From 655b82f49c83b6e72b6908179006c5b091c4e44f Mon Sep 17 00:00:00 2001
From: C0nw0nk <C0nw0nks@googlemail.com>
Date: Sun, 25 Aug 2019 23:50:50 +0100
Subject: [PATCH] Update anti_ddos_challenge.lua

Improve security on header making it unique to each individual client/user that visits the website.
---
 lua/anti_ddos_challenge.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lua/anti_ddos_challenge.lua b/lua/anti_ddos_challenge.lua
index 901a0ea..6180145 100644
--- a/lua/anti_ddos_challenge.lua
+++ b/lua/anti_ddos_challenge.lua
@@ -231,8 +231,8 @@ end
 
 local answer = calculate_signature(remote_addr) --create our encrypted unique identification for the user visiting the website.
 
-if x_auth_header == 2 then --GET request
-	x_auth_header_name = calculate_signature(os.date("%Y%m%d",os.time()-24*60*60)):gsub("_","") --make the header todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
+if x_auth_header == 2 then --if x-auth-header is dynamic
+	x_auth_header_name = calculate_signature(remote_addr .. os.date("%Y%m%d",os.time()-24*60*60)):gsub("_","") --make the header unique to the client and for todays date encrypted so every 24 hours this will change and can't be guessed by bots gsub because header bug with underscores so underscore needs to be removed
 end
 
 --[[