Guard websites with a secret handshake [ngx_http_knock_module]

SplitIce mat999 at gmail.com
Tue Aug 19 02:54:16 UTC 2014


Is it just me or would access_records be per worker and hence this module
not work with workers > 1 ?

Additionally
for (i = 0; i < NGX_HTTP_KNOCK__IP_DB_SIZE && i <
ngx_http_knock_next_free_slot; i++) {
if (access_records[i].ip_addr == ip_addr)

Perhaps using the nginx Red-Black tree here would lead to better
performance (in place of O(n)) and remove the limitation on number of IPs.


On Tue, Aug 19, 2014 at 9:50 AM, Phillip Taylor (nginx) <
nginx at philliptaylor.net> wrote:

> Hello everyone,
>
> I've written a module for nginx that takes the concept of "Port Knocking"
> and applies it to websites. When you visit an configured nginx website, it
> returns a 404 "page not found" error. However if you go to secret urls,
> even though they all, on the service appear to return 404, you are secretly
> handshaking with nginx. After you've hit the magic combination you ip is
> logged server side, and you're allowed to the visit the site (that is, it
> returns content instead of 404).
>
> The benefits include:
> * private websites
> * protect login pages against bots and scripts
> * protect against zero day exploits
> * protect against known exploits if you're slow to defend the site.
>
> The code, documentation and even a link to demonstration youtube video is
> available here:
>
> https://github.com/PhillipTaylor/ngx_http_knock_module
>
> I contact this mailing list:
>
> * to raise awareness that I have developed it.
> * for possibly inclusion on the 3rd Party Modules page for nginx (
> http://wiki.nginx.org/3rdPartyModules)
> * to ask if you would be so kind to provide some code review feedback and
> advice regarding its quality.
> * and any other thoughts.
>
> Thank you
>
> Phillip Taylor
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140819/66e31620/attachment.html>


More information about the nginx-devel mailing list