cookie bomb - how to protect?

mex nginx-forum at
Sun Jan 19 21:42:05 UTC 2014

hi coderman, 

icreasing the headerr_size is not a solution, since i look for a generic
solution to circumvent 
the outcome of those malicious request.  

a possible way to handle this is a lighweight WAF-solution, 
lua comes to my mind :)



p.s. we're working on a lighweight lua-based waf as addition to naxsi; but
this is very
early alpha atm, more on this later.

Posted at Nginx Forum:,246597,246602#msg-246602

More information about the nginx mailing list