000 milliseconds, the virtual host loads the requested bookstore application page.

VhRedirtoApp
Figure: Javascript Challenge Redirection Message Page

Note: You can check the status of the javascript challenge functionality for any issues using the ...->Show Status option of the virtual host.


Concepts


API References