[andrewstuart]

Similar but not quite the same is "forward auth" which is supported in Caddy, Nginx and Traefik Proxy and others as well.

With "forward auth", when the server receives a request it first sends the key information about the request to a separate HTTP server - if the response is a 200 then the proxy server continues processing the request, any other response rejects the request.

You can do all sorts of authorization and authentication and some validation (the request body is not typically sent to the forward auth server).

I wrote Checkpoint401 which is a forward auth server desgined specifically for doing the job of handling forward auth requests from proxy servers. Its written in TypeScript/Deno - all you do is write short authorization functions. https://github.com/crowdwave/checkpoint401

One of the good things about forward auth is that it is not a proxy so it is not sitting as a barrier in between client and server shoveling data back and forth - forward auth focuses only on examining the inbound request - this makes things more simple.

Forward auth does not have all the validation and filtering which Dracan seems to have but they solve some similar problems.