updated docs to reflect recent changes.

README

@@ -8,9 +8,9 @@ Status
     This module is under active development and is production ready.
 
 Version
-    This document describes ngx_lua v0.3.1rc42
-    (<https://github.com/chaoslawful/lua-nginx-module/tags>) released on 24
-    December 2011.
+    This document describes ngx_lua v0.3.1rc45
+    (<https://github.com/chaoslawful/lua-nginx-module/tags>) released on 4
+    January 2012.
 
 Synopsis
         # set search paths for pure Lua external libraries (';;' is the default path):
@@ -395,7 +395,7 @@ Directives
 
     context: *http, server, location, location if*
 
-    phase: *post-rewrite*
+    phase: *rewrite tail*
 
     Acts as a rewrite phase handler and executes lua code string specified
     in "<lua-script-str>" for every request. The Lua code may make API calls
@@ -514,7 +514,7 @@ Directives
 
     context: *http, server, location, location if*
 
-    phase: *post-rewrite*
+    phase: *rewrite tail*
 
     Equivalent to rewrite_by_lua, except that the file specified by
     "<path-to-lua-script-file>" contains the Lua code to be executed.
@@ -534,7 +534,7 @@ Directives
 
     context: *http, server, location, location if*
 
-    phase: *post-access*
+    phase: *access tail*
 
     Acts as an access phase handler and executes lua code string specified
     in "<lua-script-str>" for every request. The Lua code may make API calls
@@ -607,7 +607,7 @@ Directives
 
     context: *http, server, location, location if*
 
-    phase: *post-access*
+    phase: *access tail*
 
     Equivalent to access_by_lua, except that the file specified by
     "<path-to-lua-script-file>" contains the Lua code to be executed.
@@ -792,9 +792,15 @@ Nginx API for Lua
     syntax: *ngx.var.VAR_NAME*
 
     context: *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*,
-    header_filter_by_lua** value = ngx.var.some_nginx_variable_name
-    ngx.var.some_nginx_variable_name = value Note that you can only write to
-    nginx variables that are already defined. For example:
+    header_filter_by_lua**
+
+    Read and write Nginx variable values.
+
+        value = ngx.var.some_nginx_variable_name
+        ngx.var.some_nginx_variable_name = value
+
+    Note that you can only write to nginx variables that are already
+    defined. For example:
 
         location /foo {
             set $my_var ''; # this line is required to create $my_var at config time
@@ -1520,7 +1526,7 @@ Nginx API for Lua
     See also ngx.req.set_uri.
 
   ngx.req.get_uri_args
-    syntax: *args = ngx.req.get_uri_args()*
+    syntax: *args = ngx.req.get_uri_args(count_limit?)*
 
     context: *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*,
     header_filter_by_lua**
@@ -1585,8 +1591,24 @@ Nginx API for Lua
 
     regardless of the actual request query string.
 
+    By default, this method only parses at most 100 query arguments
+    (including those with the same name) to defend DoS attacks, and
+    remaining ones are silently discarded. The user can specify a custom
+    argument count limit via the optional "count_limit" function argument:
+
+        local args = ngx.req.get_uri_args(10)
+
+    then only up to 10 query arguments are parsed.
+
+    If the user wants to remove the limit, she can just specifies 0, for
+    instance,
+
+        local args = ngx.req.get_uri_args(0)
+
+    but this is strongly discouraged due to security considerations.
+
   ngx.req.get_post_args
-    syntax: *ngx.req.get_post_args()*
+    syntax: *ngx.req.get_post_args(count_limit?)*
 
     context: *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*,
     header_filter_by_lua**
@@ -1652,8 +1674,24 @@ Nginx API for Lua
     Empty key arguments are discarded, for instance, "POST /test" with body
     "=hello&=world" will yield empty outputs.
 
+    By default, this method only parses at most 100 query arguments
+    (including those with the same name) to defend DoS attacks, and
+    remaining ones are silently discarded. The user can specify a custom
+    argument count limit via the optional "count_limit" function argument:
+
+        local args = ngx.req.get_post_args(10)
+
+    then only up to 10 query arguments are parsed.
+
+    If the user wants to remove the limit, she can just specifies 0, for
+    instance,
+
+        local args = ngx.req.get_post_args(0)
+
+    but this is strongly discouraged due to security considerations.
+
   ngx.req.get_headers
-    syntax: *headers = ngx.req.get_headers()*
+    syntax: *headers = ngx.req.get_headers(count_limit?)*
 
     context: *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*,
     header_filter_by_lua**
@@ -1685,6 +1723,22 @@ Nginx API for Lua
     Another way to read individual request headers is to use
     "ngx.var.http_HEADER", that is, nginx's standard $http_HEADER variables.
 
