Trying to understand request body handling.

Dk Jack dnj0496 at gmail.com
Thu Jul 25 06:07:30 UTC 2019


Hi,
In my module I have the following requirements:

- Inspect the contents of the POST body in the request
- If the body content matches the configured regex, then take one of the
following actions:
  - Return forbidden
  - Redirect to another location without using 302
- If the content doesn't match the configured regex, then simply forward
the request to proxy_pass destination.

I used 'ngx_http_read_client_request_body'function accumulate the body
contents inspect it. I invoked this function from a pre-access handler. My
request body handler callback gets called and I am able to inspect the body
and I am able to take the actions I have mentioned above.

However, it is not working completely as I expected. For example, when I
return forbidden after body inspection, my client is receiving the
forbidden message and the status code I've setup. However, the request
seems to also get forwarded to the origin. In the error.log, I see 'header
already sent while reading response from upstream' message. I see a similar
issue when redirecting. The request is getting sent to origin server as
well as the server I redirected to after inspection. Which leads me to
believe that the request is being forwarded based on the proxy_pass rule
while my module is still accumulating the body i.e before my body_complete
handler is called. Is my understanding correct? If so, is there a way to
stall the forwarding of the request till my module has completed the
inspection? Is there something in the request I need to set in the earlier
phases when I doing this sort of thing?

I also modified my module to use body filters as described in
https://nginx.org/en/docs/dev/development_guide.html#http_body_filters to
see if it'd help my cause. However, I can't seem to get redirect working
after inspecting the body. Any suggestions on the correct approach to
solving my issues while adhering to requirements. Any help is greatly
appreciated. Thanks.

regards,
Dk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20190724/b02540c7/attachment.html>


More information about the nginx-devel mailing list