对于一个项目，我需要在apache级别进行HMAC身份验证。因此，我将解释的mod_示例扩展到这一点：

module AP_MODULE_DECLARE_DATA   hmac_module =
        {
                STANDARD20_MODULE_STUFF,
                NULL,            // Per-directory configuration handler
                NULL,            // Merge handler for per-directory configurations
                NULL,            // Per-server configuration handler
                NULL,            // Merge handler for per-server configurations
                NULL,            // Any directives we may have for httpd
                register_hooks   // Our hook registering function
        };


/* register_hooks: Adds a hook to the httpd process */
static void register_hooks(apr_pool_t *pool)
{

    /* Hook the request handler */
    ap_hook_handler(hmac_handler, NULL, NULL,APR_HOOK_REALLY_FIRST);
}

static int hmac_handler(request_rec *r)
{
    // ...
    // some variable definition
    // ...

    // Check that the "hmac-handler" handler is being called.
    if (!r->handler || strcmp(r->handler, "hmac-handler")) return (DECLINED);

    ap_args_to_table(r, &GET);
    ap_parse_form_data(r, NULL, &POST, -1, 8192);

    timestamp = apr_table_get(r->headers_in, "X-EPOCH");
    claimedHash = apr_table_get(r->headers_in, "X-HMAC");
    if (!timestamp){
        ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"Timestamp does not exits in request");
        return HTTP_FORBIDDEN;
    }
    if(!claimedHash){
        ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"There is no claimed hash in the request!");
        return HTTP_FORBIDDEN;
    }

    //...
    // calculate timestamp's sha1 hash
    //...

    if(strcmp(claimedHash,encoded)){
        ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"Claimed hash and digested values does not match,Claimed:%s , Target:%s",claimedHash,encoded);
        return HTTP_FORBIDDEN;
    }

    // Let Apache know that we responded to this request.
    return OK;
}

我终于自己明白了。与在处理程序阶段注册钩子不同，我应该在前面的阶段注册我的模块：访问检查程序。
如果有人感兴趣，可以在github找到最终代码。