Cavemanon/Nginx-Lua-Anti-DDoS
8
Fork 0
mirror of https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS.git synced 2023-12-14 04:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update anti_ddos_challenge.lua

Browse Source 
Added Feature : Custom setting for master_switch, For those who use this script and are large server hosts or host allot of websites from their machine(s) this will allow you to setup this script in your Nginx `http {` block to run for all sites on your service then you can set it to custom hosts to protect specific websites only such as Tor websites.

For example setting `master_switch = 3` will make it so all websites / domain names you do not specify in the list will never see the authentication page while those you do specifiy in the list will be required to solve our authentication page puzzle in order to get access. Highly useful for protecting Tor services / backends on hosts with normal services running too.

This way if you host a domain like ".onion" they will be required to solve auth pages to get access while everything not specified like ".com" or specific domain names visitors will never see the auth page.
This commit is contained in:
C0nw0nk
2020-02-20 17:35:16 +00:00
committed by GitHub
parent 4417a6da16
commit 379814c399
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
lua/anti_ddos_challenge.lua
View File

@ -250,9 +250,23 @@ This way you don't have to remove access_by_lua_file anti_ddos_challenge.lua; to
1 = enabled
2 = disabled
3 = custom
]]
local master_switch = 1 --enabled by default
--[[
This feature is if you set "master_switch = 3" what this does is if you host multiple websites / services of one server / machine you can have this script disabled for all those websites / domain names other than those you specifiy.
For example you set master_switch to 3 and specifiy ".onion" then all Tor websites you host on your server will be protected by this script while the rest of the websites you host will not be authenticated. (pretty clever huh)
You can also specify full domain names like "github.com" to protect specific domains you can add as many as you like.
]]
local master_switch_custom_hosts = {
".onion", --authenticate Tor websites
"github.com", --authenticate github
--"localhost", --authenticate localhost
--"127.0.0.1", --authenticate localhost
--".com", --authenticate .com domains
}
--[[
Enable/disable credits It would be nice if you would show these to help the community grow and make the internet safer for everyone
but if not I completely understand hence why I made it a option to remove them for you.
@ -297,6 +311,21 @@ local function check_master_switch()
local output = ngx.exit(ngx.OK) --Go to content
return output
end
if master_switch == 3 then --custom host selection
local allow_site = 1 --allow sites by default
for k,v in ipairs(master_switch_custom_hosts) do --for each host in our table
if string.match(string.lower(ngx.var.host), v) then --if our host matches one in the table
allow_site = 2 --disallow direct access
break --break out of the for each loop pointless to keep searching the rest since we matched our host
end
end
if allow_site == 1 then --checks passed site allowed grant direct access
local output = ngx.exit(ngx.OK) --Go to content
return output
else --allow_site was 2 to disallow direct access we matched a host to protect
return --carry on script functions to display auth page
end
end
end
check_master_switch()