Update anti_ddos_challenge.lua

Major Performance Optimization : Prior versions are fast but when you can save miliseconds across millions of requests it really does start to add up in speed you can serve traffic at this update should have LuaJIT (Just-In-Time Compiler) maxed out running as fast as it can for this script. localized API variables for functions to prevent lookups for names. https://springrts.com/wiki/Lua_Performance#TEST_1:_Localize for each ipairs() and pairs() functions are slow so removed the un-needed use of them https://springrts.com/wiki/Lua_Performance#TEST_9:_for-loops Introduced `ngx.re.gsub` to replace `string.gsub` with caching enabled for Lua performance boost `pcre_jit on;` enables regex cache for performance gains. j = enable PCRE JIT compilation o = compile-once mode (similar to Perl's /o modifier), to enable the worker-process-level compiled-regex cache http://nginx.org/en/docs/ngx_core_module.html#pcre_jit Stop using `table.insert()` to insert data into tables https://springrts.com/wiki/Lua_Performance#TEST_12:_Adding_Table_Items_.28table.insert_vs._.5B_.5D.29
2023-12-14 04:31:21 +00:00 · 2020-03-19 00:29:42 +00:00
parent c5d2f09e81
commit 3780ce9368
1 changed files with 168 additions and 70 deletions
--- a/lua/anti_ddos_challenge.lua
+++ b/lua/anti_ddos_challenge.lua
@ -209,7 +209,7 @@ For the worst Botnet ASN IP's see here : https://www.spamhaus.org/statistics/bot
 ]]
 local ip_blacklist_remote_addr = "auto" --Automatically get the Clients IP address
 local ip_blacklist = {
--"127.0.0.1", --localhost
+--"127.0.0.1/30", --localhost
 --"192.168.0.1", --localhost
 --ASN AS16276 OVH IP ranges Block all OVH Servers
 "107.189.64.0/18","91.90.92.0/24","198.245.48.0/20","185.243.16.0/24","217.182.0.0/16","51.79.128.0/17","103.5.12.0/22","198.27.64.0/18","46.105.200.0/24","51.79.0.0/17","2607:5300::/32","144.217.0.0/16","46.244.32.0/20","46.105.201.0/24","46.105.198.0/24","54.39.0.0/16","46.105.203.0/24","51.81.128.0/17","46.105.0.0/16","51.178.0.0/16","167.114.128.0/18","91.90.88.0/24","8.7.244.0/24","139.99.128.0/17","144.2.32.0/19","51.38.0.0/16","91.90.94.0/24","8.33.128.0/21","8.21.41.0/24","216.32.194.0/24","51.89.0.0/16","5.196.0.0/16","195.110.30.0/23","51.195.0.0/16","2001:41d0::/32","91.90.93.0/24","8.29.224.0/24","167.114.192.0/19","8.24.8.0/21","91.90.90.0/24","167.114.0.0/17","91.121.0.0/16","51.91.0.0/16","139.99.0.0/17","178.32.0.0/15","8.26.94.0/24","51.77.0.0/16","91.90.89.0/24","185.228.97.0/24","151.80.0.0/16","213.251.128.0/18","149.56.0.0/16","37.59.0.0/16","213.186.32.0/19","2402:1f00::/32","193.70.0.0/17","142.44.128.0/17","51.161.0.0/17","54.38.0.0/16","185.228.98.0/24","91.90.88.0/21","216.32.220.0/24","92.222.0.0/16","147.135.128.0/17","142.4.192.0/19","5.135.0.0/16","192.95.0.0/18","46.105.202.0/24","185.12.32.0/23","145.239.0.0/16","213.32.0.0/17","37.187.0.0/16","37.60.48.0/21","198.100.144.0/20","149.202.0.0/16","94.23.0.0/16","167.114.224.0/19","193.109.63.0/24","51.254.0.0/15","91.90.91.0/24","216.32.213.0/24","216.32.218.0/24","8.33.96.0/21","5.39.0.0/17","185.228.96.0/24","164.132.0.0/16","158.69.0.0/16","46.105.199.0/24","8.30.208.0/21","54.37.0.0/16","46.105.204.0/24","2402:1f00:8100::/40","87.98.128.0/17","51.68.0.0/16","37.60.56.0/21","8.20.110.0/24","51.83.0.0/16","185.45.160.0/22","216.32.192.0/24","198.50.128.0/17","205.218.49.0/24","216.32.216.0/24","51.75.0.0/16","195.246.232.0/23","91.90.95.0/24","51.81.0.0/17","2402:1f00:8000::/40","23.92.224.0/19","192.240.152.0/21","91.134.0.0/16","92.246.224.0/19","176.31.0.0/16","79.137.0.0/17","193.104.19.0/24","137.74.0.0/16","192.99.0.0/16","198.27.92.0/24","147.135.0.0/17","8.33.136.0/24","2604:2dc0::/32","8.33.137.0/24","188.165.0.0/16","66.70.128.0/17","8.18.172.0/24","185.228.99.0/24","54.36.0.0/16","8.18.128.0/24",
@ -526,6 +526,30 @@ This is where things get very complex. ;)
 Begin Required Functions
 ]]
 --[[
 Add to your nginx config http://nginx.org/en/docs/ngx_core_module.html#pcre_jit
 pcre_jit on;
 The options I enable to make regex cache for performance gains.
 j = enable PCRE JIT compilation
 o = compile-once mode (similar to Perl's /o modifier), to enable the worker-process-level compiled-regex cache
 ]]
 local ngx_re_options = "jo" --boost regex performance by caching
 --[[
 localize all standard Lua and Spring API functions I use for better performance.
 ]]
 local os = os
 local string = string
 local math = math
 local table = table
 local tonumber = tonumber
 local tostring = tostring
 --[[
 End localization
 ]]
 --automatically figure out the IP address of the connecting Client
 if remote_addr == "auto" then
 	if ngx.var.http_cf_connecting_ip ~= nil then
@ -566,7 +590,6 @@ end
 Start IP range function
 ]]
 local function ip_address_in_range(input_ip, client_connecting_ip)
 	if string.match(input_ip, "/") then --input ip is a subnet
 		--do nothing
 	else
@ -593,12 +616,15 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		local function explode(string, divide)
 			if divide == '' then return false end
 			local pos, arr = 0, {}
 			local arr_table_length = 1
 			--for each divider found
 			for st, sp in function() return string.find(string, divide, pos, true) end do
-				table.insert(arr, string.sub(string, pos, st - 1 )) --attach chars left of current divider
+				arr[arr_table_length] = string.sub(string, pos, st - 1 ) --attach chars left of current divider
 				arr_table_length=arr_table_length+1
 				pos = sp + 1 --jump past current divider
 			end
-				table.insert(arr, string.sub(string, pos)) -- Attach chars right of last divider
+				arr[arr_table_length] = string.sub(string, pos) -- Attach chars right of last divider
 				arr_table_length=arr_table_length+1
 			return arr
 		end
@ -613,7 +639,10 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		--now to build an expanded ip
 		local zeroblock
-		for k, v in pairs(ipbits) do
+		local ipbits_length = #ipbits
 		for i=1,ipbits_length do
 			local k = i
 			local v = ipbits[i]
 			--length 0? we're at the :: bit
 			if v:len() == 0 then
 				zeroblock = k
@ -633,6 +662,8 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 			for i = 1, padding do
 				table.insert(ipbits, zeroblock, '0000')
 				--ipbits[zeroblock] = '0000'
 				--ipbits_length=ipbits_length+1
 			end
 		end
 		--[[
@ -650,7 +681,10 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		--now to build an expanded ip
 		local zeroblock_client
-		for k, v in pairs(ipbits_client) do
+		local ipbits_client_length = #ipbits_client
 		for i=1,ipbits_client_length do
 			local k = i
 			local v = ipbits_client[i]
 			--length 0? we're at the :: bit
 			if v:len() == 0 then
 				zeroblock_client = k
@ -670,6 +704,8 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 			for i = 1, padding do
 				table.insert(ipbits_client, zeroblock_client, '0000')
 				--ipbits_client[zeroblock_client] = '0000'
 				--ipbits_client_length=ipbits_client_length+1
 			end
 		end
 		--[[
@ -677,10 +713,10 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		]]
 		local expanded_ip_count = ipbits[1] .. ':' .. ipbits[2] .. ':' .. ipbits[3] .. ':' .. ipbits[4] .. ':' .. ipbits[5] .. ':' .. ipbits[6] .. ':' .. ipbits[7] .. ':' .. ipbits[8]
-		expanded_ip_count = string.gsub(expanded_ip_count, ":", "")
+		expanded_ip_count = ngx.re.gsub(expanded_ip_count, ":", "", ngx_re_options)
