search

kyprizel / testcookie-nginx-module

simple robot mitigation module using cookie based challenge/response technique. Not supported any more.
http://kyprizel.github.com/testcookie-nginx-module/
524 stars 139 forks source link

testcookie_redirect_via_refresh on; #25

Closed linuxmyjob closed 9 years ago

linuxmyjob commented 9 years ago

hi: i test the moudle and i have a problem,it does not redirect when i user "testcookie_redirect_via_refresh on;" my nginx.conf http { include mime.types; default_type application/octet-stream; client_max_body_size 10m;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" "$host" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /web/nginx/logs/access.log  main;

server_names_hash_bucket_size 128; sendfile on;

tcp_nopush on;

#keepalive_timeout  0;
keepalive_timeout  65;

server_tokens off;

#gzip  on;
  gzip on;
  gzip_vary        on;
  gzip_min_length  1k;
  gzip_buffers     4 8k;
  gzip_http_version 1.0;
  gzip_comp_level  9;
  gzip_proxied     any;
  #gzip_types       text/plain text/html text/css application/x-javascript application/xml application/xml+rss text/javascript application/json;
  testcookie off;
  testcookie_name BPC;
  testcookie_secret keepmescret;
  testcookie_session $remote_addr;
  testcookie_arg attempt;
  testcookie_max_attempts 3;
  testcookie_get_only on;
  testcookie_redirect_via_refresh on;
  testcookie_refresh_template '<html><body><script>document.cookie="BPC=$testcookie_set";document.location.href="$testcookie_nexturl";</script></body></html>';

  testcookie_whitelist {
    10.3.254.96;
}

and vhosts upstream passport.zongheng.com{

server 10.3.254.96:8087;

}

server{ listen 80; server_name passport.zongheng.com; location / { include proxy_params; proxy_pass http://passport.zongheng.com;

}
location ~ /simpleLogin.do {
   testcookie on;
   include proxy_params;
  proxy_pass http://passport.zongheng.com;
 }
 location = /aes.min.js {
    gzip on;
    gzip_min_length 1000;
    gzip_types text/plain;
    root /var/www;
}

error_page  500 502 503 504  /_x.html;

  location = /_x.html {
       root html;
  }

}

kyprizel commented 9 years ago

Do you check it with POST request? Try to disable testcookie_get_only.

linuxmyjob commented 9 years ago

i have found it ,the reason is our js problem that used for send username,password to simpleLogin and receive result .but the result format is json it dose not support html templeate

linuxmyjob commented 9 years ago

hi ,I feel a little confused that what cookies.html is ? Please supply examples of it

kyprizel commented 9 years ago

echo "please enable cookies" >> cookies.html