{"id":13489837,"url":"https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS","last_synced_at":"2025-03-28T05:31:21.813Z","repository":{"id":40047568,"uuid":"203681009","full_name":"C0nw0nk/Nginx-Lua-Anti-DDoS","owner":"C0nw0nk","description":"A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging \u0026 Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc","archived":false,"fork":false,"pushed_at":"2023-02-24T19:03:37.000Z","size":133,"stargazers_count":1208,"open_issues_count":43,"forks_count":276,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-03-25T17:19:32.923Z","etag":null,"topics":["anti-ddos","anti-ddos-script","attack-mode","bitmitigate","cloudflare","ddos","ddos-attack","ddos-mitigation","denial-of-service","distributed-denial-of-service","dos","exploit","html","javascript","lua","nginx-lua","protection","security","sucuri","traffic"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/C0nw0nk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"github":["C0nw0nk"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://paypal.me/wimbledonfc","https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick\u0026hosted_button_id=ZH9PFY62YSD7U\u0026source=url","https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/funding"]}},"created_at":"2019-08-21T23:52:09.000Z","updated_at":"2025-03-21T03:53:37.000Z","dependencies_parsed_at":"2022-07-28T00:46:59.891Z","dependency_job_id":"feada201-bd84-41c3-b0e9-0c4395fe9a2a","html_url":"https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C0nw0nk%2FNginx-Lua-Anti-DDoS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C0nw0nk%2FNginx-Lua-Anti-DDoS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C0nw0nk%2FNginx-Lua-Anti-DDoS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C0nw0nk%2FNginx-Lua-Anti-DDoS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/C0nw0nk","download_url":"https://codeload.github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245978200,"owners_count":20703675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-ddos","anti-ddos-script","attack-mode","bitmitigate","cloudflare","ddos","ddos-attack","ddos-mitigation","denial-of-service","distributed-denial-of-service","dos","exploit","html","javascript","lua","nginx-lua","protection","security","sucuri","traffic"],"created_at":"2024-07-31T19:00:36.312Z","updated_at":"2025-03-28T05:31:20.066Z","avatar_url":"https://github.com/C0nw0nk.png","language":"Lua","readme":"[![Languages](https://img.shields.io/github/languages/count/C0nw0nk/Nginx-Lua-Anti-DDoS) ![Top language](https://img.shields.io/github/languages/top/C0nw0nk/Nginx-Lua-Anti-DDoS) ![File size](https://img.shields.io/github/size/C0nw0nk/Nginx-Lua-Anti-DDoS/lua/anti_ddos_challenge.lua)](https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/funding)\n\n[![Cloudflare I am Under Attack Mode!](https://blog.cloudflare.com/content/images/im_under_attack_page.png.scaled500.png)](https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/funding)\n\n# Nginx-Lua-Anti-DDoS\nA Anti-DDoS script to protect Nginx web servers using Lua with a Javascript based authentication puzzle inspired by Cloudflare I am under attack mode I built my own Anti-DDoS authentication HTML page puzzle intergrating my Lua, Javascript, HTML and HTTP knowledge.\n\nMitigate a DDoS attack of any size using my free DDoS protection. Don't get ddos attacked!\n\nIf you're under attack and use my script during the attack, visitors will receive an interstitial page for about five seconds while I analyze the traffic to make sure it is a legitimate human visitor.\n\nThis can protect you from many different forms of DDoS works with both HTTP and HTTPS / SSL traffic.\n\nNo limit on attack size\nUptime guarantee\n\n# Features :\n\nThese are some of the features I built into the script so far.\n\n## Security\n\nI am Under Attack Mode (DDoS Authentication HTML Page)\n\nIP Address Whitelist\n\nIP Subnet Ranges Whitelist\n\nIP Address Blacklist\n\nIP Subnet Ranges Blacklist\n\nUser-Agent Whitelist\n\nUser-Agent Blacklist\n\nProtected area / Restricted access field username / password box to restrict access to sites / paths.\n\n## WAF (Web Application Firewall)\n\nIPv4 and IPv6 blocking and whitelisting including subnet ranges.\n\nUser-Agent blocking and whitelisting to block bad bots and exploits / scanners.\n\nAbility to inspect POST Data / Fields and block malicious POST requests / exploits.\n\nAbility to inspect URL for malicious content SQL/SQI Injections XSS attacks / exploits.\n\nAbility to inspect query strings and arguements for malicious content / exploits.\n\nAbility to inspect all Request Headers provided by the client connecting.\n\nAbility to inspect cookies for exploits.