To use the new version of secret_cookie module In the nginx's config, you can use the following directives: + secret_cookie : Turn on or turn off the module functionality Note: If the module is turned off, all cookie check will return true. + secret_cookie_def on/off name=NAME rule=RULE duration=DURATION salt=SALT ua_limit=UA_LIMIT log=on/off This directive define one secret_cookieby tqvn2004 - Nginx Mailing List - English
For someone who is interested in using this module To compile with nginx, do the following steps: 1. Download Nginx source code from http://wiki.nginx.org/NginxInstall, and put them in, let's say, folder 'nginx' 2. Install OpenSSL for your Linux. 3. You need also to download OpenSSL source code, and copy folder openssl/crypto/sha to nginx/src. This step is important, as the secret_cookby tqvn2004 - Nginx Mailing List - English
I think you could do something like this: # save old uri + arguments: set $original_uri $uri$is_args$args; # perform rewrite: rewrite ^(.*)$ /new_uri/index.php; # later on, in location defined downstream handler, add: proxy_set_header X-Rewrite-URL $original_uri; Never try it out, but hope it helps!by tqvn2004 - Nginx Mailing List - English
Thank to nginx, our server was able to mitigate the Slowloris DoS attack, which killed Apache with partial or malformed HTTP headers. The above mentioned secret_cookie module helped to filter out all other valid botnet requests with this config: ## If secret_cookie not set, redirect to verification page if ($secret_cookie_not_set) { #store the old uri set $uri_old $uri$is_args$args;by tqvn2004 - Nginx Mailing List - English
Not sure if anyone interested in this module, but here is the code I made: /* * Author: tqvn2004 * Date: 24/02/2010 */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> #include <ngx_sha1.h> /* * The module set the $secret_cookie variable * to "true" if a secret cookie is set at client. * Based on the variable, user caby tqvn2004 - Nginx Mailing List - English
Hi, I am writing a module to do the above-mentioned task. I need to access system date, or the date of the request (for example $_SERVER['REQUEST_TIME'] in PHP) to put into security session; but I could not find this variable in Nginx 7.x. Exists such variable in Nginx, or I have to get the value from external library? Thanks in advance!by tqvn2004 - Nginx Mailing List - English
Hi guys, I am planning to use nginx as reserve proxy in front my Apache server. Our site is under heavy DoS attack, where attacker sends a lot of malformed HTTP request to flood Apache. I intend to filter out the attacker by: - Setting up nginx as reserve proxy - If user connect for the first time, redirect to a test.php page, where a captcha is used to detect if it is really human. -by tqvn2004 - Nginx Mailing List - English