cookie bomb - how to protect?

coderman coderman at
Mon Jan 20 00:46:17 UTC 2014

On Sun, Jan 19, 2014 at 1:42 PM, mex <nginx-forum at> wrote:
> hi coderman,
> icreasing the headerr_size is not a solution, since i look for a generic
> solution to circumvent
> the outcome of those malicious request.
> a possible way to handle this is a lighweight WAF-solution,
> lua comes to my mind :)
> ...
> p.s. we're working on a lighweight lua-based waf as addition to naxsi; but
> this is very
> early alpha atm, more on this later.

excellent!  i agree this would be quite useful in general and
appropriate for this specific situation.  i'm fond of Lua for
mysql-proxy, nmap, and other situations which share similar technical
demands for extending built in behavior.

i would love to know more as you make progress.

best regards,

More information about the nginx mailing list