Testcookie

This module provides bot protection using a cookie-based "challenge-response" mechanism.

Loading the Module

Enable the module in the main{} context:

load_module modules/ngx_http_testcookie_access_module.so;

Configuration Example

http {
    testcookie off;
    testcookie_name BPC;
    testcookie_secret keepmesecret;
    testcookie_session $remote_addr;
    testcookie_arg ckattempt;
    testcookie_max_attempts 3;
    testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
    testcookie_fallback http://google.com/cookies.html?backurl=http://$host$request_uri;

    testcookie_whitelist {
        8.8.8.8/32;
    }

    testcookie_redirect_via_refresh on;
    testcookie_refresh_encrypt_cookie on;
    testcookie_refresh_encrypt_cookie_key deadbeefdeadbeefdeadbeefdeadbeef;
    testcookie_refresh_encrypt_cookie_iv deadbeefdeadbeefdeadbeefdeadbeef;
    testcookie_refresh_template '<html><body>setting cookie...<script type="text/javascript" src="/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="BPC="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";location.href="$testcookie_nexturl";</script></body></html>';

    server {
        listen 80;
        server_name test.com;

        location = /aes.min.js {
            gzip on;
            gzip_min_length 1000;
            gzip_types text/plain;
            root /var/www/public_html;
        }

        location = /w3c/p3p.xml {
            root /var/www/public_html;
        }

        location = /.well-known/acme-challenge/ {
            root /var/www/public_html;
        }

        location / {
            testcookie on;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://127.0.0.1:80;
        }
    }
}

Additional Information

For more details and the source code, visit: kyprizel/testcookie-nginx-module