Knowledgebase

Portal Home > Knowledgebase > Articles Database > Nginx: javascript+cookie to protect ddos


Nginx: javascript+cookie to protect ddos




Posted by raffo, 05-29-2014, 10:40 PM
Hi all! I have configured nginx to serve HTTP (200) content only if client accept a encrypted cookie generated with javascript from the browser. 1. client request the url 2. server send html code with javascript that create and encrypt cookie in aes 3. client send other requests and if have the right cookie, the server will reply HTTP 200 on all other url. This is totally transparent mitigation, user just see (very fast)redirect page on the first connection/request. GoogleBot, MSN and Yahoo search engine has put in whitelist by IP CIDR. My question is: may got penalized from spiders, while we only accept http traffic with cookie and javascript enable? Some bot are not capable to browse us if we enable javascript aes key, with cookie much bot can browse us (because can parse cookie also with curl tool).
Posted by magentoexpert, 05-31-2014, 06:57 PM
It 's nice to see your site to try this way, it look really effective to anti-ddos but not sure SearchEngine work with it well or not. I think the best way is still the traditional firewall but if you have the demo site, could you put here so I can take a look to learn from you?
Posted by raffo, 06-01-2014, 04:49 AM
Hi! I don't have a website to publish here while this configuration is a test.. But i have installed a new VM and configured a domain which can test, there are some files, php, binary files for download speed and images. Stats: http://zbyte.it/munin/ http://zbyte.it/nginx_status Test files: http://zbyte.it/test/PHP-Scripts/php...ata=word-to-QR http://zbyte.it/test/PHP-Scripts/info.php http://zbyte.it/test/PHP-Scripts/random2.php There are some limits: - connection speed - simultaneous connections - concurrent requests/s - http request - if file dynamic the cookie is generated by javascript - if file is static, cookie is generated by nginx/headers http - not all files have cookie restriction Please, test it and let me know


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
A few words about DNS cache poisoning? (Views: 460)
yum repositories for latest LAMP (Views: 471)
apache vs kloxo (lighthttpd) (Views: 493)
htaccess rewrite with GET reqs. (Views: 457)
Xen HVM Partition (Views: 458)

Language: