<div dir="ltr"><div class="gmail_default" style="color:#444444">At the moment, no authz is really happening. During this testing I was statically setting the advice from the policy server to be 200.</div><div class="gmail_default" style="color:#444444">Setting this in the access phase works fine for me with no random hitches, so that's fixed. Thanks.</div><div class="gmail_default" style="color:#444444"><br></div><div class="gmail_default" style="color:#444444">For future reference, is there anything to go by which dictates what phase a module should be in and its impact? </div><div class="gmail_default" style="color:#444444">Obviously, access is quite self-explanatory and not sure how i missed it ;')</div><div class="gmail_default" style="color:#444444"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 4 Dec 2022 at 20:19, Maxim Dounin <<a href="mailto:mdounin@mdounin.ru">mdounin@mdounin.ru</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello!<br>
<br>
On Sun, Dec 04, 2022 at 08:00:04PM +0000, Jeremy Cocks via nginx wrote:<br>
<br>
> > Your observation is wrong. Rate limiting as implemented in the<br>
> > limit_req module does not distinguish between different request<br>
> > methods and always works after reading the request header<br>
> <br>
> Sorry, I wasn't clear there. It kicks in for POST requests without my<br>
> module ;)<br>
<br>
So, it looks like your module breaks something.<br>
<br>
> > does not distinguish between different request methods and always works<br>
> after reading the request headers.<br>
> <br>
> I am assuming, given the request I am testing, is on a proxy_pass which is<br>
> a content handler, that has something to do with why rate limiting is not<br>
> working on POST and not GET here?<br>
> If I remove the location block and just have my module and rate limiting<br>
> going without a proxy_pass, it seems to be working fine for all requests.<br>
<br>
It's hard to say anything beyond that your module breaks something <br>
without seeing your module's code and the configuration you are <br>
trying to use.<br>
<br>
A properly implemented auth module, as already suggested, should <br>
work in the access phase, and wouldn't interfere with any rate <br>
limits, since rate limiting happens before the auth module ever <br>
sees a request.<br>
<br>
-- <br>
Maxim Dounin<br>
<a href="http://mdounin.ru/" rel="noreferrer" target="_blank">http://mdounin.ru/</a><br>
_______________________________________________<br>
nginx mailing list -- <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
To unsubscribe send an email to <a href="mailto:nginx-leave@nginx.org" target="_blank">nginx-leave@nginx.org</a><br>
</blockquote></div>