cookie bomb - how to protect?
nginx-forum at nginx.us
Sun Jan 19 21:42:05 UTC 2014
icreasing the headerr_size is not a solution, since i look for a generic
solution to circumvent
the outcome of those malicious request.
a possible way to handle this is a lighweight WAF-solution,
lua comes to my mind :)
p.s. we're working on a lighweight lua-based waf as addition to naxsi; but
this is very
early alpha atm, more on this later.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,246597,246602#msg-246602
More information about the nginx