-
-
Notifications
You must be signed in to change notification settings - Fork 270
Tor
This script can protect Tor services from distributed denial of service attacks.
Run Nginx infront of your Tor service and proxy traffic to your Tor server via Nginx.
Because Tor .onion services have dynamic IP addresses we can't rely on the user to send us a IP and refresh / navigate to a new page without the IP changing again, So we use something static that they send us that should not change that we can latch onto what is their User-Agent in their Header requests fields.
By Default the script can detect and set what it needs to grant Tor users access without you needing to do anything so you should not need to change anything.
You should leave the following line at its default setting : https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L62
local remote_addr = "auto"
But If you want to run this script for Tor services only and if you don't trust the automated nature of my script you can change it to the following setting.
Modify the following line : https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L62
To this :
local remote_addr = "tor"
That will make the script support Tor users only where as under auto the script will support Tor clients, Cloudflare Proxied Clients, Direct connections to your server, Litespeed Clients, Proxied clients and more. What is why I advise to leave it at its default setting for best compatibility.