now nginx has a list headers_in in ngx_http_request_t, my requirement to is do some change for example encoding to one of the header, I need do this in source code,
it seemes a little like the proxy_set_header command in configuration.
Directly set value in the table_elt_t seems rude,
Does any one has any idea?
You can modifying the request header by adding a new header to the upstream request and including string captures. Here's a simple example that replaces Mozilla/5.0 with Mozilla/6.0 in the User-Agent header:
set $ua $http_user_agent;
if ($http_user_agent ~ "^Mozilla/5.0 (.+)$") {
set $ua "Mozilla/6.0 $1";
}
proxy_set_header User-Agent $us;
Although, it sounds like you also want to apply some programatic transformation to your replaced header (you mention "encoding"), which I don't think is possible. There might be a different solution if you explain your problem in more detail with examples.
Related
I have a Python backend that is being reverse proxied by Apache/mod_proxy using fcgi (httpd 2.4 on rhel7).
I have a client that sets a custom header in the request, however mod_proxy does not appear to be sending that header on to the backend.
I know something similar exists for the host as ProxyPreserveHost - I would like to know how to do something similar for a custom header.
Can I do that with mod_proxy, or will I need to fall back on to mod_rewrite in some way?
TIA
It seems this line preserves the Header for reasons I don't quite understand:
SetEnvIf HTTP_MY_HEADER "(.*)" MY_HEADER=$0
The reason I don't understand this is that I am setting an Env var here, not a header -- are Env vars automatically turned into headers?
I though I might have to do this also, but was unnecessary:
RequestHeader set HTTP_MY_HEADER "${MY_HEADER}e"
I suppose this is an answer as "it works", although I would love to know why...
My Scenario
I want to add a cookie to the existing cookies sent by the user in the request header.
What I tried
So I decided to use RequestHeader directive
RequestHeader append Cookie "foo=bar"
The only problem is that RequestHeader appends the new value per definition with a comma (,) not with a semicolon (;). So my new cookies is "merged" with the old one in a strange way (probably because of the missing semicolon).
Or
RequestHeader append Cookie " foo=bar"
The request header is appended to any existing header of the same
name. When a new value is merged onto an existing header it is
separated from the existing header with a comma. This is the HTTP
standard way of giving a header multiple values. Apache Documentation
My question
Am I missing something or is RequestHeader not the right directive?
Environment: Apache/2.4.20, PHP/5.5.35, Ubuntu
It seem that using append for cookies does not work as expected.
After analysing what I actually needed, decided that setting a new RequestHeader was enough.
I think you should use the add method instead of append, also its not called Cookie, its Set-Cookie, Cookie, is just the name you see in the browser.
Header add Set-Cookie "mycookie=value; path=/; expires=Thu, 13 Dec 2018 13:31:00 -0000; HttpOnly"
Is there a way to set / replace / merge a header in nginx like its possible in apache?
regarding to this link http://nginx.org/en/docs/http/ngx_http_headers_module.html
it seems, that its only possible to add a header. This brings up some problems, if the header has already been set (e.g. through the php code) and should be replaced / changed to correct values.
For apache one can set / append / merge and add, http://httpd.apache.org/docs/2.2/mod/mod_headers.html
this is kinda basic feature, so it should be possible in nginx somehow, but i cant find out.
Take a look at HttpHeadersMoreModule.
This module allows you to add, set, or clear any output or input header that you specify.
This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server.
It also allows you to specify an optional HTTP status code criteria using the -s option and an optional content type criteria using the -t option while modifying the output headers with the more_set_headers and more_clear_headers directives.
Source: http://wiki.nginx.org/HttpHeadersMoreModule
Actually the Nginx "add_header" directive will not overwrite the header but add the value to it if it exists.
It is not so clear from the docs however: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
But in the HttpHeadersMoreModule docs (https://github.com/openresty/headers-more-nginx-module#more_set_headers) it says:
"If you want to add headers incrementally, use the standard add_header directive instead."
I'm trying to get CORS functioning with multiple domains.
Header add Access-Control-Allow-Origin "http://localhost, http://multiplay.io"
However, it seems that most browsers only support one domain. I've been told that the solution is to set the header per incoming domain.
How do you do this using the .htaccess file?
If it's only two values you wish to alternate between, you can use SetEnvIf to differentiate between the two.
SetEnvIf Referer "^http://localhost/" is_localhost
Header add Access-Control-Allow-Origin http://localhost env=is_localhost
Header add Access-Control-Allow-Origin http://multiplay.io env!=is_localhost
There may be a more elegant solution, but something like the above (untested) directives should work.
(Note that it is trivial to forge a Referer header, so be aware of the security implications of forged Referer headers when using Referer headers for pretty much anything.)
Additionally, if you just want to allow all hosts, you can specify * instead of listing multiple hostnames:
Header add Access-Control-Allow-Origin *
But I assume you already knew that and don't want to be that permissive.
How many characters can the value of the X-Forwarded-For (XFF) HTTP header value be?
Example is:
X-Forwarded-For: client1, proxy1, proxy2
AFAIK, there is no limit. Note that you shouldn't rely on its value; it can be spoofed easily. (Note however that if you're using a load-balancing proxy that overwrites this value, you can rely on it as you're setting it yourself)
See this, this and this (related SO questions).
The spec does not specify a limit (so, unlimited, in theory). However, there is a limit that is implementation specific.
IIS 6/7 allow up to 16K per header, apache will default to 8K.