Is it ok to call header filters twice for the same response
mdounin at mdounin.ru
Mon Jun 30 23:38:53 UTC 2014
On Sun, Jun 29, 2014 at 12:56:02PM +0800, Rv Rv wrote:
> When we configure nginx without modsecurity body filter, then
> the response is processed in two stages. First the headers are
> processed followed by the body filters
> If however, modsecurity is configured, then modsecurity body
> filter may *once again* call the entire chain of headers filter
> via a call to
> rc = ngx_http_next_header_filter(r); in the routine ngx_http_modsecurity_body_filter.
> This means that any header filter that is configured will end up
> processing the same response header twice. This means that
> header filter should be stateful in that it should know if it is
> invoked multiple times and allocate ctx only once.
> Is this the way the design of body and header filters expected
> to be?
> Thanks for any answers
No. Header filters chain is expected to be called once per
You are probably looking into the 'master' branch of mod_security
nginx module. It is known to be completely unusable. Try looking
into nginx_refactoring branch instead, it should be a bit better.
More information about the nginx