29 Repos
Mechanisms for enforcing and managing access control on network proxy connections.
Distinguishing note: Focuses specifically on proxy-level access control and header management rather than general application-level authentication.
Explore 29 awesome GitHub repositories matching security & cryptography · Proxy Authentication. Refine with filters or upvote what's useful.
Dieses Projekt ist ein von der Community kuratiertes Verzeichnis von Open-Source-Software, die für den Einsatz in privaten Serverumgebungen und Home-Labs konzipiert ist. Es dient als umfassende Ressource zur Entdeckung unabhängiger, selbst gehosteter Alternativen zu gängigen Cloud-Diensten und ermöglicht es Nutzern, die volle Datenhoheit und Kontrolle über ihre digitale Infrastruktur zu behalten. Das Verzeichnis ist durch eine hierarchische Taxonomie strukturiert, die eine riesige Sammlung von Anwendungen in logische Kategorien organisiert, von Medienmanagement und Datenanalyse bis hin zu privater Kommunikation und Tools für die Teamproduktivität. Es zeichnet sich durch einen kollaborativen Peer-Review-Prozess aus, bei dem Community-Mitglieder die Qualität und Relevanz jeder Einreichung validieren, um sicherzustellen, dass das Verzeichnis korrekt und zuverlässig bleibt. Das Projekt deckt ein breites Spektrum an Fähigkeiten ab, einschließlich Infrastruktur-Automatisierung, containerbasierter Service-Bereitstellung und deklarativem Konfigurationsmanagement. Diese Tools unterstützen Nutzer bei der Aufrechterhaltung reproduzierbarer Serverumgebungen und der Verwaltung komplexer Service-Abhängigkeiten auf privater Hardware. Das Verzeichnis wird als versionskontrolliertes Repository gepflegt, wodurch sichergestellt wird, dass alle Updates und Community-gesteuerten Änderungen nachverfolgt und transparent sind.
Enforces access control and tracks usage statistics for proxy connections.
LiteLLM is a unified gateway and proxy server designed to centralize access to over one hundred language model providers. It provides a standardized API interface that abstracts vendor-specific schemas, allowing developers to interact with diverse models through a single, consistent format. By acting as a central traffic management layer, it enables organizations to route, secure, and govern model interactions across multiple deployments. The platform distinguishes itself through its policy-driven architecture, which uses configuration-based routing to manage traffic distribution, load balanc
Secures proxy access using API keys and identity providers to manage user permissions and enforce access control.
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
Enforces HTTP Basic Authentication for proxy access and automatically strips credentials before forwarding requests to upstream servers.
File Browser is a self-hosted application that provides a web-based interface for managing files and directories on a server. It functions as a virtual file system abstraction, allowing users to browse, organize, and edit text-based files directly within their browser without requiring local access to the server. The platform distinguishes itself through a comprehensive command-line interface that enables full administrative control over system configurations, user accounts, and automation hooks. It supports a flexible, event-driven architecture where custom shell scripts can be triggered aut
Supports delegating authentication to a reverse proxy by trusting specific HTTP headers.
nps is an intranet penetration proxy server that exposes internal network services to the public internet via secure TCP and UDP tunnels. It functions as a traffic forwarder and reverse proxy, enabling external access to local services, remote desktops, and internal APIs. The project is distinguished by a centralized web-based administration interface used to configure tunnels, manage user accounts, and monitor real-time bandwidth metrics. It supports domain-based request routing and provides a mechanism to secure public services using HTTPS encryption through digital certificates. The syste
Implements registration and authentication to restrict who can create and manage proxy tunnels.
Decap CMS is a headless, Git-based content management system designed to provide a visual editing interface for static site workflows. By decoupling the administrative dashboard from the frontend, it allows users to manage content stored directly in version control repositories as structured data. The system maps visual form inputs to repository files, enabling non-technical contributors to update content without requiring direct code changes. The platform distinguishes itself through its Git-centric automation, which handles content lifecycles by creating commits, branches, and pull requests
Routes administrative write operations through a secure proxy to manage Git interactions.
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Enforces and manages access control on network proxy connections using user credential validation.
This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,
Enforces access control on network proxy connections through basic authentication and API callbacks.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Exposes applications to external or internal traffic by managing authentication credentials and routing requests to configured backend services.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Forwards requests to upstream services only after verifying user identity and enforcing access policies.
Nightingale is a Prometheus-compatible monitoring and alerting platform designed to centralize telemetry management across multiple time-series databases. It functions as a multi-source alerting engine and metric data pipeline that ingests telemetry via remote write protocols and triggers alarms based on data from sources such as Prometheus, Elasticsearch, Loki, and ClickHouse. The system is distinguished by its automated alert healing system, which executes predefined scripts and RPC-based corrective actions when monitoring thresholds are breached. It supports distributed alert processing, a
Authenticates users by reading usernames from HTTP headers to embed the tool into existing platforms.
Chainlit is a Python framework designed for building and deploying interactive, stateful conversational AI interfaces. It provides a backend-driven platform that connects language models and agent frameworks to a web-based chat frontend, managing the complexities of session state, message history, and real-time communication. The framework distinguishes itself by offering a component-based UI builder that allows developers to inject interactive widgets, rich media, and data visualizations directly into the chat stream. It supports the visualization of complex agent workflows, enabling users t
Verifies user identity by intercepting request headers or tokens from host environments.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Tests usernames and passwords against HTTP proxy servers using Basic or NTLM authentication.
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
Extracts user identities and group memberships from custom HTTP headers provided by an upstream proxy.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users by trusting identity headers passed from an external authentication proxy.
naiveproxy is a censorship circumvention tool and traffic obfuscation proxy. It functions as an HTTP/2 transport proxy that tunnels SOCKS5 traffic over HTTP/2 to hide network activity and bypass network blocks. The project distinguishes itself by mimicking standard web browser requests to evade deep packet inspection. It employs traffic camouflage techniques such as redirecting unauthorized probing requests to decoy web servers and using randomized packet padding to defeat length-based traffic analysis. The software provides a local SOCKS5 proxy endpoint, credential-based request authenticat
Provides credential-based authentication to verify users before granting access to the backend proxy service.
This project is a Go-based HTTP proxy server designed as a censorship circumvention tool. It functions as an upstream proxy manager and SOCKS5 tunneling gateway that routes network traffic between clients and destination servers to bypass network restrictions. The system differentiates itself through automated proxy routing, which detects unreachable websites and automatically switches traffic between direct access and a pool of parent proxies. It includes a PAC file generator to produce proxy auto-config files for browsers and integrates SSH tunneling to establish secure remote sockets. Bro
Enforces access control on network proxy connections through credential-based validation.
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
Creates secrets to provide the credentials required for authenticating through a network proxy.
TubeArchivist is a self-hosted YouTube video archiving system and metadata indexer. It functions as a personal media library and download manager that allows users to create a searchable offline collection of videos, channels, and playlists. The system distinguishes itself by indexing subtitles, comments, and channel information for full-text search and retrieval. It features automated media synchronization to track subscriptions and playlists, ensuring new content is automatically queued and downloaded as it is published. The project provides a broad set of capabilities for digital asset ma
Delegates user identity verification to an external authentication proxy using request headers.
MTProxy ist ein Proxy-Server, der Traffic an Telegram-Server unter Verwendung des MTProto-Protokolls routet, um Netzwerkbeschränkungen zu umgehen. Er fungiert als System zur Verwaltung sicherer Verbindungen und zur Weiterleitung von Protokoll-Traffic zwischen Clients und Zielservern. Das Projekt implementiert Traffic-Obfuskation durch das Hinzufügen von zufälligem Padding zu Paketen, um Datenmuster zu maskieren und die Proxy-Nutzung vor Internetdienstanbietern zu verbergen. Es enthält zudem einen Verbindungsmanager, der den Benutzerzugriff durch die Validierung spezifischer Authentifizierungsgeheimnisse einschränkt. Das System bietet operative Observability durch die Bereitstellung von Echtzeit-Performancemetriken und Systemgesundheitsdaten über einen lokalen Port. Es handhabt das Relaying von Raw-Byte-Streams und spezialisiertes Protokoll-Routing, um die Konnektivität aufrechtzuerhalten.
Enforces access control on proxy connections by requiring specific authentication secrets.