 		local client_connecting_ip_count = ipbits_client[1] .. ':' .. ipbits_client[2] .. ':' .. ipbits_client[3] .. ':' .. ipbits_client[4] .. ':' .. ipbits_client[5] .. ':' .. ipbits_client[6] .. ':' .. ipbits_client[7] .. ':' .. ipbits_client[8]
-		client_connecting_ip_count = string.gsub(client_connecting_ip_count, ":", "")
+		client_connecting_ip_count = ngx.re.gsub(client_connecting_ip_count, ":", "", ngx_re_options)
 		--generate wildcard from mask
 		local indent = mask / 4
@ -688,48 +724,59 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		expanded_ip_count = string.sub(expanded_ip_count, 0, indent)
 		client_connecting_ip_count = string.sub(client_connecting_ip_count, 0, indent)
-		local client_connecting_ip_expanded = client_connecting_ip_count:gsub('....','%1:'):gsub(':$','')
+		local client_connecting_ip_expanded = ngx.re.gsub(client_connecting_ip_count, "....", "%1:", ngx_re_options)
-		local expanded_ip = expanded_ip_count:gsub('....','%1:'):gsub(':$','')
+		client_connecting_ip_expanded = ngx.re.gsub(client_connecting_ip_count, ":$", "", ngx_re_options)
 		local expanded_ip = ngx.re.gsub(expanded_ip_count, "....", "%1:", ngx_re_options)
 		expanded_ip = ngx.re.gsub(expanded_ip_count, ":$", "", ngx_re_options)
 		local wildcardbits = {}
 		local wildcardbits_table_length = 1
 		for i = 0, indent - 1 do
-			table.insert(wildcardbits, 'f')
+			wildcardbits[wildcardbits_table_length] = 'f'
 			wildcardbits_table_length=wildcardbits_table_length+1
 		end
 		for i = 0, 31 - indent do
-			table.insert(wildcardbits, '0')
+			wildcardbits[wildcardbits_table_length] = '0'
 			wildcardbits_table_length=wildcardbits_table_length+1
 		end
 		--convert into 8 string array each w/ 4 chars
 		local count, index, wildcard = 1, 1, {}
-		for k, v in pairs(wildcardbits) do
+		local wildcardbits_length = #wildcardbits
 		for i=1,wildcardbits_length do
 			local k = i
 			local v = wildcardbits[i]
 			if count > 4 then
 				count = 1
 				index = index + 1
 			end
 			if not wildcard[index] then wildcard[index] = '' end
-				wildcard[index] = wildcard[index] .. v
+			wildcard[index] = wildcard[index] .. v
-				count = count + 1
+			count = count + 1
-			end
+		end
 			--loop each letter in each ipbit group
 			local topip = {}
 			local bottomip = {}
-			for k, v in pairs(ipbits) do
+			local ipbits_length = #ipbits
-			local topbit = ''
+			for i=1,ipbits_length do
-			local bottombit = ''
+				local k = i
-			for i = 1, 4 do
+				local v = ipbits[i]
-				local wild = wildcard[k]:sub(i, i)
+				local topbit = ''
-				local norm = v:sub(i, i)
+				local bottombit = ''
-				if wild == 'f' then
+				for i = 1, 4 do
-					topbit = topbit .. norm
+					local wild = wildcard[k]:sub(i, i)
-					bottombit = bottombit .. norm
+					local norm = v:sub(i, i)
-				else
+					if wild == 'f' then
-					topbit = topbit .. '0'
+						topbit = topbit .. norm
-					bottombit = bottombit .. 'f'
+						bottombit = bottombit .. norm
 					else
 						topbit = topbit .. '0'
 						bottombit = bottombit .. 'f'
 					end
 				end
 				topip[k] = topbit
 				bottomip[k] = bottombit
 			end
 			topip[k] = topbit
 			bottomip[k] = bottombit
 		end
 		--count ips in mask
 		local ipcount = math.pow(2, 128 - mask)
@ -811,7 +858,10 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		--network IP (route/bottom IP)
 		local bottomip = {}
-		for k, v in pairs( ip ) do
+		local ip_length = #ip
 		for i=1,ip_length do
 			local k = i
 			local v = ip[i]
 			--wildcard = 0?
