Cavemanon/Nginx-Lua-Anti-DDoS
8
Fork 0
mirror of https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS.git synced 2023-12-14 04:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update anti_ddos_challenge.lua

Browse Source 
Added new features of an IP Address Whitelist and Blacklist to permamently grant access or deny access to specific users of your site.
This commit is contained in:
C0nw0nk
2019-09-14 22:56:08 +01:00
committed by GitHub
parent 974e711ea6
commit 499bc58631
1 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
lua/anti_ddos_challenge.lua
View File

@ -176,6 +176,28 @@ Encrypt/Obfuscate Javascript output to prevent content scrappers and bots decryp
]] ]]
local encrypt_javascript_output = 0 local encrypt_javascript_output = 0
--[[
IP Address Whitelist
Any IP Addresses specified here will be whitelisted to grant direct access to your site bypassing our firewall checks
you can specify IP's like search engine crawler ip addresses here most search engines are smart enough they do not need to be specified,
Major search engines can execute javascript such as Google, Yandex, Bing, Baidu and such so they can solve the auth page puzzle and index your site same as how companies like Cloudflare, Succuri, BitMitigate etc work and your site is still indexed.
]]
local ip_whitelist_remote_addr = ngx.var.remote_addr --Users IP address
local ip_whitelist = {
--"127.0.0.1", --localhost
--"192.168.0.1", --localhost
}
--[[
IP Address Blacklist
To block access to any abusive IP's that you do not want to ever access your website
]]
local ip_blacklist_remote_addr = ngx.var.remote_addr --Users IP address
local ip_blacklist = {
--"127.0.0.1", --localhost
--"192.168.0.1", --localhost
}
--[[ --[[
TODO: TODO:
Google ReCaptcha Google ReCaptcha
@ -198,6 +220,31 @@ This is where things get very complex. ;)
Begin Required Functions Begin Required Functions
]] ]]
--function to check if ip address is whitelisted to bypass our auth
local function check_ip_whitelist(ip_table)
for key,value in pairs(ip_table) do
if value == ip_whitelist_remote_addr then --if our ip address matches with one in the whitelist
local output = ngx.exit(ngx.OK) --Go to content
return output
end
end
return --no ip was in the whitelist
end
check_ip_whitelist(ip_whitelist) --run whitelist check function
local function check_ip_blacklist(ip_table)
for key,value in pairs(ip_table) do
if value == ip_blacklist_remote_addr then
local output = ngx.exit(ngx.HTTP_FORBIDDEN) --deny user access
return output
end
end
return --no ip was in blacklist
end
check_ip_blacklist(ip_blacklist) --run blacklist check function
--function to encrypt strings with our secret key / password provided --function to encrypt strings with our secret key / password provided
local function calculate_signature(str) local function calculate_signature(str)
return ngx.encode_base64(ngx.hmac_sha1(secret, ngx.md5(str))) return ngx.encode_base64(ngx.hmac_sha1(secret, ngx.md5(str)))