http-testcookie-access #
Cookie-based bot mitigation — sets a JavaScript-required test cookie before allowing access, weeding out simple non-browser scrapers and low-effort DDoS traffic.
Source: upstream source
Directives
testcookie #
syntax: testcookie 1 arg (enum); · context: http, server, location, server-if, location-if
nginx-module** is a simple robot mitigation module using cookie based challenge/response.
testcookie_arg #
syntax: testcookie_arg 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_deny_keepalive #
syntax: testcookie_deny_keepalive 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_domain #
syntax: testcookie_domain 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_expires #
syntax: testcookie_expires 1 arg; · context: http, server, location
Sets the expiration value applied to the challenge cookie.
testcookie_fallback #
syntax: testcookie_fallback 1 arg; · context: http, server, location
Redirects clients to a fallback URL after exceeding the configured maximum challenge attempts.
testcookie_get_only #
syntax: testcookie_get_only 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_httponly_flag #
syntax: testcookie_httponly_flag 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_https_location #
syntax: testcookie_https_location 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_internal #
syntax: testcookie_internal 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_max_attempts #
syntax: testcookie_max_attempts 1 arg; · context: http, server, location
Limits the number of redirects issued before sending the client to the fallback URL.
testcookie_name #
syntax: testcookie_name 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_p3p #
syntax: testcookie_p3p 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_pass #
syntax: testcookie_pass 1 arg; · context: http, server, location
Currently IPv4 CIDR only. testcookie_pass --------------- syntax: testcookie_pass $variable; default: none context: http, server Sets the variable name to test if cookie check should be bypassed.
testcookie_path #
syntax: testcookie_path 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_port_in_redirect #
syntax: testcookie_port_in_redirect 1 arg (on/off flag); · context: http, server, location
Any variable value except "on" interpreted as False. testcookie_port_in_redirect --------------------------- syntax: testcookie_port_in_redirect (on|off); default: off context: http, server, location Expose port in redirect.
testcookie_redirect_via_refresh #
syntax: testcookie_redirect_via_refresh 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_refresh_encrypt_cookie #
syntax: testcookie_refresh_encrypt_cookie 1 arg (on/off flag); · context: http, server, location
Boolean directive — set to "on" or "off".
testcookie_refresh_encrypt_cookie_iv #
syntax: testcookie_refresh_encrypt_cookie_iv 1 arg; · context: http, server, location
Configures the initialization vector used to encrypt the refresh cookie.
testcookie_refresh_encrypt_cookie_key #
syntax: testcookie_refresh_encrypt_cookie_key 1 arg; · context: http, server, location
Configures the key used to encrypt the refresh cookie.
testcookie_refresh_status #
syntax: testcookie_refresh_status 1 arg; · context: http, server, location
Sets the HTTP status code returned when serving the challenge HTML page.
testcookie_refresh_template #
syntax: testcookie_refresh_template 1 arg; · context: http, server, location
Supplies custom HTML served instead of the default meta-refresh challenge page.
testcookie_samesite #
syntax: testcookie_samesite 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_secret #
syntax: testcookie_secret 1 arg (string); · context: http, server, location
Stores a single string value.
testcookie_secure_flag #
syntax: testcookie_secure_flag 1 arg; · context: http, server, location
Enables the Secure flag on the cookie set by the module.
testcookie_session #
syntax: testcookie_session 1 arg; · context: http, server, location
Selects which client attributes feed the challenge generation function.
testcookie_whitelist #
syntax: testcookie_whitelist no args; · context: http, server
If not set - client will get 403 after max attempts reached. testcookie_whitelist -------------------- syntax: testcookie_whitelist <network list> default: none context: http, server Sets the networks for which the testing will not be used, add search engine networks here.
Example
location / {
if ($http_user_agent = "test") {
testcookie on;
}
}