Updates 2.6.3

+ Added X-Forwarded-Proto for automatic proxy detector + Split blacklist and whitelist from geodb script file + Optimized compile binary size + Added access control to TCP proxy + Added "invalid config detect" in up time monitor for isse #7 + Fixed minor bugs in advance stats panel + Reduced file size of embedded materials
2025-06-06 07:37:21 +02:00 · 2023-06-08 21:42:03 +08:00 · 2023-06-08 21:42:03 +08:00 · 5e7599756f
commit 5e7599756f
parent 5db50c1ca2
27 changed files with 391 additions and 194 deletions
--- a/src/main.go
+++ b/src/main.go
@ -38,7 +38,7 @@ var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local no
 var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port")
 var (
 	name        = "Zoraxy"
-	version     = "2.6.2"
+	version     = "2.6.3"
 	nodeUUID    = "generic"
 	development = false //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()
--- a/src/mod/dynamicproxy/dpcore/dpcore.go
+++ b/src/mod/dynamicproxy/dpcore/dpcore.go
@ -278,6 +278,12 @@ func addXForwardedForHeader(req *http.Request) {
 			clientIP = strings.Join(prior, ", ") + ", " + clientIP
 		}
 		req.Header.Set("X-Forwarded-For", clientIP)
 		if req.TLS != nil {
 			req.Header.Set("X-Forwarded-Proto", "https")
 		} else {
 			req.Header.Set("X-Forwarded-Proto", "http")
 		}
 	}
 }
--- a/src/mod/dynamicproxy/proxyRequestHandler.go
+++ b/src/mod/dynamicproxy/proxyRequestHandler.go
@ -57,6 +57,7 @@ func (router *Router) rewriteURL(rooturl string, requestURL string) string {
 // Handle subdomain request
 func (h *ProxyHandler) subdomainRequest(w http.ResponseWriter, r *http.Request, target *ProxyEndpoint) {
 	r.Header.Set("X-Forwarded-Host", r.Host)
 	r.Header.Set("X-Forwarded-Server", "zoraxy-"+h.Parent.Option.HostUUID)
 	requestURL := r.URL.String()
 	if r.Header["Upgrade"] != nil && strings.ToLower(r.Header["Upgrade"][0]) == "websocket" {
 		//Handle WebSocket request. Forward the custom Upgrade header and rewrite origin
@ -116,6 +117,7 @@ func (h *ProxyHandler) proxyRequest(w http.ResponseWriter, r *http.Request, targ
 	r.URL, _ = url.Parse(rewriteURL)
 	r.Header.Set("X-Forwarded-Host", r.Host)
 	r.Header.Set("X-Forwarded-Server", "zoraxy-"+h.Parent.Option.HostUUID)
 	if r.Header["Upgrade"] != nil && strings.ToLower(r.Header["Upgrade"][0]) == "websocket" {
 		//Handle WebSocket request. Forward the custom Upgrade header and rewrite origin
 		r.Header.Set("A-Upgrade", "websocket")
--- a/src/mod/dynamicproxy/typedef.go
+++ b/src/mod/dynamicproxy/typedef.go
@ -22,6 +22,7 @@ type ProxyHandler struct {
 }
 type RouterOption struct {
 	HostUUID           string
 	Port               int
 	UseTls             bool
 	ForceHttpsRedirect bool
--- a/src/mod/geodb/blacklist.go
+++ b/src/mod/geodb/blacklist.go
@ -0,0 +1,91 @@
 package geodb
 import "strings"
 /*
 	Blacklist.go
 	This script store the blacklist related functions
 */
 //Geo Blacklist
 func (s *Store) AddCountryCodeToBlackList(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Write("blacklist-cn", countryCode, true)
 }
 func (s *Store) RemoveCountryCodeFromBlackList(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Delete("blacklist-cn", countryCode)
 }
 func (s *Store) IsCountryCodeBlacklisted(countryCode string) bool {
 	countryCode = strings.ToLower(countryCode)
 	var isBlacklisted bool = false
 	s.sysdb.Read("blacklist-cn", countryCode, &isBlacklisted)
 	return isBlacklisted
 }
 func (s *Store) GetAllBlacklistedCountryCode() []string {
 	bannedCountryCodes := []string{}
 	entries, err := s.sysdb.ListTable("blacklist-cn")
 	if err != nil {
 		return bannedCountryCodes
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		bannedCountryCodes = append(bannedCountryCodes, ip)
 	}
 	return bannedCountryCodes
 }
 //IP Blacklsits
 func (s *Store) AddIPToBlackList(ipAddr string) {
 	s.sysdb.Write("blacklist-ip", ipAddr, true)
 }
 func (s *Store) RemoveIPFromBlackList(ipAddr string) {
 	s.sysdb.Delete("blacklist-ip", ipAddr)
 }
 func (s *Store) GetAllBlacklistedIp() []string {
 	bannedIps := []string{}
 	entries, err := s.sysdb.ListTable("blacklist-ip")
 	if err != nil {
 		return bannedIps
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		bannedIps = append(bannedIps, ip)
 	}
 	return bannedIps
 }
 func (s *Store) IsIPBlacklisted(ipAddr string) bool {
 	var isBlacklisted bool = false
 	s.sysdb.Read("blacklist-ip", ipAddr, &isBlacklisted)
 	if isBlacklisted {
 		return true
 	}
 	//Check for IP wildcard and CIRD rules
 	AllBlacklistedIps := s.GetAllBlacklistedIp()
 	for _, blacklistRule := range AllBlacklistedIps {
 		wildcardMatch := MatchIpWildcard(ipAddr, blacklistRule)
 		if wildcardMatch {
 			return true
 		}
 		cidrMatch := MatchIpCIDR(ipAddr, blacklistRule)
 		if cidrMatch {
 			return true
 		}
 	}
 	return false
 }
--- a/src/mod/geodb/geodb.go
+++ b/src/mod/geodb/geodb.go
@ -3,8 +3,8 @@ package geodb
 import (
 	_ "embed"
 	"log"
 	"net"
 	"net/http"
 	"strings"
 	"imuslab.com/zoraxy/mod/database"
 )
@ -112,170 +112,6 @@ func (s *Store) Close() {
 }
 /*
 	Country code based black / white list
 */
 func (s *Store) AddCountryCodeToBlackList(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Write("blacklist-cn", countryCode, true)
 }
 func (s *Store) RemoveCountryCodeFromBlackList(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Delete("blacklist-cn", countryCode)
 }
 func (s *Store) AddCountryCodeToWhitelist(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Write("whitelist-cn", countryCode, true)
 }
 func (s *Store) RemoveCountryCodeFromWhitelist(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Delete("whitelist-cn", countryCode)
 }
 func (s *Store) IsCountryCodeBlacklisted(countryCode string) bool {
 	countryCode = strings.ToLower(countryCode)
 	var isBlacklisted bool = false
 	s.sysdb.Read("blacklist-cn", countryCode, &isBlacklisted)
 	return isBlacklisted
 }
 func (s *Store) IsCountryCodeWhitelisted(countryCode string) bool {
 	countryCode = strings.ToLower(countryCode)
 	var isWhitelisted bool = false
 	s.sysdb.Read("whitelist-cn", countryCode, &isWhitelisted)
 	return isWhitelisted
 }
 func (s *Store) GetAllBlacklistedCountryCode() []string {
 	bannedCountryCodes := []string{}
 	entries, err := s.sysdb.ListTable("blacklist-cn")
 	if err != nil {
 		return bannedCountryCodes
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		bannedCountryCodes = append(bannedCountryCodes, ip)
 	}
 	return bannedCountryCodes
 }
 func (s *Store) GetAllWhitelistedCountryCode() []string {
 	whitelistedCountryCode := []string{}
 	entries, err := s.sysdb.ListTable("whitelist-cn")
 	if err != nil {
 		return whitelistedCountryCode
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		whitelistedCountryCode = append(whitelistedCountryCode, ip)
 	}
 	return whitelistedCountryCode
 }
 /*
 	IP based black / whitelist
 */
 func (s *Store) AddIPToBlackList(ipAddr string) {
 	s.sysdb.Write("blacklist-ip", ipAddr, true)
 }
 func (s *Store) RemoveIPFromBlackList(ipAddr string) {
 	s.sysdb.Delete("blacklist-ip", ipAddr)
 }
 func (s *Store) AddIPToWhiteList(ipAddr string) {
 	s.sysdb.Write("whitelist-ip", ipAddr, true)
 }
 func (s *Store) RemoveIPFromWhiteList(ipAddr string) {
 	s.sysdb.Delete("whitelist-ip", ipAddr)
 }
 func (s *Store) IsIPBlacklisted(ipAddr string) bool {
 	var isBlacklisted bool = false
 	s.sysdb.Read("blacklist-ip", ipAddr, &isBlacklisted)
 	if isBlacklisted {
 		return true
 	}
 	//Check for IP wildcard and CIRD rules
 	AllBlacklistedIps := s.GetAllBlacklistedIp()
 	for _, blacklistRule := range AllBlacklistedIps {
 		wildcardMatch := MatchIpWildcard(ipAddr, blacklistRule)
 		if wildcardMatch {
 			return true
 		}
 		cidrMatch := MatchIpCIDR(ipAddr, blacklistRule)
 		if cidrMatch {
 			return true
 		}
 	}
 	return false
 }
 func (s *Store) IsIPWhitelisted(ipAddr string) bool {
 	var isBlacklisted bool = false
 	s.sysdb.Read("whitelist-ip", ipAddr, &isBlacklisted)
 	if isBlacklisted {
 		return true
 	}
 	//Check for IP wildcard and CIRD rules
 	AllBlacklistedIps := s.GetAllBlacklistedIp()
 	for _, blacklistRule := range AllBlacklistedIps {
 		wildcardMatch := MatchIpWildcard(ipAddr, blacklistRule)
 		if wildcardMatch {
 			return true
 		}
 		cidrMatch := MatchIpCIDR(ipAddr, blacklistRule)
 		if cidrMatch {
 			return true
 		}
 	}
 	return false
 }
 func (s *Store) GetAllBlacklistedIp() []string {
 	bannedIps := []string{}
 	entries, err := s.sysdb.ListTable("blacklist-ip")
 	if err != nil {
 		return bannedIps
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		bannedIps = append(bannedIps, ip)
 	}
 	return bannedIps
 }
 func (s *Store) GetAllWhitelistedIp() []string {
 	whitelistedIp := []string{}
 	entries, err := s.sysdb.ListTable("whitelist-ip")
 	if err != nil {
 		return whitelistedIp
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		whitelistedIp = append(whitelistedIp, ip)
 	}
 	return whitelistedIp
 }
 /*
 Check if a IP address is blacklisted, in either country or IP blacklist
 IsBlacklisted default return is false (allow access)
@ -341,6 +177,23 @@ func (s *Store) IsWhitelisted(ipAddr string) bool {
 	return false
 }
 // A helper function that check both blacklist and whitelist for access
 // for both geoIP and ip / CIDR ranges
 func (s *Store) AllowIpAccess(ipaddr string) bool {
 	if s.IsBlacklisted(ipaddr) {
 		return false
 	}
 	return s.IsWhitelisted(ipaddr)
 }
 func (s *Store) AllowConnectionAccess(conn net.Conn) bool {
 	if addr, ok := conn.RemoteAddr().(*net.TCPAddr); ok {
 		return s.AllowIpAccess(addr.IP.String())
 	}
 	return true
 }
 func (s *Store) GetRequesterCountryISOCode(r *http.Request) string {
 	ipAddr := GetRequesterIP(r)
 	if ipAddr == "" {
--- a/src/mod/geodb/whitelist.go
+++ b/src/mod/geodb/whitelist.go
@ -0,0 +1,91 @@
 package geodb
 import "strings"
 /*
 	Whitelist.go
 	This script handles whitelist related functions
 */
 //Geo Whitelist
 func (s *Store) AddCountryCodeToWhitelist(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Write("whitelist-cn", countryCode, true)
 }
 func (s *Store) RemoveCountryCodeFromWhitelist(countryCode string) {
 	countryCode = strings.ToLower(countryCode)
 	s.sysdb.Delete("whitelist-cn", countryCode)
 }
 func (s *Store) IsCountryCodeWhitelisted(countryCode string) bool {
 	countryCode = strings.ToLower(countryCode)
 	var isWhitelisted bool = false
 	s.sysdb.Read("whitelist-cn", countryCode, &isWhitelisted)
 	return isWhitelisted
 }
 func (s *Store) GetAllWhitelistedCountryCode() []string {
 	whitelistedCountryCode := []string{}
 	entries, err := s.sysdb.ListTable("whitelist-cn")
 	if err != nil {
 		return whitelistedCountryCode
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		whitelistedCountryCode = append(whitelistedCountryCode, ip)
 	}
 	return whitelistedCountryCode
 }
 //IP Whitelist
 func (s *Store) AddIPToWhiteList(ipAddr string) {
 	s.sysdb.Write("whitelist-ip", ipAddr, true)
 }
 func (s *Store) RemoveIPFromWhiteList(ipAddr string) {
 	s.sysdb.Delete("whitelist-ip", ipAddr)
 }
 func (s *Store) IsIPWhitelisted(ipAddr string) bool {
 	var isWhitelisted bool = false
 	s.sysdb.Read("whitelist-ip", ipAddr, &isWhitelisted)
 	if isWhitelisted {
 		return true
 	}
 	//Check for IP wildcard and CIRD rules
 	AllWhitelistedIps := s.GetAllWhitelistedIp()
 	for _, whitelistRules := range AllWhitelistedIps {
 		wildcardMatch := MatchIpWildcard(ipAddr, whitelistRules)
 		if wildcardMatch {
 			return true
 		}
 		cidrMatch := MatchIpCIDR(ipAddr, whitelistRules)
 		if cidrMatch {
 			return true
 		}
 	}
 	return false
 }
 func (s *Store) GetAllWhitelistedIp() []string {
 	whitelistedIp := []string{}
 	entries, err := s.sysdb.ListTable("whitelist-ip")
 	if err != nil {
 		return whitelistedIp
 	}
 	for _, keypairs := range entries {
 		ip := string(keypairs[0])
 		whitelistedIp = append(whitelistedIp, ip)
 	}
 	return whitelistedIp
 }
--- a/src/mod/sshprox/embed.go
+++ b/src/mod/sshprox/embed.go
@ -0,0 +1,16 @@
 //go:build (windows && amd64) || (linux && mipsle) || (linux && riscv64)
 // +build windows,amd64 linux,mipsle linux,riscv64
 package sshprox
 import "embed"
 /*
 	Bianry embedding
 	Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/LICENSE
 	gotty embed.FS
 )
--- a/src/mod/sshprox/embed_linux_386.go
+++ b/src/mod/sshprox/embed_linux_386.go
@ -0,0 +1,18 @@
 //go:build linux && 386
 // +build linux,386
 package sshprox
 import "embed"
 /*
 	Bianry embedding for i386 builds
 	Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/gotty_linux_386
 	//go:embed gotty/.gotty
 	//go:embed gotty/LICENSE
 	gotty embed.FS
 )
--- a/src/mod/sshprox/embed_linux_amd64.go
+++ b/src/mod/sshprox/embed_linux_amd64.go
@ -0,0 +1,18 @@
 //go:build linux && amd64
 // +build linux,amd64
 package sshprox
 import "embed"
 /*
 	Bianry embedding for AMD64 builds
 	Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/gotty_linux_amd64
 	//go:embed gotty/.gotty
 	//go:embed gotty/LICENSE
 	gotty embed.FS
 )
--- a/src/mod/sshprox/embed_linux_arm.go
+++ b/src/mod/sshprox/embed_linux_arm.go
@ -0,0 +1,18 @@
 //go:build linux && arm
 // +build linux,arm
 package sshprox
 import "embed"
 /*
 	Bianry embedding for ARM(v6/7) builds
 	Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/gotty_linux_arm
 	//go:embed gotty/.gotty
 	//go:embed gotty/LICENSE
 	gotty embed.FS
 )
--- a/src/mod/sshprox/embed_linux_arm64.go
+++ b/src/mod/sshprox/embed_linux_arm64.go
@ -0,0 +1,18 @@
 //go:build linux && arm64
 // +build linux,arm64
 package sshprox
 import "embed"
 /*
 	Bianry embedding for ARM64 builds
 	Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/gotty_linux_arm64
 	//go:embed gotty/.gotty
 	//go:embed gotty/LICENSE
 	gotty embed.FS
 )
--- a/src/mod/sshprox/sshprox.go
+++ b/src/mod/sshprox/sshprox.go
@ -1,7 +1,6 @@
 package sshprox
 import (
 	"embed"
 	"errors"
 	"fmt"
 	"log"
@ -28,16 +27,6 @@ import (
 	online ssh terminal
 */
 /*
 Bianry embedding
 Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/*
 	gotty embed.FS
 )
 type Manager struct {
 	StartingPort int
 	Instances    []*Instance
--- a/src/mod/tcpprox/conn.go
+++ b/src/mod/tcpprox/conn.go
@ -58,11 +58,23 @@ func forward(conn1 net.Conn, conn2 net.Conn, aTob *int64, bToa *int64) {
 	wg.Wait()
 }
-func accept(listener net.Listener) (net.Conn, error) {
+func (c *ProxyRelayConfig) accept(listener net.Listener) (net.Conn, error) {
 	conn, err := listener.Accept()
 	if err != nil {
 		return nil, err
 	}
 	//Check if connection in blacklist or whitelist
 	if addr, ok := conn.RemoteAddr().(*net.TCPAddr); ok {
 		if !c.parent.Options.AccessControlHandler(conn) {
 			time.Sleep(300 * time.Millisecond)
 			conn.Close()
 			log.Println("[x]", "Connection from "+addr.IP.String()+" rejected by access control policy")
 			return nil, errors.New("Connection from " + addr.IP.String() + " rejected by access control policy")
 		}
 	}
 	log.Println("[√]", "accept a new client. remote address:["+conn.RemoteAddr().String()+"], local address:["+conn.LocalAddr().String()+"]")
 	return conn, err
 }
@ -203,7 +215,7 @@ func (c *ProxyRelayConfig) Port2port(port1 string, port2 string, stopChan chan b
 	}()
 	for {
-		conn1, err := accept(listen1)
+		conn1, err := c.accept(listen1)
 		if err != nil {
 			if !c.Running {
 				return nil
@ -211,7 +223,7 @@ func (c *ProxyRelayConfig) Port2port(port1 string, port2 string, stopChan chan b
 			continue
 		}
-		conn2, err := accept(listen2)
+		conn2, err := c.accept(listen2)
 		if err != nil {
 			if !c.Running {
 				return nil
@ -224,7 +236,7 @@ func (c *ProxyRelayConfig) Port2port(port1 string, port2 string, stopChan chan b
 			time.Sleep(time.Duration(c.Timeout) * time.Second)
 			continue
 		}
-		forward(conn1, conn2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
+		go forward(conn1, conn2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
 	}
 }
@ -248,7 +260,7 @@ func (c *ProxyRelayConfig) Port2host(allowPort string, targetAddress string, sto
 	//Start blocking loop for accepting connections
 	for {
-		conn, err := accept(server)
+		conn, err := c.accept(server)
 		if conn == nil || err != nil {
 			if !c.Running {
 				//Terminate by stop chan. Exit listener loop
@ -322,7 +334,7 @@ func (c *ProxyRelayConfig) Host2host(address1, address2 string, stopChan chan bo
 				return nil
 			}
 		}
-		forward(host1, host2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
+		go forward(host1, host2, &c.aTobAccumulatedByteTransfer, &c.bToaAccumulatedByteTransfer)
 	}
 	return nil
--- a/src/mod/tcpprox/tcpprox.go
+++ b/src/mod/tcpprox/tcpprox.go
@ -2,6 +2,7 @@ package tcpprox
 import (
 	"errors"
 	"net"
 	uuid "github.com/satori/go.uuid"
 	"imuslab.com/zoraxy/mod/database"
@ -40,11 +41,14 @@ type ProxyRelayConfig struct {
 	stopChan                    chan bool //Stop channel to stop the listener
 	aTobAccumulatedByteTransfer int64     //Accumulated byte transfer from A to B
 	bToaAccumulatedByteTransfer int64     //Accumulated byte transfer from B to A
 	parent *Manager `json:"-"`
 }
 type Options struct {
-	Database       *database.Database
+	Database             *database.Database
-	DefaultTimeout int
+	DefaultTimeout       int
 	AccessControlHandler func(net.Conn) bool
 }
 type Manager struct {
@ -59,16 +63,34 @@ type Manager struct {
 func NewTCProxy(options *Options) *Manager {
 	options.Database.NewTable("tcprox")
 	//Load relay configs from db
 	previousRules := []*ProxyRelayConfig{}
 	if options.Database.KeyExists("tcprox", "rules") {
 		options.Database.Read("tcprox", "rules", &previousRules)
 	}
-	return &Manager{
+	//Check if the AccessControlHandler is empty. If yes, set it to always allow access
 	if options.AccessControlHandler == nil {
 		options.AccessControlHandler = func(conn net.Conn) bool {
 			//Always allow access
 			return true
 		}
 	}
 	//Create a new proxy manager for TCP
 	thisManager := Manager{
 		Options:     options,
 		Configs:     previousRules,
 		Connections: 0,
 	}
 	//Inject manager into the rules
 	for _, rule := range previousRules {
 		rule.parent = &thisManager
 	}
 	thisManager.Configs = previousRules
 	return &thisManager
 }
 func (m *Manager) NewConfig(config *ProxyRelayOptions) string {
@ -85,6 +107,8 @@ func (m *Manager) NewConfig(config *ProxyRelayOptions) string {
 		stopChan:                    nil,
 		aTobAccumulatedByteTransfer: 0,
 		bToaAccumulatedByteTransfer: 0,
 		parent: m,
 	}
 	m.Configs = append(m.Configs, &thisConfig)
 	m.SaveConfigToDatabase()
--- a/src/mod/uptime/uptime.go
+++ b/src/mod/uptime/uptime.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
 	"strings"
 	"time"
 	"imuslab.com/zoraxy/mod/utils"
@ -220,7 +221,24 @@ func getWebsiteStatusWithLatency(url string) (bool, int64, int) {
 func getWebsiteStatus(url string) (int, error) {
 	resp, err := http.Get(url)
 	if err != nil {
-		return 0, err
+		//Try replace the http with https and vise versa
 		rewriteURL := ""
 		if strings.Contains(url, "https://") {
 			rewriteURL = strings.ReplaceAll(url, "https://", "http://")
 		} else if strings.Contains(url, "http://") {
 			rewriteURL = strings.ReplaceAll(url, "http://", "https://")
 		}
 		resp, err = http.Get(rewriteURL)
 		if err != nil {
 			if strings.Contains(err.Error(), "http: server gave HTTP response to HTTPS client") {
 				//Invalid downstream reverse proxy settings, but it is online
 				//return SSL handshake failed
 				return 525, nil
 			}
 			return 0, err
 		}
 	}
 	status_code := resp.StatusCode
 	resp.Body.Close()
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@ -47,6 +47,7 @@ func ReverseProxtInit() {
 	}
 	dprouter, err := dynamicproxy.NewDynamicProxy(dynamicproxy.RouterOption{
 		HostUUID:           nodeUUID,
 		Port:               inboundPort,
 		UseTls:             useTls,
 		ForceHttpsRedirect: forceHttpsRedirect,
--- a/src/start.go
+++ b/src/start.go
@ -163,7 +163,8 @@ func startupSequence() {
 	//Create TCP Proxy Manager
 	tcpProxyManager = tcpprox.NewTCProxy(&tcpprox.Options{
-		Database: sysdb,
+		Database:             sysdb,
 		AccessControlHandler: geodbStore.AllowConnectionAccess,
 	})
 	//Create WoL MAC storage table
--- a/src/web/components/uptime.html
+++ b/src/web/components/uptime.html
@ -109,7 +109,13 @@
                }
                ontimeRate++;
            }else{
-                dotType = "offline";
+                if (thisStatus.StatusCode >= 500 && thisStatus.StatusCode < 600){
                    //Special type of error, cause by downstream reverse proxy
                    dotType = "error";
                }else{
                    dotType = "offline";
                }
            }
            let datetime = format_time(thisStatus.Timestamp);
@ -126,12 +132,20 @@
        //Check of online status now
        let currentOnlineStatus = "Unknown";
        let onlineStatusCss = ``;
        let reminderEle = ``;
        if (value[value.length - 1].Online){
            currentOnlineStatus = `<i class="circle icon"></i> Online`;
            onlineStatusCss = `color: #3bd671;`;
        }else{
-            currentOnlineStatus = `<i class="circle icon"></i> Offline`;
+            if (value[value.length - 1].StatusCode >= 500 && value[value.length - 1].StatusCode < 600){
-            onlineStatusCss = `color: #df484a;`;
+                currentOnlineStatus = `<i class="exclamation circle icon"></i> Misconfigured`;
                onlineStatusCss = `color: #f38020;`;
                reminderEle = `<small style="${onlineStatusCss}">Downstream proxy server is online with misconfigured settings</small>`;
            }else{
                currentOnlineStatus = `<i class="circle icon"></i> Offline`;
                onlineStatusCss = `color: #df484a;`;
            }
        }
        //Generate the html
@ -151,6 +165,7 @@
            <div class="status" style="marign-top: 1em;">
                ${statusDotList}
            </div>
            ${reminderEle}
            <div class="ui divider"></div>
        </div>`);
    }
--- a/src/web/img/public/bg.jpg
+++ b/src/web/img/public/bg.jpg
--- a/src/web/img/public/bg.png
+++ b/src/web/img/public/bg.png
--- a/src/web/img/public/bg2.jpg
+++ b/src/web/img/public/bg2.jpg
--- a/src/web/img/public/bg2.png
+++ b/src/web/img/public/bg2.png
--- a/src/web/login.html
+++ b/src/web/login.html
@ -23,7 +23,7 @@
            width: 100%;
            opacity: 0.8;
            z-index: -99;
-            background-image: url("img/public/bg.png");
+            background-image: url("img/public/bg.jpg");
            background-size: auto 100%;
            background-position: right top;
            background-repeat: no-repeat;
--- a/src/web/reset.html
+++ b/src/web/reset.html
@ -23,7 +23,7 @@
            width: 100%;
            opacity: 0.8;
            z-index: -99;
-            background-image: url("img/public/bg2.png");
+            background-image: url("img/public/bg2.jpg");
            background-size: auto 100%;
            background-position: right top;
            background-repeat: no-repeat;
--- a/src/web/snippet/advanceStatsOprs.html
+++ b/src/web/snippet/advanceStatsOprs.html
@ -95,6 +95,10 @@
            loadDateRange();
            function isValidDateFormat(dateString) {
                if (dateString.indexOf("_") >= 0){
                    //Replace all the _ to -
                    dateString = dateString.split("_").join("-");
                }
                // Create a regular expression pattern for the yyyy-mm-dd format
                const pattern = /^\d{4}-\d{2}-\d{2}$/;
--- a/src/wrappers.go
+++ b/src/wrappers.go
@ -117,6 +117,7 @@ func GetUptimeTargetsFromReverseProxyRules(dp *dynamicproxy.Router) []*uptime.Ta
 			url = "https://" + target.Domain
 			protocol = "https"
 		}
 		UptimeTargets = append(UptimeTargets, &uptime.Target{
 			ID:       subd,
 			Name:     subd,