Hello,<div><br></div><div>I would like to add a new feature to the HttpAccessKeyModule (<a href="http://wiki.nginx.org/HttpAccessKeyModule">http://wiki.nginx.org/HttpAccessKeyModule</a>). </div><div><br></div><div>As currently implemented when the visitor omits the key then the module yields a 403 page. I would like to change this behavior, such that when a visitor omits a key, then the module yields a page that contains javascript to automatically generate a key. This page however, must be dynamically generated for the specific URI requested (SSI seems appropriate).</div>
<div><br></div><div>If you're curious, I am building this feature to implement a "client puzzle" protocol to rate-limit DoS attacks targeting upstream servers. <a href="http://en.wikipedia.org/wiki/Client_Puzzle_Protocol">http://en.wikipedia.org/wiki/Client_Puzzle_Protocol</a></div>
<div><br></div><div>It is not clear to me how to implement this feature. The NGX_HTTP_ACCESS_PHASE seems to have a limited ability to affect the processing of requests. I.e. it can only return a status code, and it cannot redirect the request to a specific content handler. Is this correct? Do I need to invent a new internal status code? Would that require modifying the nginx core?</div>
<div><br></div><div>Thanks!</div><div>Mike Gagnon</div>