получить html с cookies java

The bots do not understand the redirects and the cookies

Configuration examples for the main attack scenarios

The bots understand the redirects and the cookies, but they do not do JavaScript

The bots do not understand the redirects and the cookies

To understand the operation concept of this filter, there is given below the communication flow of client-server, depending on the scenario of attack.

Most often, the bots that implement HTTP flood are doll, and they do not have any mechanisms for HTTP Cookie and redirects. Sometimes, there are more advanced bots that could use cookies and redirects, but almost never DoS bot could have JavaScript engine.

вІ This module is not a panacea it is only a small component in a complex of protective measures, a tool that can help you, if it will be properly used.

вІ There is nothing in the documentation about captcha and flash, but if you want, you can get them yourself, you just need to use your imagination in the configuration.

вІ Some people may say that I simulate JavaScript, but let's be realistic, that you often get DoS attack by bots with full emulation.

вІ This module only returns to the client the specified answers and you must make your own decision about blocking the client (for example, using fail2ban).

вІ To do some useful things during the DoS attacks.

вІ To whitelist the network (e.g., networks where live searching robots)

вІ To prevent automated parsing of responses that are aimed at the execution of JavaScript, to encrypt the value of variables in the template using the symmetric encryption algorithm to further decryption through JavaScript on the client side (using ).

вІ To use the custom templates for the filter response, for example, to set cookies through JavaScript.

вІ To count the number of attempts to set the cookies and to direct the user to a specified URL after exceeding the maximum number of unsuccessful attempts.

вІ After the cookies are set it redirects the user using the response code 200 and HTML tag Meta refresh.

вІ To set cookies in a standard way through HTTP header Set-Cookie. After the cookies are set it redirects the user using the response code 301 and Location header.

Many people have faced the DDoS attacks and HTTP flooding. No, this is not just another tutorial on setting up nginx, but I would like to introduce my module that works as a quick filter between the bots and backend during L7 DDoS attacks, as well it allows filtering the garbage requests.

Using Nginx module to fight against DDoS attacks

Using Nginx module to fight against DDoS attacks - Infosecurity