https://docs.mitigator.ru/v26.04/en/tags/challenge/ Recent content in Challenge on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/integrate/web-challenger/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/web-challenger/ Web Challenger (WebC) is a Docker container containing NGINX and an HTTP/HTTPS request processing module that works in tandem with the HCA countermeasure in MITIGATOR. Possibilities The HCA countermeasure redirects HTTP/HTTPS requests from unauthenticated IP addresses to WebC, where the sender is verified. If the verification is successful, the source IP address is added to the HCA’s authenticated table. HCA can also work with third-party L7 protection devices. Multiple packet processors can work with one WebC when working in a cluster. https://docs.mitigator.ru/v26.04/en/integrate/mcr/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/mcr/ Tip This describes the MITIGATOR Challenge Response (MCR) protocol for developers of external systems. The MCR countermeasure is described in the built-in help. MITIGATOR Challenge Response (MCR) is a protocol for IP authentication on MITIGATOR. The protocol can be implemented both by a protected application and separately, for example, when a game launcher is being checked, and game traffic is passed. The program that implements the protocol and passes the test is called the client (in the example above, the client is the launcher). https://docs.mitigator.ru/v26.04/en/integrate/syncookie/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/syncookie/ MITIGATOR has a TCP protection mode with ISN synchronization, in which after checking the client, the connection is not interrupted, filtering is transparent and convenient. To do this, you need to install a kernel module on the protected server, that will provide the necessary information, and a synchronization agent that will be polled by the MITIGATOR system. Protection mode with ISN synchronization is supported in countermeasures TCP, MINE, ATLS, DNS and BPF.