Get $request_body before content handlers?
agentzh
agentzh at gmail.com
Sun Jul 8 03:19:47 UTC 2012
Hello!
On Sat, Jul 7, 2012 at 4:41 PM, Mike Gagnon <mikegagnon at gmail.com> wrote:
> I have the impression that $request_body isn't available until the
> content-handlers phase. Is that correct?
>
It depends on actual nginx modules. It's the nginx module's
responsibility to trigger request body reading (or discarding). For
ngx_proxy, ngx_fastcgi, and many other upstream modules, they run in
the content phase, so request body is read in that phase.
But in modules like ngx_form_input, it reads the request body at
rewrite phase, see
https://github.com/calio/form-input-nginx-module
And in ngx_lua, we can read request body at various phases at our own
will, like "rewrite", "access", and "content" phases.
> Is it possible to hack nginx such that the rewrite phase is delayed until
> after the request_body is available? I am writing a module that analyzes
> requests during the rewrite phase to determine where to route them. The goal
> is to use online machine learning to detect suspicious requests and re-route
> them to a quarantine. http://mikegagnon.com/2012/06/08/beer-garden/
>
We're just using ngx_lua to do suspicious request filtering in rewrite
and/or access phases. It's convenient (and also rather efficient) to
use the various Lua APIs for Nginx provided by ngx_lua. See
http://wiki.nginx.org/HttpLuaModule
It even supports streaming reading of request body via the "downstream
cosocket" API, so you can implement "input body filter" in pure Lua.
> If I have access to the request_body during the rewrite phase then my
> request classifier will be better at detecting suspicious requests (since it
> has more information about requests).
>
It's more appropriate to do that at the access phase, preferably
running after the nginx "access" phase. (You can just ngx_lua's
access_by_lua or access_by_lua_file directives.)
Best regards,
-agentzh
More information about the nginx-devel
mailing list