Is it ok to call header filters twice for the same response

Maxim Dounin mdounin at
Mon Jun 30 23:38:53 UTC 2014


On Sun, Jun 29, 2014 at 12:56:02PM +0800, Rv Rv wrote:

> Hello
> When we configure nginx without modsecurity body filter, then 
> the response is processed in two stages. First the headers are 
> processed followed by the body filters
> If however, modsecurity is configured, then modsecurity body 
> filter may *once again* call the entire chain of headers filter 
> via a call to 
>     rc = ngx_http_next_header_filter(r); in  the routine ngx_http_modsecurity_body_filter.
> This means that any header filter that is configured will end up 
> processing the same response header twice. This means that 
> header filter should be stateful in that it should know if it is 
> invoked multiple times and allocate ctx only once. 
> Is this the way the design of body and header filters expected 
> to be?
> Thanks for any answers

No.  Header filters chain is expected to be called once per 

You are probably looking into the 'master' branch of mod_security 
nginx module.  It is known to be completely unusable.  Try looking 
into nginx_refactoring branch instead, it should be a bit better.

Maxim Dounin

More information about the nginx mailing list