 			if wildcard[k] == 0 then
 				bottomip[k] = v
@ -825,7 +875,10 @@ local function ip_address_in_range(input_ip, client_connecting_ip)
 		--use network ip + wildcard to get top ip
 		local topip = {}
-		for k, v in pairs(bottomip) do
+		local bottomip_length = #bottomip
 		for i=1,bottomip_length do
 			local k = i
 			local v = bottomip[i]
 			topip[k] = v + wildcard[k]
 		end
@ -1210,7 +1263,9 @@ End IP range function
 --function to check if ip address is whitelisted to bypass our auth
 local function check_ip_whitelist(ip_table)
-	for key,value in pairs(ip_table) do
+	local ip_table_length = #ip_table
 	for i=1,ip_table_length do
 		local value = ip_table[i]
 		if value == ip_whitelist_remote_addr then --if our ip address matches with one in the whitelist
 			local output = ngx.exit(ngx.OK) --Go to content
 			return output
@ -1225,7 +1280,9 @@ end
 check_ip_whitelist(ip_whitelist) --run whitelist check function
 local function check_ip_blacklist(ip_table)
-	for key,value in pairs(ip_table) do
+	local ip_table_length = #ip_table
 	for i=1,ip_table_length do
 		local value = ip_table[i]
 		if value == ip_blacklist_remote_addr then
 			local output = ngx.exit(ngx.HTTP_FORBIDDEN) --deny user access
 			return output
@ -1240,7 +1297,9 @@ end
 check_ip_blacklist(ip_blacklist) --run blacklist check function
 local function check_user_agent_blacklist(user_agent_table)
-	for key,value in pairs(user_agent_table) do
+	local user_agent_table_length = #user_agent_table
 	for i=1,user_agent_table_length do
 		local value = user_agent_table[i]
 		if value[2] == 1 then --case insensative
 			user_agent_blacklist_var = string.lower(user_agent_blacklist_var)
 			value[1] = string.lower(value[1])
@ -1263,7 +1322,9 @@ end
 check_user_agent_blacklist(user_agent_blacklist_table) --run user agent blacklist check function
 local function check_user_agent_whitelist(user_agent_table)
-	for key,value in pairs(user_agent_table) do
+	local user_agent_table_length = #user_agent_table
 	for i=1,user_agent_table_length do
 		local value = user_agent_table[i]
 		if value[2] == 1 then --case insensative
 			user_agent_whitelist_var = string.lower(user_agent_whitelist_var)
 			value[1] = string.lower(value[1])
@ -1290,34 +1351,56 @@ math.randomseed(os.time())
 --function to encrypt strings with our secret key / password provided
 local function calculate_signature(str)
-	return ngx.encode_base64(ngx.hmac_sha1(secret, str))
+	local output = ngx.encode_base64(ngx.hmac_sha1(secret, str))
-	:gsub("[+/=]", {["+"] = "-", ["/"] = "_", ["="] = ""}) --Replace + with - and replace / with _ and remove =
+	output = ngx.re.gsub(output, "[+]", "-", ngx_re_options) --Replace + with -
 	output = ngx.re.gsub(output, "[/]", "_", ngx_re_options) --Replace / with _
 	output = ngx.re.gsub(output, "[=]", "", ngx_re_options) --Remove =
 	return output
 end
 --calculate_signature(str)
 --generate random strings on the fly
 --qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890
 local charset = {}
-for i = 48,  57 do table.insert(charset, string.char(i)) end --0-9 numeric
+local charset_table_length = 1
--for i = 65,  90 do table.insert(charset, string.char(i)) end --A-Z uppercase
+for i = 48,  57 do
--for i = 97, 122 do table.insert(charset, string.char(i)) end --a-z lowercase
+charset[charset_table_length] = string.char(i)
-table.insert(charset, string.char(95)) --insert number 95 underscore
+charset_table_length=charset_table_length+1
 end --0-9 numeric
 --[[
 for i = 65,  90 do
 charset[charset_table_length] = string.char(i)
 charset_table_length=charset_table_length+1
 end --A-Z uppercase
 ]]
 --[[
 for i = 97, 122 do
 charset[charset_table_length] = string.char(i)
 charset_table_length=charset_table_length+1
 end --a-z lowercase
 ]]
 charset[charset_table_length] = string.char(95) --insert number 95 underscore
 charset_table_length=charset_table_length+1
 local stringrandom_table = {} --create table to store our generated vars to avoid duplicates
 local stringrandom_table_new_length = 1
