Hello
When we configure nginx without modsecurity body filter, then the
response is processed in two stages. First the headers are processed
followed by the body filters
If however, modsecurity is configured, then modsecurity body filter may
once again call the entire chain of headers filter via a call to
rc = ngx_http_next_header_filter®; in the routine
ngx_http_modsecurity_body_filter.
This means that any header filter that is configured will end up
processing the same response header twice. This means that header filter
should be stateful in that it should know if it is invoked multiple
times and allocate ctx only once.
Is this the way the design of body and header filters expected to be?
Thanks for any answers