\n\n## Caching Speed and Performance\n\nQuery String Sorting\n\nQuery String Whitelist\n\nQuery String Removal (It is a blacklist but it will just drop / remove the argument from the URL not block the request)\n\nMinification / Compression of files removing white space and nulled out code / lines JS JavaScript, CSS Stylesheets, HTML etc\n\n## Customization of error pages responses and webpage outputs\n\nCustom error page interception to replace with your own error pages\n\nHide Web application errors such as PHP errorrs MySQL errors it will intercept them and display a custom error page instead of showing visitors sensative information\n\nModify webpage outputs to replace contents on pages / files\n\n# Information :\n\nIf you have any bugs issues or problems just post a Issue request.\n\nhttps://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/issues\n\nIf you fork or make any changes to improve this or fix problems please do make a pull request for the community who also use this. \n\nhttps://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/pulls\n\n# Usage / Installation :\n\nEdit settings inside `anti_ddos_challenge.lua` to cater for your own unique needs or improve my work. (Please share your soloutions and additions)\n\nhttps://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L55\n\nAdd this to your Nginx configuration folder.\n\n`nginx/conf/lua/`\n\nOnce installed into your `nginx/conf/` folder.\n\nAdd this to your HTTP block or it can be in a server or location block depending where you want this script to run for individual locations the entire server or every single website on the server.\n\n```\naccess_by_lua_file anti_ddos_challenge.lua;\n```\n\n### Example nginx.conf :\n\nThis will run for all websites on the nginx server\n\n```\nhttp {\n#nginx config settings etc\naccess_by_lua_file anti_ddos_challenge.lua;\n#more config settings and some server stuff\n}\n```\n\nThis will make it run for this website only\n\n```\nserver {\n#nginx config settings etc\naccess_by_lua_file anti_ddos_challenge.lua;\n#more config settings and some server stuff\n}\n```\n\nThis will run in this location block only\n\n```\nlocation / {\n#nginx config settings etc\naccess_by_lua_file anti_ddos_challenge.lua;\n#more config settings and some server stuff\n}\n```\n\n### Other setup options\n\nhttps://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki\n\nFor setting up the script to run with Tor .onion services, Cloudflares proxy services, Configuration options of the script view the wiki.\n\n# Requirements :\nNONE! :D You only need Nginx + Lua to use my scripts.\n\n###### Where can you download Nginx + Lua ?\n\nOpenresty provide Nginx + Lua builds for Windows Linux etc here.\n\nhttps://openresty.org/en/download.html\n\nNginx4windows has Windows specific builds with Lua here.\n\nhttp://nginx-win.ecsds.eu/\n\nOr you can download the source code for Nginx here and compile Nginx yourself with Lua.\n\nhttps://nginx.org/en/download.html\n\n# About :\n\nI was inspired to create this because of Cloudflare feature \"I'm Under Attack Mode\" https://www.cloudflare.com/\n\nThere are similar sites and services like BitMitigate but I prefer my own script over their methods.\n\n```\nIf you're under attack and have this feature enabled during the attack, visitors will receive an interstitial page for about five seconds while we analyze the traffic to make sure it is a legitimate human visitor.\n\nAdvanced DDoS Attack Protection\n\nUnmetered DDoS mitigation to maintain performance and availability\n\nDenial of Service attacks continue to grow in sophistication and force: more distributed, greater volumes of traffic, and encroaching on the application layer.\n\nA successful attack increases unnecessary costs on your infrastructure and IT/security staff. More importantly, it hurts your revenue, customer satisfaction, and brand.\n\nTo combat attacks and stay online, you’ll need a solution that’s resilient scalable, and intelligent.\n\nMitigate a DDoS attack of any size or duration, Don't get ddos attacked!\n```\n\nI love that feature so much ontop of having it enabled on all my Cloudflare proxied sites I decided to make it into a feature on my own servers so the traffic that hits my servers without coming from Cloudflares network is kept in check and authenticated! (Every little helps right!)\n\nThank you to @Cloudflare for the inspiration and your community for all the love, A big thanks to the @openresty community you guys rock Lua rocks you are all so awesome!\n\nLets build a better internet together! Where Speed, Privacy, Security and Compression matter!\n\nHere are links to my favorite communities :)\n\nhttp://openresty.org/en/\n\nhttps://community.cloudflare.com/\n\n# Protected attack types :\n```\nAll Layer 7 Attacks\nMitigating Historic Attacks\nDoS\nDoS Implications\nDDoS\nAll Brute Force Attacks\nZero day exploits\nSocial Engineering\nRainbow Tables\nPassword Cracking Tools\nPassword Lists\nDictionary Attacks\nTime Delay\nAny Hosting Provider\nAny CMS or Custom Website\nUnlimited Attempt Frequency\nSearch Attacks\nHTTP Basic Authentication\nHTTP Digest Authentication\nHTML Form Based Authentication\nMask Attacks\nRule-Based Search Attacks\nCombinator Attacks\nBotnet Attacks\nUnauthorized IPs\nIP Whitelisting\nBruter\nTHC Hydra\nJohn the Ripper\nBrutus\nOphcrack\nunauthorized logins\nInjection\nBroken Authentication and Session Management\nSensitive Data Exposure\nXML External Entities (XXE)\nBroken Access Control\nSecurity Misconfiguration\nCross-Site Scripting (XSS)\nInsecure Deserialization\nUsing Components with Known Vulnerabilities\nInsufficient Logging \u0026 Monitoring\nAnd many others…\n```\n# Features :\n\n# Advanced DDoS Attack Protection\nMy script gives you Unmetered DDoS mitigation to maintain performance and availability for free\nDenial of Service attacks continue to grow in sophistication and force: more distributed, greater volumes of traffic, and encroaching on the application layer.