I want to block exact cookie value like PHPSESSID in Nginx. Does this possible? My site under DDoS but I can't block by IP due to shared addresses. Attackers use same value of Cookies so I try to block by cookie value.

Thanks

CodePudding user response：

server {
  ...

  if ($cookie_PHPSESSID = "XXXXXXXXXXXX") {
    return 403;
  }
}