+    By default, this method only collects at most 100 request headers
+    (including those with the same name) to defend DoS attacks, and
+    remaining ones are silently discarded. The user can specify a custom
+    header count limit via the optional "count_limit" function argument:
+
+        local args = ngx.req.get_headers(10)
+
+    then only up to 10 request headers are parsed.
+
+    If the user wants to remove the limit, she can just specifies 0, for
+    instance,
+
+        local args = ngx.req.get_headers(0)
+
+    but this is strongly discouraged due to security considerations.
+
   ngx.req.set_header
     syntax: *ngx.req.set_header(header_name, header_value)*
 

README.markdown

@@ -13,7 +13,7 @@ This module is under active development and is production ready.
 Version
 =======
 
-This document describes ngx_lua [v0.3.1rc42](https://github.com/chaoslawful/lua-nginx-module/tags) released on 24 December 2011.
+This document describes ngx_lua [v0.3.1rc45](https://github.com/chaoslawful/lua-nginx-module/tags) released on 4 January 2012.
 
 Synopsis
 ========
@@ -381,7 +381,7 @@ rewrite_by_lua
 
 **context:** *http, server, location, location if*
 
-**phase:** *post-rewrite*
+**phase:** *rewrite tail*
 
 Acts as a rewrite phase handler and executes lua code string specified in `<lua-script-str>` for every request.
 The Lua code may make [API calls](http://wiki.nginx.org/HttpLuaModule#Nginx_API_for_Lua) and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
@@ -495,7 +495,7 @@ rewrite_by_lua_file
 
 **context:** *http, server, location, location if*
 
-**phase:** *post-rewrite*
+**phase:** *rewrite tail*
 
 Equivalent to [rewrite_by_lua](http://wiki.nginx.org/HttpLuaModule#rewrite_by_lua), except that the file specified by `<path-to-lua-script-file>` contains the Lua code to be executed.
 
@@ -510,7 +510,7 @@ access_by_lua
 
 **context:** *http, server, location, location if*
 
-**phase:** *post-access*
+**phase:** *access tail*
 
 Acts as an access phase handler and executes lua code string specified in `<lua-script-str>` for every request.
 The Lua code may make [API calls](http://wiki.nginx.org/HttpLuaModule#Nginx_API_for_Lua) and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
@@ -578,7 +578,7 @@ access_by_lua_file
 
 **context:** *http, server, location, location if*
 
-**phase:** *post-access*
+**phase:** *access tail*
 
 Equivalent to [access_by_lua](http://wiki.nginx.org/HttpLuaModule#access_by_lua), except that the file specified by `<path-to-lua-script-file>` contains the Lua code to be executed.
 
@@ -749,9 +749,13 @@ ngx.var.VARIABLE
 
 **context:** *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua**
 
+Read and write Nginx variable values.
+
+
     value = ngx.var.some_nginx_variable_name
     ngx.var.some_nginx_variable_name = value
 
+
 Note that you can only write to nginx variables that are already defined.
 For example:
 
@@ -1504,7 +1508,7 @@ See also [ngx.req.set_uri](http://wiki.nginx.org/HttpLuaModule#ngx.req.set_uri).
 
 ngx.req.get_uri_args
 --------------------
-**syntax:** *args = ngx.req.get_uri_args()*
+**syntax:** *args = ngx.req.get_uri_args(count_limit?)*
 
 **context:** *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua**
 
@@ -1573,9 +1577,25 @@ Here the `args` table will always look like
 
 regardless of the actual request query string.
 