\nA successful attack increases unnecessary costs on your infrastructure and IT/security staff. More importantly, it hurts your revenue, customer satisfaction, and brand.\nTo combat attacks and stay online, you’ll need a solution that’s resilient scalable, and intelligent.\n\n#### Common Types of DDoS Attacks\n\n# Block Malicious Bot Abuse\nBlock abusive bots from damaging Internet properties through content scraping, fraudulent checkout, and account takeover.\n\n# Prevent Customer Data Breach\nPrevent attackers from compromising sensitive customer data, such as user credentials, credit card information, and other personally identifiable information.\n\n#### Layered Security Defense\nlayered security approach combines multiple DDoS mitigation capabilities into one service. It prevents disruptions caused by bad traffic, while allowing good traffic through, keeping websites, applications and APIs highly available and performant.\n#### HTTP Flood (Layer 7)\nHTTP flood attacks generate high volumes of HTTP, GET, or POST requests from multiple sources, targeting the application layer, causing service degradation or unavailability.\n\nDefend against the largest attacks\n\n# Shared Network Intelligence / Collective Intelligence\nWith every new property, contributor and person using this script your help and contributions to this script makes everyones network safer. You are helping identify and block new and evolving threats across the entire internet back bone / infrastructure.\n\n# No Performance Tradeoffs\nEliminate security induced latencies by integrating my script with your servers. You do not need to rely on third party services like Cloudflare, BitMitigate, Sucuri or other such CDN Cloud distributed networks or companies anymore I have given you the tool for free.\n\n# Web Application Firewall\nenterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests and protectects your existing infrastructure.\n\n# Rate Limiting\n\nControl to block suspicious visitors\n\nRate Limiting protects against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeting the application layer.\n\nRate Limiting provides the ability to configure thresholds, define responses, and gain valuable insights into specific URLs of websites, applications, or API endpoints. It adds granular HTTP/HTTPS traffic control. This also reduces bandwidth costs by eliminating unpredictable traffic spikes or attacks.\n\n# Protect any Web Application\nThis script can protect every web application ever built.\n```\nDrupal\nWordPress\nJoomla\nFlash\nMagento\nPHP\nPlone\nWHMCS\nAtlassian Products\nAdult video script avs\nKVS Kernel Video Sharing\nClip Bucket\nTube sites\nContent Management Systems\nSocial networks\nscripts\nbackends proxy proxies\nPHP\nPython\nPorn sites xxx adult\ngaming networks servers sites\nforums\nvbulletin\nphpbb\nmybb\nsmf simple machines forum\nxenforo\nweb hosting\nAnd many more...\n```\n\n# Tor network / Project .onion :\nYou can also use this script to protect servers and sites on the Tor network preventing ddos on .onion links. It can help stop attacks on the deepweb / darkweb aswell as on the mainline internet for those who browse your site through the tor browser it makes sure they are legitimate users.\n\n# HTTP(S) / HTTP2 / HTTP3 / QUIC :\nSo with modern internet protocols yes this script does work with all of them! It can protect both encrypted and unencrypted connections and traffic served over TCP aswell as UDP the new method for HTTP3/QUIC connections.\n\n# Works with :\nNginx\n\nNginx + Lua\n\nOpenresty\n\nCustom Nginx builds with Lua compiled\n\nLitespeed / Litespeedtech as can be seen here https://openlitespeed.org/kb/openlitespeed-lua-module/ the reason this works with Litespeed Lua is because they use Openresty Lua builds on their server as can be understood here https://openlitespeed.org/kb/openlitespeed-lua-module/#Use\n","funding_links":["https://github.com/sponsors/C0nw0nk","https://paypal.me/wimbledonfc","https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick\u0026hosted_button_id=ZH9PFY62YSD7U\u0026source=url","https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/funding"],"categories":["Lua","Libraries"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FC0nw0nk%2FNginx-Lua-Anti-DDoS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FC0nw0nk%2FNginx-Lua-Anti-DDoS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FC0nw0nk%2FNginx-Lua-Anti-DDoS/lists"}