LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Feedback/Feature Requests > TestCookie (Prevention of HTTP GET ATTACKS)

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-03-2013, 03:37 PM
midulc midulc is offline
Member
  
Join Date: Jun 2012
Posts: 15
Default TestCookie (Prevention of HTTP GET ATTACKS)
May you code a native and fast test cookie option, like this module for nGinx (https://github.com/kyprizel/testcook...ilter_module.c) .
It should fastly test if the person is really human and not a bot by making a cookie with javascript, this cookie must be unique per user and should not be necesary for some ips (like google crawler), so you must be able to make a "whitelist for this". However the whitelist cannot be the "trusted ip list" because if you use the "USE CLIENT IP IN HEADER" (x-forwarded-for) it wont work.

NOTE: MAKE SURE YOU INCLUDE AN IFRAME-BREAKER TO THE JAVASCRIPT THAT CREATES THE COOKIE.

May you code this, please?
It must run fast, I need this. Cloudflare uses this for "im under attack" option. Its one of the best methods.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 12:26 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.