-
-
Notifications
You must be signed in to change notification settings - Fork 305
Installation
Config settings are here : https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L171
So to set the script up on your server for the first time is very simple.
Add this script to your Nginx configuration folder.
nginx/conf/lua/
Once installed into your nginx/conf/ folder.
Add this to your HTTP block or it can be in a server or location block depending where you want this script to run for individual locations the entire server or every single website on the server.
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
lua_shared_dict antiddos_blocked 70m; #Anti-DDoS shared memory where blocked users are put
lua_shared_dict ddos_counter 10m; #Anti-DDoS shared memory zone to track total number of blocked users
lua_shared_dict jspuzzle_tracker 70m; #Anti-DDoS shared memory zone monitors each unique ip and number of times they stack up failing to solve the puzzle
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
This will run for all websites on the nginx server
I highly recommend you installing it here over other locations and using the settings and options i put inside the script to control the locations it runs on etc.
http {
#nginx config settings etc
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
lua_shared_dict antiddos_blocked 70m; #Anti-DDoS shared memory where blocked users are put
lua_shared_dict ddos_counter 10m; #Anti-DDoS shared memory zone to track total number of blocked users
lua_shared_dict jspuzzle_tracker 70m; #Anti-DDoS shared memory zone monitors each unique ip and number of times they stack up failing to solve the puzzle
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
#more config settings and some server stuff
}
This will make it run for this website only
server {
#nginx config settings etc
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
lua_shared_dict antiddos_blocked 70m; #Anti-DDoS shared memory where blocked users are put
lua_shared_dict ddos_counter 10m; #Anti-DDoS shared memory zone to track total number of blocked users
lua_shared_dict jspuzzle_tracker 70m; #Anti-DDoS shared memory zone monitors each unique ip and number of times they stack up failing to solve the puzzle
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
#more config settings and some server stuff
}
This will run in this location block only
location / {
#nginx config settings etc
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
lua_shared_dict antiddos_blocked 70m; #Anti-DDoS shared memory where blocked users are put
lua_shared_dict ddos_counter 10m; #Anti-DDoS shared memory zone to track total number of blocked users
lua_shared_dict jspuzzle_tracker 70m; #Anti-DDoS shared memory zone monitors each unique ip and number of times they stack up failing to solve the puzzle
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
#more config settings and some server stuff
}
Once you have the script working rather than have to remove the script from your Nginx configuration what is a tedious task just change this setting to turn the scripts protection on or off when your server goes under attack.
In the scripts settings you will see this configuration option.
--[[
Enable/disable script this feature allows you to turn on or off this script so you can leave this file in your nginx configuration permamently.
This way you don't have to remove access_by_lua_file anti_ddos_challenge.lua; to stop protecting your websites :) you can set up your nginx config and use this feature to enable or disable protection
1 = enabled
2 = disabled
]]
localized.master_switch = 1 --enabled by default
Change the value from 1 to 2 and the script will be disabled until you need to enable it if you go under attack.