<div dir="ltr"><div class="gmail_default" style="color:#444444">Actually analysing the log files of this, it seems the rate limiting module never kicks in for POST requests, my module just sets the status and bails.</div><div class="gmail_default" style="color:#444444">Assuming this is because POST actually needs to write content? </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 4 Dec 2022 at 16:57, Jeremy Cocks <<a href="mailto:jeremy@jeremy.cx" target="_blank">jeremy@jeremy.cx</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="color:rgb(68,68,68)">I am developing an AuthZ module. <br><br>While testing using the rate limiting module. I can see rate limiting kick in for GET requests fine (it's tuned extra low to demonstrate this case):</div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)">curl -s -I <a href="http://localhost/login?%7B1..3%7D" target="_blank">http://localhost/login?{1..3}</a><br>HTTP/1.1 200 OK<br>Server: nginx/1.21.6<br>Date: Sun, 04 Dec 2022 16:43:17 GMT<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 1651<br>Connection: keep-alive<br><br>HTTP/1.1 429 Too Many Requests<br>Server: nginx/1.21.6<br>Date: Sun, 04 Dec 2022 16:43:17 GMT<br>Content-Type: text/html<br>Content-Length: 169<br>Connection: keep-alive<br><br>HTTP/1.1 429 Too Many Requests<br>Server: nginx/1.21.6<br>Date: Sun, 04 Dec 2022 16:43:17 GMT<br>Content-Type: text/html<br>Content-Length: 169<br>Connection: keep-alive<br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)">However, doing the same for POST requests, this does not work:<br><br></div><div class="gmail_default" style="color:rgb(68,68,68)">curl -s -w "\nStatus: %{http_code}\n\n" <a href="http://localhost/login?%7B1..3%7D" target="_blank">http://localhost/login?{1..3}</a> --data-raw 'username=user&password=user'<br>login success: user<br>Status: 200<br><br>login success: user<br>Status: 200<br><br>login success: user<br>Status: 200<br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)">Setting my module to run in the `precontent` phase allows this to work, so it's all happening in rewrite (where the rate limiting module would be kicking in). <br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)">I obviously don't want to run in precontent and my module gets its advice from an external "agent" as to what to set the status. So I'm assuming it is overwriting the nginx rate limiting module's status and setting it back to a 200, when I'd rather respect the rate limiting modules 429.</div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)">What would be the best approach here to avoid this from happening? I have read about module ordering, but that would require a recompile of my end, however, I am more intrigued about how to handle this in code.</div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)">Thanks</div><div class="gmail_default" style="color:rgb(68,68,68)">Jeremy</div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div><div class="gmail_default" style="color:rgb(68,68,68)"><br></div></div>
</blockquote></div>