I'm currently trying to setup a WAF/DDOS protection using this script: https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua
Everything is working pretty well except that openresty/nginx returns the default 500 error page instead of the custom error_page shown below if one of the WAF rules gets a hit. See "WAF_URI_Request_table" at the script above.
each time the request gets blocked by these WAF rules I also get the following entry at my log:
2020/07/27 09:20:29 [error] 150#150: *16 rewrite or internal redirection cycle while internally redirecting to "/403.html", client: 172.21.0.5, server: localhost, request: "GET /test.php HTTP/1.1", host: "localhost"
My nginx configuration looks like this (shortened):
...
http {
upstream backend {
server 127.0.0.1:8000 max_fails=3 fail_timeout=60s;
}
...
server {
listen 80;
access_by_lua_file ddos_challenge.lua;
aio threads=default;
...
location @proxy_to_app {
proxy_pass http://backend;
aio threads;
proxy_read_timeout 100s;
proxy_connect_timeout 100s;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffers 16 4k;
proxy_buffer_size 2k;
proxy_intercept_errors on;
proxy_set_header Host $host;
uwsgi_intercept_errors on;
gzip on;
gzip_min_length 1024;
gzip_comp_level 3;
gzip_vary on;
gzip_disable msie6;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
}
location / {
try_files $uri @proxy_to_app;
}
...
error_page 412 414 416 444 495 496 497 500 501 502 504 507 /custom_error.html;
location = /custom_error.html {
root /app/templates/;
internal;
}
/custom_error.htmllocation above the/one? - un.def