Our nginx module development roadmap (draft)

Delta Yeh delta.yeh at gmail.com
Sat Nov 27 15:53:17 MSK 2010


How can we check the parameter in request body?
mod_auth_request cant not handle request boyd,
only the main request hold the request body.

2010/11/27 agentzh <agentzh at gmail.com>:
> On Sat, Nov 27, 2010 at 8:33 PM, Delta Yeh <delta.yeh at gmail.com> wrote:
>> Can we use ngx_lua to do access control? security check ?
>>  I mean  some feature of mod_security.
>>
>
> We're already using ngx_lua to do most of the access control in
> production (the other part is done by iptables for sure ;)).
>
> There's mainly 3 ways:
>
> 1. Use set_by_lua directly, combined with the standard ngx_rewrite
> module if your checking logic does not require network I/O.
>
> 2. Use Maxim Dounin's ngx_http_auth_request module to issue a
> subrequest to a location configured by "content_by_lua" if your checks
> require I/O.
>
> 3. If your content handler is already content_by_lua, just use normal
> Lua code to do access control there.
>
> Cheers,
> -agentzh
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://nginx.org/mailman/listinfo/nginx-devel
>



More information about the nginx-devel mailing list