Nginx as a proxy with Blocking operations

Hi All,

We have an existing TCP/TLS based server application ‘A’ in production.
Around 10K users can connect to this application. We now have a
requirement
as follows:

1). Intercept the traffic between Client and A
2). ‘Inspect’ the packet for a certain logic
3). If the packet matches, call a processing logic (THIS IS A BLOCKING
OPERATION AS UNFORTUNATELY THE PROCESSING REQUIRES SOME SORT OF HUMAN
INTERVENTION AND MAY TAKE BETWEEN 30 - 60 Seconds). The frequency for
match
might be just 5-10% of traffic
4). Based on the result of processing either send the packet as is to
‘A’ or
modify the packet content and then send to ‘A’.

I understand that this is most definitely an ideal scenario as the
blocking
operation is involved, but the requirements are pretty stringent.

I just wanted to understand if Nginx can help me in this context. Does
Nginx
support such blocking operations? Basically the idea is that if one
request
matches for the Blocking Operation processing, the other
parallel/concurrent
requests should not be BLOCKED(or wait). In layman terms a scenario
where
every request has an independent thread and processing.

Can anyone suggest a solution for this problem.

Again I acknowledge that this might not be the best way forward but
somehow
we are constrained.

Looking forward to some great advice.

Many Thanks,
Abhi

Posted at Nginx Forum:

I think you need IPS/IDS in front of your nginx server Nginx can’t
capture packets, please read OSI layer.

CMIIW

Well, I intend to use Nginx as a proxy server. In doing so all my
traffic
will flow through the proxy. I then intend to write a module to do what
I
intend as the data will then inherently flow via my module.

I did a small proof of concept using HaProxy (which is also not an
IPS/IDS)
and was able to achieve what I intend, but unfortunately couldnt go
ahead
with it as it does not support blocking IO.

Thanks

Posted at Nginx Forum: