proxy input filter chain?

Dave Bailey dave at daveb.net
Fri Mar 15 18:04:13 UTC 2013 

Hi Maxim,

On Fri, Mar 15, 2013 at 10:46 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Fri, Mar 15, 2013 at 09:59:57AM -0700, Dave Bailey wrote:
>
> > Hi,
> >
> > I would like to apply a filter to the request body as it is read from the
> > client, but before it is sent upstream.  So in the various proxy module
> > input filters, when the input ngx_buf_t are initialized and pushed onto
> the
> > input buffer chain, I would like to pass them through my filter at that
> > time, so that the input buffer chain contains the buffers that my filter
> > generates from the original input buffers.  My filter might also (based
> on
> > its input) choose to finalize the request with a status code 403 or
> similar
> > (e.g. if the input is deemed to be malicious, etc) before the upstream
> > connection is made.
> >
> > My questions:
> >
> > 1) Is anything like this currently being developed?
> > 2) If not, could I try to provide a patch?
>
> There is an experimental patch which introduces request body
> filters (attached).  It was written with chunked input support,
> but wasn't committed as there is no clear understanding it should
> work this way.
>

Thank you for the patch.  For what it's worth, it seems ideal to me, as it
provides an interface that's consistent with the other filter interfaces
for headers and response body, and it is applied to the request body before
the buffers may hit the disk.  I could see a lot of great functionality
taking advantage of this new interface, e.g. WAF inspection of the request
body, encryption and/or encoding or other transformation of form data,
etc.  Please consider this email as a vote to commit the patch.  In the
meantime, I will try it out.

-dave


> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130315/e1d70b44/attachment.html>

More information about the nginx-devel mailing list