Guard websites with a secret handshake [ngx_http_knock_module]
Phillip Taylor (nginx)
nginx at philliptaylor.net
Mon Aug 18 23:50:31 UTC 2014
I've written a module for nginx that takes the concept of "Port
Knocking" and applies it to websites. When you visit an configured nginx
website, it returns a 404 "page not found" error. However if you go to
secret urls, even though they all, on the service appear to return 404,
you are secretly handshaking with nginx. After you've hit the magic
combination you ip is logged server side, and you're allowed to the
visit the site (that is, it returns content instead of 404).
The benefits include:
* private websites
* protect login pages against bots and scripts
* protect against zero day exploits
* protect against known exploits if you're slow to defend the site.
The code, documentation and even a link to demonstration youtube video
is available here:
I contact this mailing list:
* to raise awareness that I have developed it.
* for possibly inclusion on the 3rd Party Modules page for nginx
* to ask if you would be so kind to provide some code review feedback
and advice regarding its quality.
* and any other thoughts.
More information about the nginx-devel