The new auth_delay directive for delaying unauthorized requests.

The request processing is delayed by a timer. Since nginx updates internal time once at the start of each event loop iteration, this normally ensures constant time delay, adding a mitigation from time-based attacks. A notable exception to this is the case when there are no additional events before the timer expires. To ensure constant-time processing in this case as well, we trigger an additional event loop iteration by posting a dummy event for the next event loop iteration.
author: Ruslan Ermilov <ru@nginx.com> 2020-04-08 01:02:17 +0300
committer: Ruslan Ermilov <ru@nginx.com> 2020-04-08 01:02:17 +0300
commit: b82c08f6102d65a5e5902e6fa85082e184a75003 (patch)
tree: d5b20ceb8275a543c044fe6f2b7747204c45ed41 /src/http/ngx_http_core_module.h
parent: 65ae8b315211988a821bdc32050768f41571ddae (diff)
download: nginx-b82c08f6102d65a5e5902e6fa85082e184a75003.tar.gz
nginx-b82c08f6102d65a5e5902e6fa85082e184a75003.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
index f5434cc51..2aadae7ff 100644
--- a/src/http/ngx_http_core_module.h
+++ b/src/http/ngx_http_core_module.h
@@ -363,6 +363,7 @@ struct ngx_http_core_loc_conf_s {
     ngx_msec_t    lingering_time;          /* lingering_time */
     ngx_msec_t    lingering_timeout;       /* lingering_timeout */
     ngx_msec_t    resolver_timeout;        /* resolver_timeout */
+    ngx_msec_t    auth_delay;              /* auth_delay */
 
     ngx_resolver_t  *resolver;             /* resolver */
author	Ruslan Ermilov <ru@nginx.com>	2020-04-08 01:02:17 +0300
committer	Ruslan Ermilov <ru@nginx.com>	2020-04-08 01:02:17 +0300
commit	b82c08f6102d65a5e5902e6fa85082e184a75003 (patch)
tree	d5b20ceb8275a543c044fe6f2b7747204c45ed41 /src/http/ngx_http_core_module.h
parent	65ae8b315211988a821bdc32050768f41571ddae (diff)
download	nginx-b82c08f6102d65a5e5902e6fa85082e184a75003.tar.gz nginx-b82c08f6102d65a5e5902e6fa85082e184a75003.zip