Change the Server Signature in NginX - nginx

I wan to Hide the Server Signature in HTTP 400 Error HTML Error page footer in Nginx. After implementing Headers-more Module. The Server Signature is changed when an HTTP Package is requested:
>> curl -I localhost
Output
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.abshnb.com/
Server: Abshnb
But the HTTP 400 Error HTML Page is still returning the error page with "nginx" footer.

Here is a dead simple example of error_page directive where error response is generated by nginx itself:
server {
listen 8888;
server_tokens off;
...
error_page 400 502 #error;
location #error {
default_type text/html;
return 200 '<center><h1>$status</h1></center>';
}
location = /error400 {
return 400;
}
location = /error502 {
return 502;
}
Custom error handler:
$ http :8888/error400
HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 29
Content-Type: text/html
Date: Sat, 08 Feb 2020 11:43:05 GMT
Server: nginx
<center><h1>400</h1></center>
Default error handler:
$ http :8888/nonexistent
HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Sat, 08 Feb 2020 11:47:19 GMT
Server: nginx
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

Related

root context with preference over a regular expression

I have read the documentation and seems it is the same as explained here enter link description here, but during my tests the root context is having precedence over the regular expression one.
Does anyone know the reason?
See my nginx.conf file and a test curl I did to validate the configuration:
http {
server {
listen 80;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
location ~ /ui(/.*) {
try_files $1 $1/ #htmlext;
}
location #htmlext {
rewrite ^/ui(/\w*)(/.*)*$ $1.html last;
}
location / {
return 301 /ui$request_uri;
}
}
}
/ # curl -v http://localhost/ui/message?msg=error.forbidden
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /ui/message?msg=error.forbidden HTTP/1.1
> Host: localhost
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.19.0
< Date: Thu, 09 Jul 2020 22:34:49 GMT
< Content-Type: text/html
< Content-Length: 169
< Location: http://localhost/ui/ui/message?msg=error.forbidden
< Connection: keep-alive
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
* Connection #0 to host localhost left intact
As you can see in the curl it is redirecting my /ui/message page instead of rendering it. If I remove the location / from the configuration it seems working, if I remove the #htmlext location and add that logic in the location ~ /ui(/.*) it seems working too. Then I think the reason of my error is the #htmlext redirect.
Does anyone know why?
Thanks

"accept-ranges" header set to "none" instead of "bytes"

I was getting following response after making a curl request to an endpoint
HTTP/2 200
date: Mon, 24 Jun 2019 10:11:39 GMT
content-type: text/html; charset=UTF-8
content-length: 1952
server: nginx
x-powered-by: Express
cache-control: public, max-age=0
last-modified: Tue, 21 May 2019 10:11:37 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
accept-ranges: bytes
Ultimately, I don't want accept-ranges: bytes , instead it must be "accept-ranges: none"
I tried following in the nginx configurations
server {
.....
.....
.....
location / {
......
......
max_ranges 0;
proxy_force_ranges on;
......
}
}
What could be the possible issue ?
Did you tried removing "proxy_force_ranges on" ? It enables byte-range support for responses from the proxied server regardless of the “Accept-Ranges” field in these responses.

How to parse chunked HTTP content with Lua on nodemcu?

I have script which coomunicates between nodemcu and my server. It works good on my localhost and is parsing response retrieved from my server when I send GET request. Problem is when I upload it all on my website where transfer encoding is chunked. I am not able to retrieve content, although request is legitimate and correct. Code is written in Lua and I am trying to work on my NodeMCU device.
conn=net.createConnection(net.TCP, 0)
conn:on("connection",function(conn, payload)
conn:send("GET /mypath/node.php?id=1&update"..
" HTTP/1.1\r\n"..
"Host: www.mydomain.com\r\n"..
"Accept: */*\r\n"..
"User-Agent: Mozilla/4.0 (compatible; esp8266 Lua;)"..
"\r\n\r\n")
end)
conn:on("receive", function(conn, payload)
if string.find(payload, "UPDATE")~=nil then
node.restart()
end
conn:close()
conn = nil
end)
conn:connect(80,"www.mydomain.com")
end
Just to repeat that this GET request works and is tested manualy and on localhost. Only problem is with chunked content, I don't know how to parse it.
Update: I managed to remove chunked encoding by changing HTTP/1.1 to HTTP/1.0, but still I have problem
using this code
conn:on("receive", function(conn, payload)
print(payload)
I get this response
HTTP/1.1 200 OK
Date: Tue, 09 Jan 2018 02:34:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=9m226vr20r4baa634bagk8k2k3; path=/
Connection: close
Content-Type: text/html; charset=utf-8
Update 2.
I have just created one file http.php with text included "php". I have uploaded it to localhost and to my domain. Once I tried to access my localhost from nodemcu, and then to domain. Results were different
This is the request
conn:send("GET /"..s.path.."/http.php"..
" HTTP/1.0\r\n"..
"Host: "..s.domain.."\r\n"..
"Accept: */*\r\n"..
"User-Agent: Mozilla/4.0 (compatible; esp8266 Lua;)"..
"\r\n\r\n")
end)
s.domain and s.path correcponds to different paths and domains on localhost and my domain
Result on domain
HTTP/1.1 200 OK
Date: Tue, 09 Jan 2018 03:09:28 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
result on localhost
TTP/1.1 200 OK
Date: Tue, 09 Jan 2018 03:08:48 GMT
Server: Apache/2.4.27 (Win64) PHP/7.0.23
X-Powered-By: PHP/7.0.23
Content-Length: 3
Connection: close
Content-Type: text/html; charset=UTF-8
php
As you can see, localhost is showing content "php", and domain is showing only header. When I type some file which does not exists domain is showing me html code.
I'm using the following code to put the chunks together. I'm wondering anyways, why your response from the server is missing the Content-Length header.
conn:on("receive", function(client, payload)
-- Inspired by https://github.com/marcoskirsch/nodemcu-httpserver/blob/master/httpserver.lua
-- Collect data packets until the size of HTTP body meets the Content-Length stated in header
if payload:find("Content%-Length:") or bBodyMissing then
if fullPayload then fullPayload = fullPayload .. payload else fullPayload = payload end
if (tonumber(string.match(fullPayload, "%d+", fullPayload:find("Content%-Length:")+16)) > #fullPayload:sub(fullPayload:find("\r\n\r\n", 1, true)+4, #fullPayload)) then
bBodyMissing = true
return
else
payload = fullPayload
fullPayload, bBodyMissing = nil
end
end
if (bBodyMissing == nil) then
local _, headerEnd = payload:find("\r\n\r\n")
local body = payload:sub(headerEnd + 1)
print (body)
end
end)

Nginx "auth_request" like option for rate limiting

In Nginx I want to send a pre-request to another endpoint which checks for rate limiting violations. Basically exactly what auth_request does, but where auth_request only accepts authentication status codes (200, 401, 403), I want it to only allow rate limiting codes (200 or 429).
Is there a more general version of auth_request which could be used for this?
For now we're using auth_request, but the downside is it turns 429 status codes into 500s.
Thanks!
Below config works for me and returns a 429 instead of 500
events {
worker_connections 1024;
}
http {
server {
listen 80;
location /api {
auth_request /rate_limit;
error_page 500 = #rate_limit_error;
echo "You were allowed to access the API";
}
location #rate_limit_error {
return 429 "Limit has been exceeded\n";
}
location = /rate_limit {
internal;
return 400 "Access is not allowed";
}
}
}
The test shows the correct response
$ curl -v localhost/api?count=2
* Trying ::1...
* Connected to localhost (::1) port 80 (#0)
> GET /api?count=2 HTTP/1.1
> Host: localhost
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 429
< Server: openresty/1.11.2.2
< Date: Sat, 30 Sep 2017 18:50:56 GMT
< Content-Type: text/plain
< Content-Length: 24
< Connection: close
<
Limit has been exceeded
* Closing connection 0
If you don't want to return a message or something else. You can also use error_page 500 = 429;

How to write nginx rewrite rule for replacing query param in query string

folks!
We have following http request:
http://185.xxx.x.xx/auth/realms/master-realm/protocol/openid-connect/auth?response_type=code&client_id=regportal&redirect_uri=http%3A%2F%2Fsome.domain.com%2Fregportal%2Fsso%2Flogin&state=a49a02d5-f873-453f-9148-61793f11ecf3&login=true&scope=openid
We want to replace redirect_uri from "some.domain.com" to "other.domain.com".
How to do it?
Thanks
You need to do it like this
location /auth/realms/master-realm/protocol/openid-connect/auth {
if ($args ~* "(.*)(some\.domain\.com)(.*)") {
set $args "$1other.domain.com$3";
return 301 $scheme://$host$uri$args;
}
}
Test:
curl -I "vm/auth/realms/master-realm/protocol/openid-connect/auth?response_type=code&client_id=regportal&redirect_uri=http%3A%2F%2Fsome.domain.com%2Fregportal%2Fsso%2Flogin&state=a49a02d5-f873-453f-9148-61793f11ecf3&login=true&scope=openid"
HTTP/1.1 301 Moved Permanently
Server: openresty/1.11.2.2
Date: Fri, 15 Sep 2017 06:01:51 GMT
Content-Type: text/html
Content-Length: 191
Connection: keep-alive
Location: http://vm/auth/realms/master-realm/protocol/openid-connect/authresponse_type=code&client_id=regportal&redirect_uri=http%3A%2F%2Fother.domain.com%2Fregportal%2Fsso%2Flogin&state=a49a02d5-f873-453f-9148-61793f11ecf3&login=true&scope=openid

Resources