simple WAF
62 views
Skip to first unread message
Sergei Fomin
Apr 17, 2018, 1:02:03 PM4/17/18
to openre...@googlegroups.com
Hello.
I'm trying to write simple WAF to authorize incoming requests in nginx.
It's almost identical to the implementation mentioned here
https://github.com/openresty/lua-nginx-module#access_by_lua, but
different in two aspects: 1. it forwards the request body, 2. in case of
non-availability of the authorization server requests are allowed to pass.
My code for the task.
access_by_lua_block
{
ngx.req.read_body()
local res = ngx.location.capture("/auth",
{always_forward_body = true})
if res.status == ngx.HTTP_OK then
return
end
if res.status == ngx.HTTP_BAD_GATEWAY then
ngx.exit(ngx.OK)
end
if res.status == ngx.HTTP_FORBIDDEN then
ngx.exit(res.status)
end
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
}
location /auth
{
proxy_pass http://localhost:5555/;
proxy_pass_request_body on;
proxy_connect_timeout 1s;
proxy_read_timeout 1s;
}
The problem happens when the autorization server hangs and the
subrequest exits with BAD GATEWAY error. In spite of nxg.exit(ngx.OK) in
the code nginx returns error page instead of requested page. Why is it so?
I'm trying to write simple WAF to authorize incoming requests in nginx.
It's almost identical to the implementation mentioned here
https://github.com/openresty/lua-nginx-module#access_by_lua, but
different in two aspects: 1. it forwards the request body, 2. in case of
non-availability of the authorization server requests are allowed to pass.
My code for the task.
access_by_lua_block
{
ngx.req.read_body()
local res = ngx.location.capture("/auth",
{always_forward_body = true})
if res.status == ngx.HTTP_OK then
return
end
if res.status == ngx.HTTP_BAD_GATEWAY then
ngx.exit(ngx.OK)
end
if res.status == ngx.HTTP_FORBIDDEN then
ngx.exit(res.status)
end
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
}
location /auth
{
proxy_pass http://localhost:5555/;
proxy_pass_request_body on;
proxy_connect_timeout 1s;
proxy_read_timeout 1s;
}
The problem happens when the autorization server hangs and the
subrequest exits with BAD GATEWAY error. In spite of nxg.exit(ngx.OK) in
the code nginx returns error page instead of requested page. Why is it so?
Reply all
Reply to author
Forward
0 new messages