Is it ok to call header filters twice for the same response

jason_sam · June 29, 2014, 6:56am

Hello

When we configure nginx without modsecurity body filter, then the
response is processed in two stages. First the headers are processed
followed by the body filters
If however, modsecurity is configured, then modsecurity body filter may
once again call the entire chain of headers filter via a call to
rc = ngx_http_next_header_filter®; in the routine
ngx_http_modsecurity_body_filter.

This means that any header filter that is configured will end up
processing the same response header twice. This means that header filter
should be stateful in that it should know if it is invoked multiple
times and allocate ctx only once.

Is this the way the design of body and header filters expected to be?
Thanks for any answers

Rv_Rv · July 1, 2014, 1:39am

Hello!

On Sun, Jun 29, 2014 at 12:56:02PM +0800, Rv Rv wrote:

This means that any header filter that is configured will end up
processing the same response header twice. This means that
header filter should be stateful in that it should know if it is
invoked multiple times and allocate ctx only once.

Is this the way the design of body and header filters expected
to be?
Thanks for any answers

No. Header filters chain is expected to be called once per
request.

You are probably looking into the ‘master’ branch of mod_security
nginx module. It is known to be completely unusable. Try looking
into nginx_refactoring branch instead, it should be a bit better.

–
Maxim D.
http://nginx.org/