Get $request_body before content handlers?
Mike Gagnon
mikegagnon at gmail.com
Mon Jul 9 00:19:40 UTC 2012
I think I found it now:
location / {
lua_need_request_body on;
client_max_body_size 100k;
client_body_buffer_size 100k;
access_by_lua '
-- check the client IP address is in our black list
if ngx.var.remote_addr == "132.5.72.3" then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
-- check if the request body contains bad words
if ngx.var.request_body and
string.match(ngx.var.request_body, "fsck")
then
return ngx.redirect("/terms_of_use.html")
end
-- tests passed
';
On Sun, Jul 8, 2012 at 4:28 PM, Mike Gagnon <mikegagnon at gmail.com> wrote:
> On Sat, Jul 7, 2012 at 8:19 PM, agentzh <agentzh at gmail.com> wrote:
>
>> > Is it possible to hack nginx such that the rewrite phase is delayed
>> until
>> > after the request_body is available? I am writing a module that analyzes
>> > requests during the rewrite phase to determine where to route them. The
>> goal
>> > is to use online machine learning to detect suspicious requests and
>> re-route
>> > them to a quarantine. http://mikegagnon.com/2012/06/08/beer-garden/
>> >
>>
>> We're just using ngx_lua to do suspicious request filtering in rewrite
>> and/or access phases. It's convenient (and also rather efficient) to
>> use the various Lua APIs for Nginx provided by ngx_lua. See
>>
>> http://wiki.nginx.org/HttpLuaModule
>>
>>
> Oh, yeah I ment to ask, but forgot. I'm curious to learn more about your
> code to filter suspicious requests. I looked at
> http://wiki.nginx.org/HttpLuaModule but did not see anything specifically
> regarding filting suspicious requests.
>
> Thanks again!
>
> Mike Gagnon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20120708/42cce05a/attachment-0001.html>
More information about the nginx-devel
mailing list