Installation

Installing the script

So to set the script up on your server for the first time is very simple.

Add this script to your Nginx configuration folder.

nginx/conf/lua/

Once installed into your nginx/conf/ folder.

Add this to your HTTP block or it can be in a server or location block depending where you want this script to run for individual locations the entire server or every single website on the server.

access_by_lua_file conf/lua/anti_ddos_challenge.lua;

Example nginx.conf :

This will run for all websites on the nginx server

http {
#nginx config settings etc
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
#more config settings and some server stuff
}

This will make it run for this website only

server {
#nginx config settings etc
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
#more config settings and some server stuff
}

This will run in this location block only

location / {
#nginx config settings etc
access_by_lua_file conf/lua/anti_ddos_challenge.lua;
#more config settings and some server stuff
}

Once you have the script working rather than have to remove the script from your Nginx configuration what is a tedious task just change this setting to turn the scripts protection on or off when your server goes under attack.

In the scripts settings you will see this configuration option.

--[[
Enable/disable script this feature allows you to turn on or off this script so you can leave this file in your nginx configuration permamently.
This way you don't have to remove access_by_lua_file anti_ddos_challenge.lua; to stop protecting your websites :) you can set up your nginx config and use this feature to enable or disable protection
1 = enabled
2 = disabled
]]
local master_switch = 1 --enabled by default

Change the value from 1 to 2 and the script will be disabled until you need to enable it if you go under attack.