back to main

testcookie-nginx-module is a simple robot mitigation module for Nginx http server using cookie based challenge/response.

Module useful for DDoS mitigation at frontend and prevents backends from overload.

Challenge cookies can be set using different methods:

To prevent automatic parsing, challenge cookie value can be encrypted with AES-128 in CBC mode using custom/random key and iv, and then decrypted at client side with JavaScript.

fork it at github