cookie bomb - how to protect?

mex nginx-forum at nginx.us
Sun Jan 19 21:42:05 UTC 2014


hi coderman, 

icreasing the headerr_size is not a solution, since i look for a generic
solution to circumvent 
the outcome of those malicious request.  

a possible way to handle this is a lighweight WAF-solution, 
lua comes to my mind :)



regards, 

mex

p.s. we're working on a lighweight lua-based waf as addition to naxsi; but
this is very
early alpha atm, more on this later.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,246597,246602#msg-246602



More information about the nginx mailing list