Using nginx lua / perl or any other module to track failed authentication attempts

Question

i am trying to build something which i don't know is possible, so i need some guidance. Basically my requirements are as following

1- Whenever user tries to authenticate using HTTP auth on nginx, i want to track if the authentication failed (so it can be some code that runs after an authentication failure), to track (lets say in a hashmap) the username

2- When the user tries to login x amount of times , within x period, i want to be able to "disable". For disabling them i want to lets say mark them in a database as disabled so they can't login anymore.

So the code will

1- Before the auth attempt checks the DB table if the account is disabled and if it is rejects it

2- After the Authentication attempt if the auth is unsuccessful , it will put them in a hash table to track how many times it fails, and if a certain thrash hold is met, will call a function to diable the account in the DB table.

Is all of the above possible using the nginx modules like lua or perl etc, if yes can someone explain to me how do i go about doing it? Any pointers will help

Answer 1

Trivial solution is to use nginx's auth request module, which will allow you to offload authentication checks to a backend and do your own authentication checks in your favorite language. See README for details.