29 个仓库
Mechanisms for enforcing and managing access control on network proxy connections.
Distinguishing note: Focuses specifically on proxy-level access control and header management rather than general application-level authentication.
Explore 29 awesome GitHub repositories matching security & cryptography · Proxy Authentication. Refine with filters or upvote what's useful.
这是一个由社区策划的开源软件目录,专为在私有服务器环境和家庭实验室中部署而设计。它作为发现主流云服务独立自托管替代方案的综合资源,使用户能够保持对数字基础设施的完全数据所有权和控制权。 该目录通过层级分类法构建,将庞大的应用程序集合组织成逻辑类别,范围从媒体管理和数据分析到私有通信和团队生产力工具。它通过协作同行评审流程脱颖而出,社区成员验证每个提交的质量和相关性,以确保目录保持准确和可靠。 该项目涵盖了广泛的能力领域,包括基础设施自动化、基于容器的服务部署和声明式配置管理。这些工具协助用户维护可复现的服务器环境,并管理私有硬件上的复杂服务依赖。 该目录作为版本控制仓库进行维护,确保所有更新和社区驱动的变更都是可追踪且透明的。
Enforces access control and tracks usage statistics for proxy connections.
LiteLLM is a unified gateway and proxy server designed to centralize access to over one hundred language model providers. It provides a standardized API interface that abstracts vendor-specific schemas, allowing developers to interact with diverse models through a single, consistent format. By acting as a central traffic management layer, it enables organizations to route, secure, and govern model interactions across multiple deployments. The platform distinguishes itself through its policy-driven architecture, which uses configuration-based routing to manage traffic distribution, load balanc
Secures proxy access using API keys and identity providers to manage user permissions and enforce access control.
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
Enforces HTTP Basic Authentication for proxy access and automatically strips credentials before forwarding requests to upstream servers.
File Browser is a self-hosted application that provides a web-based interface for managing files and directories on a server. It functions as a virtual file system abstraction, allowing users to browse, organize, and edit text-based files directly within their browser without requiring local access to the server. The platform distinguishes itself through a comprehensive command-line interface that enables full administrative control over system configurations, user accounts, and automation hooks. It supports a flexible, event-driven architecture where custom shell scripts can be triggered aut
Supports delegating authentication to a reverse proxy by trusting specific HTTP headers.
nps is an intranet penetration proxy server that exposes internal network services to the public internet via secure TCP and UDP tunnels. It functions as a traffic forwarder and reverse proxy, enabling external access to local services, remote desktops, and internal APIs. The project is distinguished by a centralized web-based administration interface used to configure tunnels, manage user accounts, and monitor real-time bandwidth metrics. It supports domain-based request routing and provides a mechanism to secure public services using HTTPS encryption through digital certificates. The syste
Implements registration and authentication to restrict who can create and manage proxy tunnels.
Decap CMS is a headless, Git-based content management system designed to provide a visual editing interface for static site workflows. By decoupling the administrative dashboard from the frontend, it allows users to manage content stored directly in version control repositories as structured data. The system maps visual form inputs to repository files, enabling non-technical contributors to update content without requiring direct code changes. The platform distinguishes itself through its Git-centric automation, which handles content lifecycles by creating commits, branches, and pull requests
Routes administrative write operations through a secure proxy to manage Git interactions.
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Enforces and manages access control on network proxy connections using user credential validation.
This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,
Enforces access control on network proxy connections through basic authentication and API callbacks.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Exposes applications to external or internal traffic by managing authentication credentials and routing requests to configured backend services.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Forwards requests to upstream services only after verifying user identity and enforcing access policies.
Nightingale is a Prometheus-compatible monitoring and alerting platform designed to centralize telemetry management across multiple time-series databases. It functions as a multi-source alerting engine and metric data pipeline that ingests telemetry via remote write protocols and triggers alarms based on data from sources such as Prometheus, Elasticsearch, Loki, and ClickHouse. The system is distinguished by its automated alert healing system, which executes predefined scripts and RPC-based corrective actions when monitoring thresholds are breached. It supports distributed alert processing, a
Authenticates users by reading usernames from HTTP headers to embed the tool into existing platforms.
Chainlit is a Python framework designed for building and deploying interactive, stateful conversational AI interfaces. It provides a backend-driven platform that connects language models and agent frameworks to a web-based chat frontend, managing the complexities of session state, message history, and real-time communication. The framework distinguishes itself by offering a component-based UI builder that allows developers to inject interactive widgets, rich media, and data visualizations directly into the chat stream. It supports the visualization of complex agent workflows, enabling users t
Verifies user identity by intercepting request headers or tokens from host environments.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Tests usernames and passwords against HTTP proxy servers using Basic or NTLM authentication.
Dex is an OpenID Connect provider and identity federation proxy that translates authentication signals from various upstream sources into a unified OpenID Connect interface. It functions as a multi-protocol identity broker, enabling client applications to implement a single standard while delegating user verification to external identity providers. The project distinguishes itself through a pluggable connector architecture that bridges disparate protocols including LDAP, SAML, and OAuth2. It provides specific integrations for services such as GitHub, Google, GitLab, and Microsoft, while offer
Extracts user identities and group memberships from custom HTTP headers provided by an upstream proxy.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users by trusting identity headers passed from an external authentication proxy.
naiveproxy is a censorship circumvention tool and traffic obfuscation proxy. It functions as an HTTP/2 transport proxy that tunnels SOCKS5 traffic over HTTP/2 to hide network activity and bypass network blocks. The project distinguishes itself by mimicking standard web browser requests to evade deep packet inspection. It employs traffic camouflage techniques such as redirecting unauthorized probing requests to decoy web servers and using randomized packet padding to defeat length-based traffic analysis. The software provides a local SOCKS5 proxy endpoint, credential-based request authenticat
Provides credential-based authentication to verify users before granting access to the backend proxy service.
This project is a Go-based HTTP proxy server designed as a censorship circumvention tool. It functions as an upstream proxy manager and SOCKS5 tunneling gateway that routes network traffic between clients and destination servers to bypass network restrictions. The system differentiates itself through automated proxy routing, which detects unreachable websites and automatically switches traffic between direct access and a pool of parent proxies. It includes a PAC file generator to produce proxy auto-config files for browsers and integrates SSH tunneling to establish secure remote sockets. Bro
Enforces access control on network proxy connections through credential-based validation.
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
Creates secrets to provide the credentials required for authenticating through a network proxy.
TubeArchivist is a self-hosted YouTube video archiving system and metadata indexer. It functions as a personal media library and download manager that allows users to create a searchable offline collection of videos, channels, and playlists. The system distinguishes itself by indexing subtitles, comments, and channel information for full-text search and retrieval. It features automated media synchronization to track subscriptions and playlists, ensuring new content is automatically queued and downloaded as it is published. The project provides a broad set of capabilities for digital asset ma
Delegates user identity verification to an external authentication proxy using request headers.
MTProxy 是一个代理服务器,使用 MTProto 协议将流量路由到 Telegram 服务器,以绕过网络限制。它作为一个用于管理安全连接并在客户端和目标服务器之间转发协议流量的系统运行。 该项目通过在数据包中添加随机填充来实现流量混淆,以掩盖数据模式并向互联网服务提供商隐藏代理使用情况。它还包括一个连接管理器,通过验证特定的身份验证密钥来限制用户访问。 该系统通过本地端口公开实时性能指标和系统健康数据,提供运营可观测性。它处理原始字节流中继和专门的协议路由以保持连接。
Enforces access control on proxy connections by requiring specific authentication secrets.