Directive Reference

js_challenge

The `js_challenge` directive enables JavaScript-based proof-of-work challenges to deter bots and validate human users in NGINX configurations.

NGINX Javascript challenge module · serverlocationif in serverif in location
Syntaxjs_challenge on | off;
Defaultoff
Contextserver, location, if in server, if in location
Argumentsflag

Description

The js_challenge directive is part of the NGINX Javascript challenge module, designed to implement a proof-of-work mechanism that helps distinguish between automated bots and legitimate users. When this directive is enabled within a server or location context, it instructs NGINX to serve a JavaScript challenge to visitors. Users must successfully complete this challenge to access the content. This technique is particularly useful for mitigating attacks like web scraping or excessive bot traffic, offering a lightweight solution compared to traditional CAPTCHA.

Config Example

server {
    js_challenge on;
    js_challenge_secret "your_secret";
    js_challenge_title "Please verify you're human";
    location / {
        # additional configurations
    }
}

Ensure that cookies are enabled in the user's browser, as disabling them can lead to an infinite refresh issue.

The directive may cause performance issues if users frequently invalidate the challenge by refreshing the page without completing it.

Be cautious when using this directive behind reverse proxies, as they might serve the same challenge to multiple users.

Related Directives

js_challenge_secretjs_challenge_htmljs_challenge_bucket_durationjs_challenge_title
← Back to all directives