Piotr Sikora wrote:
>> 6. intercept the response, do a second subrequest and modify the response
>>
>> - should probably done in a filter?
>
> What exactly are you trying to achieve?
Well - think of a kind of generic web-application filter plugin like an
ICAP based virus scanner or a web application firewall where the actuall
scanning is done on a second independent component (another process or
maybe even on another machine)
I want to intercept http-requests, reroute them with some additional
information to this second component, get a response from the second
component, allow, reject or modify the original request and send it to
the original target (may be a local php script or a proxy location)
The same with the response.
> Maybe you could use
> X-Accel-Redirect, eval module or ngx_lua [2] instead?
ngx_lua sounds very promising, but when I checked it out it states that:
"This module is at its very early phase of development and considered
highly experimental."
I'm not sure if this should run on a production website :-|
I will have a look at the X-Accel-Redirect implementation
>> Another question: I want to intercept ALL requests to nginx. Which phase
>> would you recommend for my handler? How can I assure, that I'm the first
>> handler in the chain?
>
> There is only one active content handler at the time.
Well, as far as I understand nginx, there is an array of
phases[NGX_HTTP_CONTENT_PHASE].handlers which are asked to provide the
content. If a handler returns NGX_DECLINED, the next handler is asked. I
want to make sure to be the first in this array to see every request
independent from other configuration components.
I'm thinking about registering in the the pre-access phase to make
possible modifications on headers like the http-basic-auth header
visible to other modules.
Thanks for your help
Mirko
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel