Modifying HttpAccessKeyModule

Mike Gagnon mikegagnon at
Fri May 18 15:36:19 UTC 2012


I would like to add a new feature to the HttpAccessKeyModule (

As currently implemented when the visitor omits the key then the module
yields a 403 page. I would like to change this behavior, such that when a
visitor omits a key, then the module yields a page that contains javascript
to automatically generate a key. This page however, must be dynamically
generated for the specific URI requested (SSI seems appropriate).

If you're curious, I am building this feature to implement a "client
puzzle" protocol to rate-limit DoS attacks targeting upstream servers.

It is not clear to me how to implement this feature.
The NGX_HTTP_ACCESS_PHASE seems to have a limited ability to affect the
processing of requests. I.e. it can only return a status code, and it
cannot redirect the request to a specific content handler. Is this correct?
Do I need to invent a new internal status code? Would that require
modifying the nginx core?

Mike Gagnon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list