+By default, this method only parses at most `100` query arguments (including those with the same name) to defend DoS attacks, and remaining ones are silently discarded. The user can specify a custom argument count limit via the optional `count_limit` function argument:
+
+
+    local args = ngx.req.get_uri_args(10)
+
+
+then only up to `10` query arguments are parsed.
+
+If the user wants to remove the limit, she can just specifies `0`, for instance,
+
+
+    local args = ngx.req.get_uri_args(0)
+
+
+but this is strongly discouraged due to security considerations.
+
 ngx.req.get_post_args
 ---------------------
-**syntax:** *ngx.req.get_post_args()*
+**syntax:** *ngx.req.get_post_args(count_limit?)*
 
 **context:** *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua**
 
@@ -1644,9 +1664,25 @@ That is, they will take Lua boolean values `true`. However, they're different fr
 
 Empty key arguments are discarded, for instance, `POST /test` with body `=hello&=world` will yield empty outputs.
 
+By default, this method only parses at most `100` query arguments (including those with the same name) to defend DoS attacks, and remaining ones are silently discarded. The user can specify a custom argument count limit via the optional `count_limit` function argument:
+
+
+    local args = ngx.req.get_post_args(10)
+
+
+then only up to `10` query arguments are parsed.
+
+If the user wants to remove the limit, she can just specifies `0`, for instance,
+
+
+    local args = ngx.req.get_post_args(0)
+
+
+but this is strongly discouraged due to security considerations.
+
 ngx.req.get_headers
 -------------------
-**syntax:** *headers = ngx.req.get_headers()*
+**syntax:** *headers = ngx.req.get_headers(count_limit?)*
 
 **context:** *set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua**
 
@@ -1683,6 +1719,22 @@ the value of `ngx.req.get_headers()["Foo"]` will be a Lua (array) table like thi
 
 Another way to read individual request headers is to use `ngx.var.http_HEADER`, that is, nginx's standard [$http_HEADER](http://wiki.nginx.org/HttpCoreModule#.24http_HEADER) variables.
 
+By default, this method only collects at most 100 request headers (including those with the same name) to defend DoS attacks, and remaining ones are silently discarded. The user can specify a custom header count limit via the optional `count_limit` function argument:
+
+
+    local args = ngx.req.get_headers(10)
+
+
+then only up to `10` request headers are parsed.
+
+If the user wants to remove the limit, she can just specifies `0`, for instance,
+
+
+    local args = ngx.req.get_headers(0)
+
+
+but this is strongly discouraged due to security considerations.
+
 ngx.req.set_header
 ------------------
 **syntax:** *ngx.req.set_header(header_name, header_value)*

doc/HttpLuaModule.wiki

@@ -10,7 +10,7 @@ This module is under active development and is production ready.
 
 = Version =
 
-This document describes ngx_lua [https://github.com/chaoslawful/lua-nginx-module/tags v0.3.1rc42] released on 24 December 2011.
+This document describes ngx_lua [https://github.com/chaoslawful/lua-nginx-module/tags v0.3.1rc45] released on 4 January 2012.
 
 = Synopsis =
 <geshi lang="nginx">
@@ -366,7 +366,7 @@ switching [[#lua_code_cache|lua_code_cache]] <code>off</code> in your <code>ngin
 
 '''context:''' ''http, server, location, location if''
 
-'''phase:''' ''post-rewrite''
+'''phase:''' ''rewrite tail''
 
 Acts as a rewrite phase handler and executes lua code string specified in <code><lua-script-str></code> for every request.
 The Lua code may make [[#Nginx API for Lua|API calls]] and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
@@ -479,7 +479,7 @@ Here the Lua code <code>ngx.exit(503)</code> will never run. This will be the ca
 
 '''context:''' ''http, server, location, location if''
 
-'''phase:''' ''post-rewrite''
+'''phase:''' ''rewrite tail''
 
 Equivalent to [[#rewrite_by_lua|rewrite_by_lua]], except that the file specified by <code><path-to-lua-script-file></code> contains the Lua code to be executed.
 
@@ -493,7 +493,7 @@ When the Lua code cache is on (default state), the user code is loaded once at t
 
 '''context:''' ''http, server, location, location if''
 
-'''phase:''' ''post-access''
+'''phase:''' ''access tail''
 
 Acts as an access phase handler and executes lua code string specified in <code><lua-script-str></code> for every request.
 The Lua code may make [[#Nginx API for Lua|API calls]] and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
@@ -560,7 +560,7 @@ Note that when calling <code>ngx.exit(ngx.OK)</code> within a [[#access_by_lua|a
 
 '''context:''' ''http, server, location, location if''
 
-'''phase:''' ''post-access''
+'''phase:''' ''access tail''
 
 Equivalent to [[#access_by_lua|access_by_lua]], except that the file specified by <code><path-to-lua-script-file></code> contains the Lua code to be executed.
 
