Skip to content

Script Overrides

Jump to bottom
Conor McKnight edited this page May 15, 2026 · 15 revisions

The ability for script settings to be controlled from nginx configuration file nginx.conf or vhosts useful for those who do not want to edit the script but can instead use their vhosts virtual hosts or nginx config files to change settings of the script.

init_by_lua / init_by_lua_block have maximum size limits / lengths inside nginx.conf for large configurations use init_by_lua_file and use a .lua file where there are no limits to size.

Example: nginx.conf inside the http block

http {

#shared memory addresses in http block
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
lua_shared_dict antiddos_blocked 70m; #Anti-DDoS shared memory where blocked users are put
lua_shared_dict ddos_counter 10m; #Anti-DDoS shared memory zone to track total number of blocked users
lua_shared_dict jspuzzle_tracker 70m; #Anti-DDoS shared memory zone monitors each unique ip and number of times they stack up failing to solve the puzzle

#nginx config settings etc
access_by_lua_file anti_ddos_challenge.lua;
#more config settings and some server stuff

# Override Anti-DDoS script settings with our own
# for large configurations use
#init_by_lua_file custom_settings.lua #you can make your configurations as big as you like without hitting limits
init_by_lua '

if localized_global == nil then --if global not exists
localized_global = {} --define global var that script can read
end
localized_global.secret = " enigma" --nginx config now sets secret key and the script will use the secret key from here
localized_global.credits = 2 --disable ddos credits

';

}

I want each website or server address to use its own settings ? Heres how.

http {

#shared memory addresses in http block
lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
lua_shared_dict antiddos_blocked 70m; #Anti-DDoS shared memory where blocked users are put
lua_shared_dict ddos_counter 10m; #Anti-DDoS shared memory zone to track total number of blocked users
lua_shared_dict jspuzzle_tracker 70m; #Anti-DDoS shared memory zone monitors each unique ip and number of times they stack up failing to solve the puzzle

#nginx config settings etc
access_by_lua_file anti_ddos_challenge.lua;
#more config settings and some server stuff

server {
listen 80; #ipv4
listen [::]:80; #ipv6
server_name  localhost;

# Override Anti-DDoS script settings with our own
# for large configurations use
#set_by_lua_file $localized_global custom_settings.lua #you can make your configurations as big as you like without hitting limits
set_by_lua $localized_global '

local load = load
local localized_global = [[
if localized_global == nil then --if global not exists
localized_global = {} --define global var that script can read
end
localized_global.secret = " enigma" --nginx config now sets secret key and the script will use the secret key from here
localized_global.credits = 2 --disable ddos credits
localized_global.content_cache = nil --disable content caching
localized_global.WAF_Header_Request_table = nil --disable WAF Header checks
]]
return load(localized_global,"=localized_global_settings")() --loadstring to run lua code from our set ngx variable

';

location / {
root   html;
index  index.html index.htm;
}

} #end server block

} #end http block

As you can see rather than using init_by_lua what would be in the http { block we use set_by_lua $localized_global what can be used inside the server { block and as you can see from this page the execution order of phases in nginx lua set_by_ executes before the access phase.

Wiki page on Execution ordering

Clone this wiki locally