 local function stringrandom(length)
 	--math.randomseed(os.time())
 	if length > 0 then
 		local output = stringrandom(length - 1) .. charset[math.random(1, #charset)]
 		local duplicate_found = 0 --mark if we find a duplicate or not
-		for key, value in pairs(stringrandom_table) do --for each value in our generated var table
+		local stringrandom_table_length = #stringrandom_table
-			if value == output then --if a value in our table matches our generated var
+		for i=1,stringrandom_table_length do --for each value in our generated var table
 			if stringrandom_table[i] == output then --if a value in our table matches our generated var
 				duplicate_found = 1 --mark as duplicate var
 				output = "_" .. output --append an underscore to the duplicate var
-				table.insert(stringrandom_table , output) --insert to the table
+				stringrandom_table[stringrandom_table_new_length] = output --insert to the table
 				stringrandom_table_new_length=stringrandom_table_new_length+1
 				break --break out of for each loop since we found a duplicate
 			end
 		end
 		if duplicate_found == 0 then --if no duplicate found
-			table.insert(stringrandom_table , output) --insert the output to our table
+			stringrandom_table[stringrandom_table_new_length] = output --insert the output to our table
 			stringrandom_table_new_length=stringrandom_table_new_length+1
 		end
 		return output
 	else
@ -1335,24 +1418,26 @@ end
 --shuffle table function
 function shuffle(tbl)
-  for i = #tbl, 2, -1 do
+	local tbl_length = #tbl
-    local j = math.random(i)
+	for i = tbl_length, 2, -1 do
-    tbl[i], tbl[j] = tbl[j], tbl[i]
+		local j = math.random(i)
-  end
+		tbl[i], tbl[j] = tbl[j], tbl[i]
-  return tbl
+	end
 	return tbl
 end
 --for my javascript Hex output
 local function sep(str, patt, re)
-    local rstr = str:gsub(patt, "%1%" .. re)
+	local rstr = str:gsub(patt, "%1%" .. re)
-
+	--local rstr = ngx.re.gsub(str, patt, "%1%" .. re, ngx_re_options) --this has a major issue no idea why need to investigate more
-    return rstr:sub(1, #rstr - #re)
+	return rstr:sub(1, #rstr - #re)
 end
 local function stringtohex(str)
-    return str:gsub('.', function (c)
+	--return ngx.re.gsub(str, ".", function (c) print(tostring(c[0])) return string.format('%02X', string.byte(c[0])) end, ngx_re_options) --this has a major issue no idea why need to investigate more
-        return string.format('%02X', string.byte(c))
+	return str:gsub('.', function (c)
-    end)
+		return string.format('%02X', string.byte(c))
 	end)
 end
 --encrypt_javascript function
@ -1468,14 +1553,17 @@ local function encrypt_javascript(string1, type, defer_async, num_encrypt, encry
 		local i = 0 --keep track of how many times we pass through
 		local r = math.random(1, l) --randomize where to split string
 		local chunks = {} --create our chunks table for string storage
 		local chunks_table_length = 1
 		local chunks_order = {} --create our chunks table for string storage that stores the value only
 		local chunks_order_table_length = 1
 		local random_var = nil --create our random string variable to use
 		while i <= l do
 			random_var = stringrandom(stringrandom_length) --create a random variable name to use
-			--table.insert(chunks_order, "decodeURIComponent(escape(window.atob(_" .. random_var .. ")))")
+			chunks_order[chunks_order_table_length] = "_" .. random_var .. "" --insert the value into our ordered table
-			table.insert(chunks_order, "_" .. random_var .. "") --insert the value into our ordered table
+			chunks_order_table_length=chunks_order_table_length+1
-			table.insert(chunks, 'var _' .. random_var .. '="' .. base64_javascript:sub(i,i+r).. '";') --insert our value into our table we will scramble
+			chunks[chunks_table_length] = 'var _' .. random_var .. '="' .. base64_javascript:sub(i,i+r).. '";' --insert our value into our table we will scramble
 			chunks_table_length=chunks_table_length+1
 			i = i+r+1
 		end
@ -1546,9 +1634,12 @@ local cookie_name_encrypted_start_and_end_date_original = cookie_name_encrypted_