@@ -722,10 +722,14 @@ that outputs <code>88</code>, the sum of <code>32</code> and <code>56</code>.
 '''syntax:''' ''ngx.var.VAR_NAME''
 
 '''context:''' ''set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*''
+
+Read and write Nginx variable values.
+
 <geshi lang="nginx">
     value = ngx.var.some_nginx_variable_name
     ngx.var.some_nginx_variable_name = value
 </geshi>
+
 Note that you can only write to nginx variables that are already defined.
 For example:
 
@@ -1465,7 +1469,7 @@ This interface was first introduced in the <code>v0.3.1rc13</code> release.
 See also [[#ngx.req.set_uri|ngx.req.set_uri]].
 
 == ngx.req.get_uri_args ==
-'''syntax:''' ''args = ngx.req.get_uri_args()''
+'''syntax:''' ''args = ngx.req.get_uri_args(count_limit?)''
 
 '''context:''' ''set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*''
 
@@ -1534,8 +1538,24 @@ Here the <code>args</code> table will always look like
 
 regardless of the actual request query string.
 
+By default, this method only parses at most <code>100</code> query arguments (including those with the same name) to defend DoS attacks, and remaining ones are silently discarded. The user can specify a custom argument count limit via the optional <code>count_limit</code> function argument:
+
+<geshi lang="lua">
+    local args = ngx.req.get_uri_args(10)
+</geshi>
+
+then only up to <code>10</code> query arguments are parsed.
+
+If the user wants to remove the limit, she can just specifies <code>0</code>, for instance,
+
+<geshi lang="lua">
+    local args = ngx.req.get_uri_args(0)
+</geshi>
+
+but this is strongly discouraged due to security considerations.
+
 == ngx.req.get_post_args ==
-'''syntax:''' ''ngx.req.get_post_args()''
+'''syntax:''' ''ngx.req.get_post_args(count_limit?)''
 
 '''context:''' ''set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*''
 
@@ -1604,8 +1624,24 @@ That is, they will take Lua boolean values <code>true</code>. However, they're d
 
 Empty key arguments are discarded, for instance, <code>POST /test</code> with body <code>=hello&=world</code> will yield empty outputs.
 
+By default, this method only parses at most <code>100</code> query arguments (including those with the same name) to defend DoS attacks, and remaining ones are silently discarded. The user can specify a custom argument count limit via the optional <code>count_limit</code> function argument:
+
+<geshi lang="lua">
+    local args = ngx.req.get_post_args(10)
+</geshi>
+
+then only up to <code>10</code> query arguments are parsed.
+
+If the user wants to remove the limit, she can just specifies <code>0</code>, for instance,
+
+<geshi lang="lua">
+    local args = ngx.req.get_post_args(0)
+</geshi>
+
+but this is strongly discouraged due to security considerations.
+
 == ngx.req.get_headers ==
-'''syntax:''' ''headers = ngx.req.get_headers()''
+'''syntax:''' ''headers = ngx.req.get_headers(count_limit?)''
 
 '''context:''' ''set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*''
 
@@ -1642,6 +1678,22 @@ the value of <code>ngx.req.get_headers()["Foo"]</code> will be a Lua (array) tab
 
 Another way to read individual request headers is to use <code>ngx.var.http_HEADER</code>, that is, nginx's standard [[HttpCoreModule#$http_HEADER|$http_HEADER]] variables.
 
+By default, this method only collects at most 100 request headers (including those with the same name) to defend DoS attacks, and remaining ones are silently discarded. The user can specify a custom header count limit via the optional <code>count_limit</code> function argument:
+
+<geshi lang="lua">
+    local args = ngx.req.get_headers(10)
+</geshi>
+
+then only up to <code>10</code> request headers are parsed.
+
+If the user wants to remove the limit, she can just specifies <code>0</code>, for instance,
+
+<geshi lang="lua">
+    local args = ngx.req.get_headers(0)
+</geshi>
+
+but this is strongly discouraged due to security considerations.
+
 == ngx.req.set_header ==
 '''syntax:''' ''ngx.req.set_header(header_name, header_value)''