Advise to develop a rights-control module
agentzh
agentzh at gmail.com
Sat Sep 17 05:48:50 UTC 2011
On Fri, Sep 16, 2011 at 11:17 PM, Legrand Jérémie
<jeremie.legrand at atos.net> wrote:
> I need to develop a module that check the rights of an user regarding to
> URI parameters.
> User is allowed : I send the request to backend server with proxy_pass
>
> User is not allowed : I need to generate a body response displaying
> information about the error.
>
I think this is a perfect use case for the ngx_lua module
(http://wiki.nginx.org/HttpLuaModule ). See the following example:
location / {
access_by_lua '
if ngx.var.arg_foo == "BAD" then
ngx.status = 403
ngx.print("you are not allowed due to bad foo param:
", ngx.var.arg_foo)
ngx.exit(ngx.HTTP_OK)
end
';
proxy_pass http://...;
}
We first check if the URI parameter "foo" equals to "BAD", if yes,
just emit a 403 error page with custom response body and exit the
whole request processing process. Otherwise, we just quit the access
phase and continue to proxy_pass as usual. If your validation logic is
so complicated that must be done in C, then you can write a simple Lua
C module (or just LuaJIT's excellent FFI feature).
If you insist in rolling out your own Nginx C module, you can just
take a look at how ngx_lua handles these behind the scene.
>
> This module should be like access and auth_basic module launched during the
> NGX_HTTP_ACCESS_PHASE but in this phase I can’t send a body response.
>
No, you can surely send response and short-circuit request processing
in the access phase, as demonstrated above :)
Regards,
-agentzh
More information about the nginx-devel
mailing list