Advise to develop a rights-control module

Legrand Jérémie jeremie.legrand at atos.net
Tue Sep 20 10:07:25 UTC 2011 

Thanks agentzh for your help.

In fact you are right, my solution don't work properly because sending a response from my access phase handler does not end the request and NGINX keeps on processing it in the next phases (post access, content phases).

What I did finally is this :

1) Setting a new Header with my custom error message
2) Returning NGX_HTTP_FORBIDDEN or NGX_HTTP_OK from my access phase handler
3) Parsing the headers in a filter part of my module
4) If error header found, replacing the request's body response by the header value.

It is maybe quite complicated but I didn't manage to find a way to modify directly the response in my handler.

Thanks for the tip about setting NGINX variables with rewrite_by_lua/access_by_lua.

J.Legrand

-----Message d'origine-----
De : nginx-devel-bounces at nginx.org [mailto:nginx-devel-bounces at nginx.org] De la part de agentzh
Envoyé : mardi 20 septembre 2011 02:25
À : nginx-devel at nginx.org
Objet : Re: Advise to develop a rights-control module

On Mon, Sep 19, 2011 at 11:25 PM, Legrand Jérémie <jeremie.legrand at atos.net> wrote:
> Thanks for your answers.
>
> I studied the lua_module which is great but didn't feet my needs. My validation rule is quite complicated and could not be developed only with lua.

I've said that you could implement your validation rule in a custom Lua C module in the form of a .so or .dynlib file and just "require"
that C library from within Lua. You can take my lua-redis-parser library for an example:

http://github.com/agentzh/lua-redis-parser

> Just one comment about this module. Why it is not possible to use ngx.location.capture in set_by_lua directive ? It would be very helpful !
>

It's limited by how  the standard ngx_rewrite module is implemented.
The ngx_rewrite module does not allow I/O interruptions in the process of running its instructions. You can work around this by setting Nginx variable values from within rewrite_by_lua/access_by_lua. Here's a real-world example for this:

http://openresty.org/#DynamicRoutingBasedOnRedis

> Finally, I achieved my goal by sending an ngx_http_send_response from my module and setting request keep_alive to 0. It works. Do you think this solution is ok ?
>

No, it's logically wrong. You should return NGX_HTTP_OK from within your own access phase handler after sending out your response headers and body.

Regards,
-agentzh

_______________________________________________
nginx-devel mailing list
nginx-devel at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel



Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité d'Atos ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

More information about the nginx-devel mailing list