Authorizing HTTP proxy develop

Hi all

I am now developing a HTTP proxy based on nginx.
My HTTP proxy works as followed:

    Authorizing Server
           ^     |        +-(authorized)----> go straightly
   1      2|    3V      4 |

client -> HTTP proxy (nginx)–+
|
±(un-authorized)-> go to another web
server

The steps are:

  1. client sends a request to nginx
  2. nginx sends the client’s request to a authorizing server by socket
  3. nginx waits to receive the response from authorizing server
    the authorizing server will tell nginx whether the client have right
    to visit the web
    if the client have no right, the authorizing server will give another
    website for redirecting.
  4. nginx delivers the original client’s request to the web server
    according to the authorizing server’s response.

This means nginx has to do two socket communication.
The first is with authorizing server.
The second is with real web server.

The key is it should not be blocked by any steps.
So these two socket communication should be done by module.
I can’t create socket and read/write it myself. It will pull down the
nginx’s performance.

But how to create a two socket communication module or how to mount
two modules(one for authorizing, one for real server) to the same
location to deal with one request
. This is what bothers me long time.
Does anybody have good idea?

Best

You can make a subrequest on authorization phase. Recently I’ve made a
test and that worked.

----- Original Message -----
From: “Yan Cheng” [email protected]
To: [email protected]
Sent: Wednesday, November 26, 2008 10:27:00 AM GMT +01:00 Amsterdam /
Berlin / Bern / Rome / Stockholm / Vienna
Subject: Authorizing HTTP proxy develop

Hi all

I am now developing a HTTP proxy based on nginx.
My HTTP proxy works as followed:

    Authorizing Server
           ^     |        +-(authorized)----> go straightly
   1      2|    3V      4 |

client → HTTP proxy (nginx)–+
|
±(un-authorized)-> go to another web
server

The steps are:

  1. client sends a request to nginx
  2. nginx sends the client’s request to a authorizing server by socket
  3. nginx waits to receive the response from authorizing server
    the authorizing server will tell nginx whether the client have right
    to visit the web
    if the client have no right, the authorizing server will give another
    website for redirecting.
  4. nginx delivers the original client’s request to the web server
    according to the authorizing server’s response.

This means nginx has to do two socket communication.
The first is with authorizing server.
The second is with real web server.

The key is it should not be blocked by any steps.
So these two socket communication should be done by module.
I can’t create socket and read/write it myself. It will pull down the
nginx’s performance.

But how to create a two socket communication module or how to mount
two modules(one for authorizing, one for real server) to the same
location to deal with one request
. This is what bothers me long time.
Does anybody have good idea?

Best

I made a subrequest. but it does not follow my step
nginx send a request to subrequest uri and then send the reqeust(from
client) to the website.

what i want is nginx receive the response of subrequest before sending
the main request(the client’s request, which is to website he/she wants
to visit)
Cause the main request may be rewrote based on the response message of
subrequest.

If the client does not have the right to visit the website, need payment
for example but the client has not paid yet, authorizing server will
give nginx a another web for making the payment. nginx will rewrite the
client’s request, request-line and http header, and sends it to the
pay-site.

So I have to get the response from subrequest first.

Someone has ideas?
Thanks so much.

unknown wrote:

You can make a subrequest on authorization phase. Recently I’ve made a
test and that worked.

----- Original Message -----