We have one instance where we need a filter to run _before_ rp_filter, the filter that generally processes every request. The existing override of rp_filter is rp_resources_filter which handles unauthenticated access to public files such as icons, css files etc. Things where it does not make sense to check pemmissions on every request.
I have a new requirement to support HTTP authentication for RSS feeds. In this we need to run a filter before rp_filter. I did a hack that works by calling ns_register_filter in the WebDAV support package that sort of worked but requires all URLs to have a certain prefix.
In the case of rss feeds, I wanted to retain the context of the URL (I need to know the URL to check permissions) so I setup rp_filter with a priority, just like all the other filters. I set the rp_filter priority to 0 and the rp_resources_filter priority to -1000 so now you can register a filter between these two filters by calling ad_register_filter with a priority between -1000 and 0. It works.
There are some other issues where some code to setup a session needs to be called, but the HTTP authentication code works correctly with this change.
What does everyone think? This change seems to make the priority setting of rp_filter a little more useful, although you need to understand the security implications of overriding rp_filter.