return 403 instead of next phase
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 25 16:09:35 UTC 2014
Hello!
On Mon, Aug 25, 2014 at 05:07:12PM +0300, Donatas Abraitis wrote:
> Hey,
>
> static ngx_int_t ngx_http_hostprotect_init(ngx_conf_t *cf)
> {
> ngx_http_handler_pt *h;
> ngx_http_core_main_conf_t *cscf;
>
> cscf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
> h = ngx_array_push(&cscf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
> if(h == NULL)
> return NGX_ERROR;
>
> *h = ngx_http_hostprotect_handler;
>
> return NGX_OK;
> }
>
> static ngx_int_t ngx_http_hostprotect_handler(ngx_http_request_t *r)
> {
> ...
> r->headers_out.status = NGX_HTTP_FORBIDDEN;
> r->headers_out.content_length_n = sizeof(err_msg);
> ngx_http_send_header(r);
> return ngx_http_output_filter(r, &out);
> }
>
> Everything looks fine, but backend (in this case Apache) still receives
> requests. Any options to drop the request without allowing it to reach
> backend?
In your code you return NGX_OK from the access phase handler, and
this means that access checks passed. This probably not what you
mean to return.
You have to return NGX_HTTP_FORBIDDEN instead, without sending
anything back - nginx will send an error page for you (either
compiled in, or set with error_page directive).
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list