diff --git a/README.md b/README.md
index 9c0f4a5..81765f2 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,10 @@
Mesozoa is a small animal living between a reverse-proxy and a server, protecting the server from crawlers by forcing the browser to run proof of work.
+It inspects request's HTTP header and passes the socket to the server directly (zero-copy).
+
+[Try it online.](https://git.txmn.tk/tuxmain/mesozoa/commits/branch/main) (remove the cookie `mesozoa-proof` or change User-Agent to renew the experience)
+
## Why?
Why not Anubis? Because it provides no build instructions and only supports Docker.
@@ -12,14 +16,40 @@ And because it looked like a fun little project.
## Install
+### Build
+
[Install rustup](https://rustup.rs) and a nightly Rust toolchain.
cargo build --release
-Must be used behind a reverse proxy providing `X-Forwarded-For`.
+### Run
./target/release/mesozoa -c example-config.yaml
+### Apache config
+
+Note that the reverse-proxy must provide the HTTP header `X-Forwarded-For`.
+
+Add this to your virtual host:
+
+```
+ProxyPreserveHost On
+ProxyRequests Off
+ProxyTimeout 600
+
+
+ ProxySet keepalive=Off
+
+
+
+ ProxyPass http://127.0.0.1:8504/
+
+```
+
+**Note on keepalive**: When keepalive is On, connections between Apache and server are re-used, even for requests from different clients.
+This increases server performance as it reduces connection overhead, but prevents Mesozoa from intercepting HTTP headers.
+Hence we have to disable keepalive around Mesozoa. This does not prevent using keepalive between Apache and client.
+
## Challenge protocol
### Challenge generation
diff --git a/example-config.yaml b/example-config.yaml
index 78b59e7..b40acc1 100644
--- a/example-config.yaml
+++ b/example-config.yaml
@@ -17,7 +17,7 @@ challenge-timeout: 3600
# Action applied when no policy matches
# (see below for legal values)
-default-action: challenge
+default-action: allow
# Policy groups are evaluated in order.
# The first matching group stops evaluation.
diff --git a/src/main.rs b/src/main.rs
index 4ff87b7..6dbbc57 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -8,7 +8,7 @@ use http::HeaderLineIterator;
use policy::CompiledPolicies;
use rand::Rng;
-use realm_syscall::socket2::TcpKeepalive;
+// use realm_syscall::socket2::TcpKeepalive;
use regex::bytes::Regex;
use std::{net::SocketAddr, time::Duration};
use tokio::{
@@ -226,15 +226,15 @@ async fn main() {
}
async fn do_proxy(pass_addr: SocketAddr, mut client_stream: TcpStream) {
- let keepalive_dur = Duration::from_secs(15);
- let mut keepalive = TcpKeepalive::new().with_time(keepalive_dur);
- keepalive = TcpKeepalive::with_interval(keepalive, keepalive_dur);
- keepalive = TcpKeepalive::with_retries(keepalive, 3);
+ // let keepalive_dur = Duration::from_secs(15);
+ // let mut keepalive = TcpKeepalive::new().with_time(keepalive_dur);
+ // keepalive = TcpKeepalive::with_interval(keepalive, keepalive_dur);
+ // keepalive = TcpKeepalive::with_retries(keepalive, 3);
let pass_socket = realm_syscall::new_tcp_socket(&pass_addr).unwrap();
pass_socket.set_reuse_address(true).ok();
- pass_socket.set_tcp_keepalive(&keepalive).ok();
+ // pass_socket.set_tcp_keepalive(&keepalive).ok();
let pass_socket = TcpSocket::from_std_stream(pass_socket.into());