http-testcookie-access #

Cookie-based bot mitigation — sets a JavaScript-required test cookie before allowing access, weeding out simple non-browser scrapers and low-effort DDoS traffic.

Source: upstream source

Directives

testcookie #

syntax: testcookie 1 arg (enum);  ·  context: http, server, location, server-if, location-if

nginx-module** is a simple robot mitigation module using cookie based challenge/response.

testcookie_arg #

syntax: testcookie_arg 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_deny_keepalive #

syntax: testcookie_deny_keepalive 1 arg (on/off flag);  ·  context: http, server, location

Boolean directive — set to "on" or "off".

testcookie_domain #

syntax: testcookie_domain 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_expires #

syntax: testcookie_expires 1 arg;  ·  context: http, server, location

Sets the expiration value applied to the challenge cookie.

testcookie_fallback #

syntax: testcookie_fallback 1 arg;  ·  context: http, server, location

Redirects clients to a fallback URL after exceeding the configured maximum challenge attempts.

testcookie_get_only #

syntax: testcookie_get_only 1 arg (on/off flag);  ·  context: http, server, location

Boolean directive — set to "on" or "off".

testcookie_httponly_flag #

syntax: testcookie_httponly_flag 1 arg (on/off flag);  ·  context: http, server, location

Boolean directive — set to "on" or "off".

testcookie_https_location #

syntax: testcookie_https_location 1 arg (on/off flag);  ·  context: http, server, location

Boolean directive — set to "on" or "off".

testcookie_internal #

syntax: testcookie_internal 1 arg (on/off flag);  ·  context: http, server, location

Boolean directive — set to "on" or "off".

testcookie_max_attempts #

syntax: testcookie_max_attempts 1 arg;  ·  context: http, server, location

Limits the number of redirects issued before sending the client to the fallback URL.

testcookie_name #

syntax: testcookie_name 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_p3p #

syntax: testcookie_p3p 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_pass #

syntax: testcookie_pass 1 arg;  ·  context: http, server, location

Currently IPv4 CIDR only. testcookie_pass --------------- syntax: testcookie_pass $variable; default: none context: http, server Sets the variable name to test if cookie check should be bypassed.

testcookie_path #

syntax: testcookie_path 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_port_in_redirect #

syntax: testcookie_port_in_redirect 1 arg (on/off flag);  ·  context: http, server, location

Any variable value except "on" interpreted as False. testcookie_port_in_redirect --------------------------- syntax: testcookie_port_in_redirect (on|off); default: off context: http, server, location Expose port in redirect.

testcookie_redirect_via_refresh #

syntax: testcookie_redirect_via_refresh 1 arg (on/off flag);  ·  context: http, server, location

Boolean directive — set to "on" or "off".

testcookie_refresh_status #

syntax: testcookie_refresh_status 1 arg;  ·  context: http, server, location

Sets the HTTP status code returned when serving the challenge HTML page.

testcookie_refresh_template #

syntax: testcookie_refresh_template 1 arg;  ·  context: http, server, location

Supplies custom HTML served instead of the default meta-refresh challenge page.

testcookie_samesite #

syntax: testcookie_samesite 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_secret #

syntax: testcookie_secret 1 arg (string);  ·  context: http, server, location

Stores a single string value.

testcookie_secure_flag #

syntax: testcookie_secure_flag 1 arg;  ·  context: http, server, location

Enables the Secure flag on the cookie set by the module.

testcookie_session #

syntax: testcookie_session 1 arg;  ·  context: http, server, location

Selects which client attributes feed the challenge generation function.

testcookie_whitelist #

syntax: testcookie_whitelist no args;  ·  context: http, server

If not set - client will get 403 after max attempts reached. testcookie_whitelist -------------------- syntax: testcookie_whitelist <network list> default: none context: http, server Sets the networks for which the testing will not be used, add search engine networks here.

Example

        location / {
            if ($http_user_agent = "test") {
                testcookie on;
            }
        }

↑ back to index