Published December 23rd, 2008

The module formally known as mod_wombat was renamed mod_lua, and has pulled into the Apache HTTP Server trunk, and will be part of the future 2.4 stable release.

For an example of why it is cool, lets look at replacing a common task with mod_rewrite: Blocking Image Theft.

The HTTPD wiki even has an example of how to do this for us:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !=""
RewriteCond %{HTTP_REFERER} !example\.com [NC]
RewriteRule \.(jpe?g|gif|png)$ - [F,NC]`

With the new mod_lua, you can do this using real if statements and functions.

For example:

<LuaHookTranslateName imagetheft>
function is_image(path)
   -- You could put complicated regular expressions here.
   if path:match("%a+.png") then
       return true
   return false

function imagetheft(r)
   if not is_image(r.uri) then
       return apache2.DECLINED

   referer = r:headers_in("Referer")
   if referer then
       if referer:find('') then
           return apache2.DECLINED
           r:err("Forbidden for Image Theft! uri=".. r.uri)
           return 403
   return apache2.DECLINED

While this example comes out signifigantly longer, I do believe in the long run it will let people write more maintainable configurations, espcially for things like complicated RewriteRules — since basic things that have long be obsecured into RewriteCond can now be easily accessed and evaluated with an If statement in Lua.

Much of the API is still in flux, but hopefully we will come up with some shortcut builtins that make many common taskes easier and shorter.

Written by Paul Querna, CTO @ ScaleFT. @pquerna