- Skip wildcard domains (starting with '.') in sync-routes to allow
unknown subdomains to show "WAF SAYS NO" 404 page instead of blog
- Fix log_info() to output to stderr to prevent JSON corruption in
sync-routes when log messages mixed with JSON fragments
- Escape CSS curly braces in NOT_FOUND_HTML for Python .format()
compatibility (fixes KeyError: 'box-sizing')
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
mitmproxy haproxy_router.py:
- Return 404 instead of routing to LuCI (8081) for missing routes
- Block any routes that point to port 8081
- Add "WAF Says NO" themed 404 page with multi-layer WAF visual
HAProxy (deployed on router):
- Configure end_of_internet backend with custom errorfiles
- Add "End of Internet" themed error pages for 5xx errors
- Patched haproxyctl to include errorfile directives
New package: secubox-app-openclaw
- Personal AI assistant integration for SecuBox
- Supports Anthropic Claude, OpenAI, and Ollama providers
- Chat integrations (Telegram, Discord, Slack)
- Email/calendar automation support
- CLI tool: openclawctl
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed _check_interval from 10 to 1 to ensure new routes are picked up
immediately when the haproxy-routes.json file is updated.
This fixes the quick publish flow where new sites weren't accessible
immediately because mitmproxy only checked for route changes every
10 requests.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
haproxyctl:
- Copy generated config to /etc/haproxy/ inside container before reload
- HAProxy reads from /etc/haproxy/haproxy.cfg, not /opt/haproxy/config/
mitmproxy haproxy_router.py:
- Save original Host header before setting backend destination
- Restore Host header after routing to preserve it for backend validation
- Fixes PeerTube OAuth and other apps that validate Host header
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Support both "*.domain" and ".domain" wildcard formats in haproxy_router.py
- Sort wildcards by length (longest first) for correct specificity matching
- Add auto-reload: check routes file mtime every 10 requests
- Update metablogizerctl to use mitmproxyctl sync-routes
Also fix luci-app-wazuh api.js to use baseclass.extend
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add HAProxy → mitmproxy → Backend inspection chain for filtering
all vhost traffic through mitmproxy with threat detection
- Add haproxy_router.py addon for Host-based request routing
- Add mitmproxyctl commands: sync-routes, haproxy-enable, haproxy-disable
- Add auth token to status response for Web UI auto-authentication
- Add HAProxy Backend Inspection section to LuCI status page with
enable/disable/sync controls
- Add HAProxy Router settings section to LuCI settings page
- LXC container now supports dual-port mode (8888 + 8889 for HAProxy)
- Token displayed with copy button in dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
