js_challenge_bucket_duration
Sets the duration for the time frame to prompt the JavaScript challenge in NGINX.
Описание
The js_challenge_bucket_duration directive defines the duration (in seconds) for which a user is prompted to complete a JavaScript challenge before they can access the resources protected by this challenge. When a user accesses a resource in a server block where the JavaScript challenge is enabled, NGINX checks whether the user has completed the challenge during the specified duration.
If the user has not completed this challenge within the defined bucket_duration, they will be prompted to reattempt the challenge. This setting effectively controls how often returning users need to re-validate themselves, balancing user experience with the security measure provided by the JavaScript challenge. It is applicable in server and location contexts, allowing fine-grained control over challenge duration for specific paths or entire server configurations. The default value is set to 3600 seconds, meaning users will be prompted again after one hour if they have not completed the challenge.
A lower setting may enhance security but may also hinder user experience for legitimate users, while a higher setting might allow malicious actors longer access without verification. Administrators must decide the ideal duration based on the sensitivity of the resources being protected and the expected behavior of legitimate users.
Пример конфига
server {
js_challenge on;
js_challenge_bucket_duration 1800;
# Additional configuration...
}Setting a very low duration might frustrate users who are frequently rerouted to the challenge.
If using different durations in nested locations, ensure they are set correctly to avoid unexpected behavior.