Is it just me or would access_records be per worker and hence this module not work with workers > 1 ?

Additionally 
for (i = 0; i < NGX_HTTP_KNOCK__IP_DB_SIZE && i < ngx_http_knock_next_free_slot; i++) {
if (access_records[i].ip_addr == ip_addr)

Perhaps using the nginx Red-Black tree here would lead to better performance (in place of O(n)) and remove the limitation on number of IPs. 


On Tue, Aug 19, 2014 at 9:50 AM, Phillip Taylor (nginx) <nginx@philliptaylor.net> wrote:
Hello everyone,

I've written a module for nginx that takes the concept of "Port Knocking" and applies it to websites. When you visit an configured nginx website, it returns a 404 "page not found" error. However if you go to secret urls, even though they all, on the service appear to return 404, you are secretly handshaking with nginx. After you've hit the magic combination you ip is logged server side, and you're allowed to the visit the site (that is, it returns content instead of 404).

The benefits include:
* private websites
* protect login pages against bots and scripts
* protect against zero day exploits
* protect against known exploits if you're slow to defend the site.

The code, documentation and even a link to demonstration youtube video is available here:

https://github.com/PhillipTaylor/ngx_http_knock_module

I contact this mailing list:

* to raise awareness that I have developed it.
* for possibly inclusion on the 3rd Party Modules page for nginx (http://wiki.nginx.org/3rdPartyModules)
* to ask if you would be so kind to provide some code review feedback and advice regarding its quality.
* and any other thoughts.

Thank you

Phillip Taylor

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel