testcookie_whitelist
Defines IP ranges that are exempt from the test cookie verification process for specific networks, such as search engine bots.
Description
The testcookie_whitelist directive is used to specify IP addresses or CIDR ranges that should be exempted from the test cookie challenge-response mechanism implemented by the testcookie module. This is particularly useful to avoid blocking or creating unnecessary challenges for recognized search engine bots or crawlers that should have unobstructed access to the website’s content. By using this directive, administrators can ensure that legitimate search engines can crawl the site without being subject to automated checks designed to deter malicious bots.
When configuring the testcookie_whitelist, each entry should be a valid CIDR notation for an IPv4 address. For example, you can whitelist an entire subnet by specifying 192.168.1.0/24. It is important to note that misconfiguration may lead to either too permissive access—allowing unwanted traffic—or overly restrictive access—potentially blocking legitimate users if the whitelist is configured incorrectly. This directive will be evaluated during the request handling process, affecting how cookies are set or what challenges are presented to the requesting user.
In essence, this directive provides a way to selectively bypass the test cookie mechanism based on the originating IP address of the request, simplifying access management for web admins while still deterring unwanted automation.
Config Example
http {
testcookie_whitelist 192.168.1.0/24;
testcookie_whitelist 203.0.113.0/24;
}Ensure that CIDR notations are correctly formatted to avoid unwanted blocking of legitimate users.
Avoid overusing the whitelist to maintain the integrity of bot mitigation strategies.
Regularly update whitelist entries as IP ranges for services may change.