The new auth_delay directive for delaying unauthorized requests. The request processing is delayed by a timer. Since nginx updates internal time once at the start of each event loop iteration, this normally ensures constant time delay, adding a mitigation from time-based attacks. A notable exception to this is the case when there are no additional events before the timer expires. To ensure constant-time processing in this case as well, we trigger an additional event loop iteration by posting a dummy event for the next event loop iteration.

# Copyright (C) Igor Sysoev
# Copyright (C) Nginx, Inc.


ngx_include="unistd.h";      . auto/include
ngx_include="inttypes.h";    . auto/include
ngx_include="limits.h";      . auto/include
ngx_include="sys/filio.h";   . auto/include
ngx_include="sys/param.h";   . auto/include
ngx_include="sys/mount.h";   . auto/include
ngx_include="sys/statvfs.h"; . auto/include
ngx_include="crypt.h";       . auto/include