I have a Nginx websocket reverse proxy and I would like to hide a HTTP header from the client request.
proxy_hide_header hides the server response headers and can't be used for hiding client request headers.
I would like to do that because the websocket server behind nginx doesn't work well with the websocket extension "permessage-deflate" so I would like to remove the Sec-WebSocket-Extensions header from client requests.
You can set a header value to void and Nginx will drop it :
proxy_set_header Sec-WebSocket-Extensions "";
The official documentation explains the correct way to remove a client request header:
If the value of a header field is an empty string then this field will not be passed to a proxied server:
proxy_set_header Accept-Encoding "";
In case that wasn't clear, this is more than just a workaround to mask the value; the entire header will be dropped.
Related
Is there any way to tell nginx to ignore missing HTTP headers when proxying requests?
There is an existing proprietary HTTP Server sending requests without any header. The Server can not be configured. I need various endpoints from this server in a web application. Therefore I want to setup my nginx to proxy requests to this server. I have location configuration in my regular server.
location /api/ {
proxy_pass http://localhost:80/;
}
When calling corresponding URIs nginx complains:
upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 127.0.0.1, server: localhost, request: ....
Is there any way to tell nginx not to expect any headers, and just to forward the received payload?
Thanks for your help!
Kind regards,
Andreas
Edit: Ok, found server is using http 0.9, when calling curl directly to the server threw an error:
curl: (1) Received HTTP/0.9 when not allowed
Using the option --http0.9 got the desired result. (Which is received in a browser without further ado). Any chance to tell nginx to proxy to an http 0.9 server?
You can configure nginx to ignore missing headers by setting the proxy_ignore_headers directive to "X-Accel-Expires" and "Expires". This will tell nginx to ignore those specific headers and not expect them to be present when proxying requests.
You can add this to the location block in your nginx configuration:
proxy_ignore_headers X-Accel-Expires Expires;
Additionally, proxy_pass_request_headers off; could be used, this tells nginx to ignore all headers passed to the proxied server.
As for the payload, as long as the underlying protocol is HTTP, it should be fine, as the payload will be sent in the body of the HTTP request.
So your location block could look like this
location /api/ {
proxy_pass http://localhost:80/;
proxy_pass_request_headers off;
}
Please note that this is may not be recommended, as the missing headers may contain important information like authentication and should be handled correctly.
I'm using NGINX as a proxy cache server for my image optimization, and want to pass the accept HTTP header from the client's request to the backend through the proxy.
Is this possible and if so, how can I do this?
The reason why I want to do this is that because the backend decides based on the accept header the file format of the response.
Thanks in advance for your help!
You need to set
proxy_pass_request_headers on;
in your proxy settings block
I have a question regarding how HTTP Proxies usually handle the "X-Forwarded-Host" header. Consider the following scenario where a client sends a HTTP request through a chain of proxies:
Client -> Proxy 1 (http://proxy1.com) -> Proxy 2 (http://proxy2.com) -> Server (http://server.com)
Proxy 1 sets the "X-Forwarded-Host" header to its own endpoint:
X-Forwarded-Host: proxy1.com
What behavior is expected from the second proxy? Does it replace the header and again use its own endpoint as the value (proxy2.com), or is it supposed to detect that a "X-Forwarded-Host" header is already present in the request and simply forward this header? Reading https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host:
The X-Forwarded-Host (XFH) header is a de-facto standard header for identifying the original host requested by the client in the Host HTTP request header.
I suspect it is the latter (simply forward the existing header), but I am not sure if this assumption is correct. Any help is appreciated.
The Upstream server is wowza , which does not accept the custom headers if I don't enable them on application level.
Nginx is working as a proxy server, from the browser I want to send few custom headers which should be received and logged by Nginx Proxy but before forwarding request to upstream server those headers should be removed from the request.
So upstream server never come to know that there where any custom headers.
I tried proxy_hide_header as well as proxy_set_header "<header>" "" , but seems like they apply to response headers not the request headers.
And even if I accept to enable the headers on wowza, then again I am not able to find a way to enable headers at server level for all application. Currenlty I have to add headers to each newly created application which is not feasible for me to do.
Any help would be appreciated.
The proxy_set_header HEADER "" does exactly what you expect. See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header.
If the value of a header field is an empty string then this field will not be passed to a proxied server:
proxy_set_header Accept-Encoding "";
I have just confirmed this is working as documented, I used Nginx v1.12.
Is it possible to remove the referer completely using Nginx reverse proxy configuration.
Set proxy header to an empty string.
proxy_set_header Referer "";