mirror of
https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS.git
synced 2023-12-14 04:31:21 +00:00
Update anti_ddos_challenge.lua
Added Feature : Allow our randomly generated Javascript vars to be configurable and dynamic or static depending on user prefrence. Fix bug : Tor users I forgot to check if Tor users solved our Mathematical puzzle now it checks that they have solved the puzzle before granting them access. Fix bug : When generating random Javascript variables there was a chance for duplicate outputs / collisions with Javascript vars making Javascript not work whilst the odds for those collisions / duplicates was very very small it was something that maybe one request in a million could have been stuck with a broken javascript page so to prevent that ever happening I keep track of generated vars and prevent duplicates.
This commit is contained in:
C0nw0nk
GitHub
@ -262,6 +262,17 @@ but if not I completely understand hence why I made it a option to remove them f
|
||||
]]
|
||||
local credits = 1 --enabled by default
|
||||
|
||||
--[[
|
||||
Javascript variables generated by the script to be static in length or Dynamic setting this as dynamic is the best form of security
|
||||
|
||||
1 = Static
|
||||
2 = Dynamic
|
||||
]]
|
||||
local dynamic_javascript_vars_length = 2 --dynamic default
|
||||
local dynamic_javascript_vars_length_static = 10 --how many chars in length should static be
|
||||
local dynamic_javascript_vars_length_start = 1 --for dynamic randomize min value to max this is min value
|
||||
local dynamic_javascript_vars_length_end = 10 --for dynamic randomize min value to max this is max value
|
||||
|
||||
|
||||
--[[
|
||||
End Configuration
|
||||
@ -367,17 +378,36 @@ for i = 48, 57 do table.insert(charset, string.char(i)) end --0-9 numeric
|
||||
--for i = 65, 90 do table.insert(charset, string.char(i)) end --A-Z uppercase
|
||||
--for i = 97, 122 do table.insert(charset, string.char(i)) end --a-z lowercase
|
||||
table.insert(charset, string.char(95)) --insert number 95 underscore
|
||||
local stringrandom_table = {} --create table to store our generated vars to avoid duplicates
|
||||
local function stringrandom(length)
|
||||
--math.randomseed(os.time())
|
||||
if length > 0 then
|
||||
--return "a"
|
||||
return stringrandom(length - 1) .. charset[math.random(1, #charset)]
|
||||
local output = stringrandom(length - 1) .. charset[math.random(1, #charset)]
|
||||
local duplicate_found = 0 --mark if we find a duplicate or not
|
||||
for _, value in next, stringrandom_table do --for each value in our generated var table
|
||||
if value == output then --if a value in our table matches our generated var
|
||||
duplicate_found = 1 --mark as duplicate var
|
||||
output = "_" .. output --append an underscore to the duplicate var
|
||||
table.insert(stringrandom_table , output) --insert to the table
|
||||
end
|
||||
end
|
||||
if duplicate_found == 0 then --if no duplicate found
|
||||
table.insert(stringrandom_table , output) --insert the output to our table
|
||||
end
|
||||
return output
|
||||
else
|
||||
return ""
|
||||
end
|
||||
end
|
||||
--stringrandom(10)
|
||||
|
||||
local stringrandom_length = "" --create our random length variable
|
||||
if dynamic_javascript_vars_length == 1 then --if our javascript random var length is to be static
|
||||
stringrandom_length = dynamic_javascript_vars_length_static --set our length as our static value
|
||||
else --it is to be dynamic
|
||||
stringrandom_length = math.random(dynamic_javascript_vars_length_start, dynamic_javascript_vars_length_end) --set our length to be our dynamic min and max value
|
||||
end
|
||||
|
||||
--shuffle table function
|
||||
function shuffle(tbl)
|
||||
for i = #tbl, 2, -1 do
|
||||
@ -516,7 +546,7 @@ local function encrypt_javascript(string1, type, defer_async, num_encrypt, encry
|
||||
local chunks_order = {} --create our chunks table for string storage that stores the value only
|
||||
|
||||
while i <= l do
|
||||
local random_var = stringrandom(10) --create a random variable name to use
|
||||
local random_var = stringrandom(stringrandom_length) --create a random variable name to use
|
||||
--table.insert(chunks_order, "decodeURIComponent(escape(window.atob(_" .. random_var .. ")))")
|
||||
table.insert(chunks_order, "_" .. random_var .. "") --insert the value into our ordered table
|
||||
table.insert(chunks, 'var _' .. random_var .. '="' .. base64_javascript:sub(i,i+r).. '";') --insert our value into our table we will scramble
|
||||
@ -678,7 +708,7 @@ local function grant_access()
|
||||
--if x-auth-answer is correct to the user unique id time stamps etc meaning browser figured it out then set a new cookie that grants access without needed these checks
|
||||
local req_headers = ngx.req.get_headers() --get all request headers
|
||||
if req_headers["x-requested-with"] == "XMLHttpRequest" then --if request header matches request type of XMLHttpRequest
|
||||
if req_headers[x_tor_header_name] == x_tor_header_name_value then --if the header and value are what we expect then the client is legitimate
|
||||
if req_headers[x_tor_header_name] == x_tor_header_name_value and req_headers[x_auth_header_name] == JavascriptPuzzleVars_answer then --if the header and value are what we expect then the client is legitimate
|
||||
remote_addr = tor_remote_addr --set as our defined static tor variable to use
|
||||
|
||||
challenge = calculate_signature(remote_addr .. challenge_original .. currentdate) --create our encrypted unique identification for the user visiting the website again. (Stops a double page refresh loop)
|
||||
@ -792,7 +822,7 @@ if javascript_REQUEST_TYPE == "POST" then
|
||||
|
||||
end
|
||||
|
||||
local JavascriptPuzzleVariable_name = "_" .. stringrandom(10)
|
||||
local JavascriptPuzzleVariable_name = "_" .. stringrandom(stringrandom_length)
|
||||
|
||||
--[[
|
||||
Begin Tor Browser Checks
|
||||
|
||||
Reference in New Issue
Block a user