Get $request_body before content handlers?

agentzh agentzh at
Sun Jul 8 03:19:47 UTC 2012


On Sat, Jul 7, 2012 at 4:41 PM, Mike Gagnon <mikegagnon at> wrote:
> I have the impression that $request_body isn't available until the
> content-handlers phase. Is that correct?

It depends on actual nginx modules. It's the nginx module's
responsibility to trigger request body reading (or discarding). For
ngx_proxy, ngx_fastcgi, and many other upstream modules, they run in
the content phase, so request body is read in that phase.

But in modules like ngx_form_input, it reads the request body at
rewrite phase, see

And in ngx_lua, we can read request body at various phases at our own
will, like "rewrite", "access", and "content" phases.

> Is it possible to hack nginx such that the rewrite phase is delayed until
> after the request_body is available? I am writing a module that analyzes
> requests during the rewrite phase to determine where to route them. The goal
> is to use online machine learning to detect suspicious requests and re-route
> them to a quarantine.

We're just using ngx_lua to do suspicious request filtering in rewrite
and/or access phases. It's convenient (and also rather efficient) to
use the various Lua APIs for Nginx provided by ngx_lua. See

It even supports streaming reading of request body via the "downstream
cosocket" API, so you can implement "input body filter" in pure Lua.

> If I have access to the request_body during the rewrite phase then my
> request classifier will be better at detecting suspicious requests (since it
> has more information about requests).

It's more appropriate to do that at the access phase, preferably
running after the nginx "access" phase. (You can just ngx_lua's
access_by_lua or access_by_lua_file directives.)

Best regards,

More information about the nginx-devel mailing list