cookie bomb - how to protect?
coderman at gmail.com
Mon Jan 20 00:46:17 UTC 2014
On Sun, Jan 19, 2014 at 1:42 PM, mex <nginx-forum at nginx.us> wrote:
> hi coderman,
> icreasing the headerr_size is not a solution, since i look for a generic
> solution to circumvent
> the outcome of those malicious request.
> a possible way to handle this is a lighweight WAF-solution,
> lua comes to my mind :)
> p.s. we're working on a lighweight lua-based waf as addition to naxsi; but
> this is very
> early alpha atm, more on this later.
excellent! i agree this would be quite useful in general and
appropriate for this specific situation. i'm fond of Lua for
mysql-proxy, nmap, and other situations which share similar technical
demands for extending built in behavior.
i would love to know more as you make progress.
More information about the nginx