Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers
c0nw0nk
nginx-forum at forum.nginx.org
Tue Sep 13 09:34:30 UTC 2016
> gariac Wrote:
> -------------------------------------------------------
> > What about Roboo? It requires a cookie on the website before the
> > download takes place. (My usual warning this is my understanding of
> > how it works, but I have no first hand knowledge.) I presume the
> hot
> > linkers won't have the cookie.
> >
> > https://github.com/yuri-gushin/Roboo
On top of my previous posted example bypass that with a proxy_set_header
Cookie "cookiename=cookievalue";
I don't know why anyone would use that if all it does it require a cookie to
download you could achieve it even more simple like this.
if ($http_cookie = "^$") { #If client has no cookies
return 444;
}
Or as a whitelist.
if ($cookie_cookiename != "cookievalue") {
return 444;
}
But a fake proxy stealing your traffic can bypass that with this
proxy_set_header Cookie "cookiename=cookievalue";
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269502,269508#msg-269508
More information about the nginx
mailing list