TestCookie (Prevention of HTTP GET ATTACKS)

#1
May you code a native and fast test cookie option, like this module for nGinx (https://github.com/kyprizel/testcoo...aster/src/ngx_http_testcookie_filter_module.c) .
It should fastly test if the person is really human and not a bot by making a cookie with javascript, this cookie must be unique per user and should not be necesary for some ips (like google crawler), so you must be able to make a "whitelist for this". However the whitelist cannot be the "trusted ip list" because if you use the "USE CLIENT IP IN HEADER" (x-forwarded-for) it wont work.

NOTE: MAKE SURE YOU INCLUDE AN IFRAME-BREAKER TO THE JAVASCRIPT THAT CREATES THE COOKIE.

May you code this, please?
It must run fast, I need this. Cloudflare uses this for "im under attack" option. Its one of the best methods.
 
Top