February 10, 2011 07:42AM
[b]To use the new version of secret_cookie module[/b]

In the nginx's config, you can use the following directives:

+ secret_cookie [on/off] : Turn on or turn off the module functionality

Note: If the module is turned off, all cookie check will return true.

+ secret_cookie_def on/off name=NAME rule=RULE duration=DURATION salt=SALT ua_limit=UA_LIMIT log=on/off

This directive define one secret_cookie check (you can define more than one as required). You can set individual secret_cookie check to on or off separately. Other settings are:

- NAME: Name of the cookie of interest.

- RULE: If a cookie with such a name existed in HTTP header, secret_cookie module will check it again this rule. The rule is: t = time to live, s=salt value, u=user agent, a=remote IP address. For example, rule=usat will check if the content of the cookie of interest is the sha value of user agent + salt value + remote IP address + time to live. You can repeat the rule if required (for example, rule=susast will add salt repeatedly for several place)

- DURATION: The time for the cookie to live. If the cookie is valid for 1 hour, then duration=3600. The duration check is only meaningful if rule contains "time to live".

- SALT: A random string to increase the secure of secret cookie. Only meaningful if the rule contains salt.

- UA_LIMIT: Sometime the user agent can be very long, which will cause problem for secret_cookie check (more processing time, more memory etc). You can limit the check to only first few byte of the user agent. For example, ua_limit=25 means checking only first 25 bytes.

- log=on/off: Turn on or off the logging of secret_cookie checking.

One example config with secret_cookie module enable:

[code]
# Turn secret_cookie module on
secret_cookie on;
# Duration: 1 day = 86400, 2 day = 172800, 3 day = 259200, 1 weeks = 604800
# Define AntiDoS cookie
secret_cookie_def on name=AntiDoS rule=sutas duration=86400 salt=2j3ns3a ua_limit=10 log=off;
# Define RestrictedArea cooke
secret_cookie_def on name=RestrictedArea rule=tsau duration=7200 salt=3nh3323 us_limit=20 log=on;

# If AntiDoS cookie is not set, redirect to verification page
if ($secret_cookie_value !~ (AntiDoS)) {
rewrite ^(.*)$ /verification/index.php;
}

location ~* /verification/.*\.php$ {
# This is the verification location, where you should setup a php captcha for user/bot identification.
# If captcha is valid, assign user an AntiDoS cookie which match the above rule.
}

# These are protected areas, only Admin can enter
location ~* ^/(admin|forum/admincp)/ {
# If RestrictedArea cookie is not set, then redirect to admin verification page
if ($secret_cookie_value !~ (RestrictedArea)){
rewrite ^(.*)$ /admin_verification/index.php last;
}
}

location ~* /admin_verification/.*\.php$ {
# Again, this is verification location, where you should setup a php captcha for admin identification.
# If captcha is valid, assign admin an RestrictedArea cookie which match the above rule.
}

[/code]
Subject Author Posted

Redirect based on php-set cookies

tqvn2004 February 18, 2010 05:04PM

Re: Redirect based on php-set cookies

tqvn2004 February 22, 2010 04:11PM

Re: Redirect based on php-set cookies

tqvn2004 September 21, 2010 04:05PM

Re: Redirect based on php-set cookies

tqvn2004 February 10, 2011 07:11AM

Re: Redirect based on php-set cookies

tqvn2004 February 10, 2011 07:42AM

Re: Redirect based on php-set cookies

Kev December 10, 2011 11:21AM

Re: Redirect based on php-set cookies

tqvn2004 February 24, 2010 09:06AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 53
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready