@aaPanel_Jose
hello,
nginx free firewall can't block flood HTTP request to website. also module testcookie is better, the per client with per IP address need resolve the cookie first then can access to website.
"To prevent automatic parsing, challenge cookie value can be encrypted with AES-128 in CBC mode using custom/random key and iv, and then decrypted at client side with JavaScript." so only real client/visitor use real browser can resolve it.