 Start Tor detection
 ]]
 if x_tor_header == 2 then --if x-tor-header is dynamic
-	x_tor_header_name = calculate_signature(tor_remote_addr .. x_tor_header_name .. currentdate):gsub("_","") --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
+	x_tor_header_name = calculate_signature(tor_remote_addr .. x_tor_header_name .. currentdate) --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
-	x_tor_header_name_allowed = calculate_signature(tor_remote_addr .. x_tor_header_name_allowed .. currentdate):gsub("_","") --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
+	x_tor_header_name = ngx.re.gsub(x_tor_header_name, "_", "", ngx_re_options) --replace underscore with nothing
-	x_tor_header_name_blocked = calculate_signature(tor_remote_addr .. x_tor_header_name_blocked .. currentdate):gsub("_","") --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
+	x_tor_header_name_allowed = calculate_signature(tor_remote_addr .. x_tor_header_name_allowed .. currentdate) --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
 	x_tor_header_name_allowed = ngx.re.gsub(x_tor_header_name_allowed, "_", "", ngx_re_options) --replace underscore with nothing
 	x_tor_header_name_blocked = calculate_signature(tor_remote_addr .. x_tor_header_name_blocked .. currentdate) --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
 	x_tor_header_name_blocked = ngx.re.gsub(x_tor_header_name_blocked, "_", "", ngx_re_options) --replace underscore with nothing
 end
 if encrypt_anti_ddos_cookies == 2 then --if Anti-DDoS Cookies are to be encrypted
@ -1617,7 +1708,9 @@ local function check_authorization(authorization, authorization_dynamic)
 	local allow_site = nil
 	local authorization_display_user_details = nil
-	for k,v in ipairs(authorization_paths) do --for each host in our table
+	local authorization_paths_length = #authorization_paths
 	for i=1,authorization_paths_length do --for each host in our table
 		local v = authorization_paths[i]
 		if string.match(URL, v[2]) then --if our host matches one in the table
 			if v[1] == 1 then --Showbox
 				allow_site = 1 --showbox
@ -1642,7 +1735,9 @@ local function check_authorization(authorization, authorization_dynamic)
 	local req_headers = ngx.req.get_headers() --get all request headers
 	if authorization_dynamic == 0 then --static
-		for key,value in pairs(authorization_logins) do --for each login
+		local authorization_logins_length = #authorization_logins
 		for i=1,authorization_logins_length do --for each login
 			local value = authorization_logins[i]
 			authorization_username = value[1] --username
 			authorization_password = value[2] --password
 			local base64_expected = authorization_username .. ":" .. authorization_password --convert to browser format
@ -1706,7 +1801,9 @@ local function check_master_switch()
 	end
 	if master_switch == 3 then --custom host selection
 		local allow_site = nil
-		for k,v in ipairs(master_switch_custom_hosts) do --for each host in our table
+		local master_switch_custom_hosts_length = #master_switch_custom_hosts
 		for i=1,master_switch_custom_hosts_length do --for each host in our table
 			local v = master_switch_custom_hosts[i]
 			if string.match(URL, v[2]) then --if our host matches one in the table
 				if v[1] == 1 then --run auth
 					allow_site = 2 --run auth checks
@ -1733,7 +1830,8 @@ master switch
 local answer = calculate_signature(remote_addr) --create our encrypted unique identification for the user visiting the website.
 if x_auth_header == 2 then --if x-auth-header is dynamic
-	x_auth_header_name = calculate_signature(remote_addr .. x_auth_header_name .. currentdate):gsub("_","") --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
+	x_auth_header_name = calculate_signature(remote_addr .. x_auth_header_name .. currentdate) --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
 	x_auth_header_name = ngx.re.gsub(x_auth_header_name, "_", "", ngx_re_options) --replace underscore with nothing
 end
 if encrypt_anti_ddos_cookies == 2 then --if Anti-DDoS Cookies are to be encrypted