TestCookie (Prevention of HTTP GET ATTACKS)

Discussion in 'Feedback/Feature Requests' started by midulc, Feb 3, 2013.

  1. midulc

    midulc New Member

    May you code a native and fast test cookie option, like this module for nGinx (https://github.com/kyprizel/testcoo...aster/src/ngx_http_testcookie_filter_module.c) .
    It should fastly test if the person is really human and not a bot by making a cookie with javascript, this cookie must be unique per user and should not be necesary for some ips (like google crawler), so you must be able to make a "whitelist for this". However the whitelist cannot be the "trusted ip list" because if you use the "USE CLIENT IP IN HEADER" (x-forwarded-for) it wont work.

    NOTE: MAKE SURE YOU INCLUDE AN IFRAME-BREAKER TO THE JAVASCRIPT THAT CREATES THE COOKIE.

    May you code this, please?
    It must run fast, I need this. Cloudflare uses this for "im under attack" option. Its one of the best methods.

Share This Page