28 repositorios
Mechanisms for enforcing and managing access control on network proxy connections.
Distinguishing note: Focuses specifically on proxy-level access control and header management rather than general application-level authentication.
Explore 28 awesome GitHub repositories matching security & cryptography · Proxy Authentication. Refine with filters or upvote what's useful.
Este proyecto es un directorio curado por la comunidad de software de código abierto diseñado para su implementación en entornos de servidores privados y laboratorios domésticos. Sirve como un recurso integral para descubrir alternativas independientes y autohospedadas a los servicios en la nube convencionales, permitiendo a los usuarios mantener la propiedad total de los datos y el control sobre su infraestructura digital. El directorio está estructurado a través de una taxonomía jerárquica que organiza una vasta colección de aplicaciones en categorías lógicas, que van desde la gestión de medios y análisis de datos hasta la comunicación privada y herramientas de productividad en equipo. Se distingue por un proceso de revisión por pares colaborativo, donde los miembros de la comunidad validan la calidad y relevancia de cada envío para garantizar que el directorio siga siendo preciso y confiable. El proyecto cubre una amplia superficie de capacidades, incluyendo automatización de infraestructura, implementación de servicios basados en contenedores y gestión de configuración declarativa. Estas herramientas ayudan a los usuarios a mantener entornos de servidor reproducibles y gestionar dependencias de servicios complejas en hardware privado. El directorio se mantiene como un repositorio con control de versiones, asegurando que todas las actualizaciones y cambios impulsados por la comunidad sean rastreados y transparentes.
Enforces access control and tracks usage statistics for proxy connections.
LiteLLM is a unified gateway and proxy server designed to centralize access to over one hundred language model providers. It provides a standardized API interface that abstracts vendor-specific schemas, allowing developers to interact with diverse models through a single, consistent format. By acting as a central traffic management layer, it enables organizations to route, secure, and govern model interactions across multiple deployments. The platform distinguishes itself through its policy-driven architecture, which uses configuration-based routing to manage traffic distribution, load balanc
Secures proxy access using API keys and identity providers to manage user permissions and enforce access control.
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
Enforces HTTP Basic Authentication for proxy access and automatically strips credentials before forwarding requests to upstream servers.
File Browser is a self-hosted application that provides a web-based interface for managing files and directories on a server. It functions as a virtual file system abstraction, allowing users to browse, organize, and edit text-based files directly within their browser without requiring local access to the server. The platform distinguishes itself through a comprehensive command-line interface that enables full administrative control over system configurations, user accounts, and automation hooks. It supports a flexible, event-driven architecture where custom shell scripts can be triggered aut
Supports delegating authentication to a reverse proxy by trusting specific HTTP headers.
nps is an intranet penetration proxy server that exposes internal network services to the public internet via secure TCP and UDP tunnels. It functions as a traffic forwarder and reverse proxy, enabling external access to local services, remote desktops, and internal APIs. The project is distinguished by a centralized web-based administration interface used to configure tunnels, manage user accounts, and monitor real-time bandwidth metrics. It supports domain-based request routing and provides a mechanism to secure public services using HTTPS encryption through digital certificates. The syste
Implements registration and authentication to restrict who can create and manage proxy tunnels.
Decap CMS is a headless, Git-based content management system designed to provide a visual editing interface for static site workflows. By decoupling the administrative dashboard from the frontend, it allows users to manage content stored directly in version control repositories as structured data. The system maps visual form inputs to repository files, enabling non-technical contributors to update content without requiring direct code changes. The platform distinguishes itself through its Git-centric automation, which handles content lifecycles by creating commits, branches, and pull requests
Routes administrative write operations through a secure proxy to manage Git interactions.
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Enforces and manages access control on network proxy connections using user credential validation.
This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,
Enforces access control on network proxy connections through basic authentication and API callbacks.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Exposes applications to external or internal traffic by managing authentication credentials and routing requests to configured backend services.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Forwards requests to upstream services only after verifying user identity and enforcing access policies.
Nightingale is a Prometheus-compatible monitoring and alerting platform designed to centralize telemetry management across multiple time-series databases. It functions as a multi-source alerting engine and metric data pipeline that ingests telemetry via remote write protocols and triggers alarms based on data from sources such as Prometheus, Elasticsearch, Loki, and ClickHouse. The system is distinguished by its automated alert healing system, which executes predefined scripts and RPC-based corrective actions when monitoring thresholds are breached. It supports distributed alert processing, a
Authenticates users by reading usernames from HTTP headers to embed the tool into existing platforms.
Chainlit is a Python framework designed for building and deploying interactive, stateful conversational AI interfaces. It provides a backend-driven platform that connects language models and agent frameworks to a web-based chat frontend, managing the complexities of session state, message history, and real-time communication. The framework distinguishes itself by offering a component-based UI builder that allows developers to inject interactive widgets, rich media, and data visualizations directly into the chat stream. It supports the visualization of complex agent workflows, enabling users t
Verifies user identity by intercepting request headers or tokens from host environments.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Tests usernames and passwords against HTTP proxy servers using Basic or NTLM authentication.
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
Extracts user identities and group memberships from custom HTTP headers provided by an upstream proxy.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users by trusting identity headers passed from an external authentication proxy.
naiveproxy is a censorship circumvention tool and traffic obfuscation proxy. It functions as an HTTP/2 transport proxy that tunnels SOCKS5 traffic over HTTP/2 to hide network activity and bypass network blocks. The project distinguishes itself by mimicking standard web browser requests to evade deep packet inspection. It employs traffic camouflage techniques such as redirecting unauthorized probing requests to decoy web servers and using randomized packet padding to defeat length-based traffic analysis. The software provides a local SOCKS5 proxy endpoint, credential-based request authenticat
Provides credential-based authentication to verify users before granting access to the backend proxy service.
This project is a Go-based HTTP proxy server designed as a censorship circumvention tool. It functions as an upstream proxy manager and SOCKS5 tunneling gateway that routes network traffic between clients and destination servers to bypass network restrictions. The system differentiates itself through automated proxy routing, which detects unreachable websites and automatically switches traffic between direct access and a pool of parent proxies. It includes a PAC file generator to produce proxy auto-config files for browsers and integrates SSH tunneling to establish secure remote sockets. Bro
Enforces access control on network proxy connections through credential-based validation.
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
Creates secrets to provide the credentials required for authenticating through a network proxy.
TubeArchivist is a self-hosted YouTube video archiving system and metadata indexer. It functions as a personal media library and download manager that allows users to create a searchable offline collection of videos, channels, and playlists. The system distinguishes itself by indexing subtitles, comments, and channel information for full-text search and retrieval. It features automated media synchronization to track subscriptions and playlists, ensuring new content is automatically queued and downloaded as it is published. The project provides a broad set of capabilities for digital asset ma
Delegates user identity verification to an external authentication proxy using request headers.
MTProxy es un servidor proxy que enruta el tráfico a los servidores de Telegram utilizando el protocolo MTProto para eludir las restricciones de red. Funciona como un sistema para gestionar conexiones seguras y reenviar tráfico de protocolo entre clientes y servidores de destino. El proyecto implementa la ofuscación de tráfico añadiendo relleno aleatorio a los paquetes para enmascarar patrones de datos y ocultar el uso del proxy a los proveedores de servicios de internet. También incluye un gestor de conexiones que restringe el acceso de los usuarios mediante la validación de secretos de autenticación específicos. El sistema proporciona observabilidad operativa exponiendo métricas de rendimiento en tiempo real y datos de salud del sistema a través de un puerto local. Maneja el retransmisión de flujos de bytes sin procesar y el enrutamiento de protocolos especializados para mantener la conectividad.
Enforces access control on proxy connections by requiring specific authentication secrets.