Unset a header from a proxied response

Question

I have a proxy configuration under Apache 2.2 which passes all requests for /blog to a host I have no control over.

I want to unset a particular HTTP header (X-Powered-By: PHP) from the proxied response, so that it is not visible to the browser.

I tried this:

ProxyPass /blog http://blog.example.com
ProxyPassReverse /blog http://blog.example.com
Header Always Unset X-Powered-By

And also this variation:

<Location /blog>
    ProxyPass http://blog.example.com
    ProxyPassReverse http://blog.example.com
    Header Always Unset X-Powered-By
</Location>

In both cases, the header is sent through unchanged from the proxy. I also tried Header Always Edit, also no effect.

Interestingly, if I use Header Always Set X-Powered-By Test, the resulting response contains X-Powered-By: Test, PHP - i.e. my value is added before the one from the proxy. I suspect mod_proxy is running "too late" for mod_headers to manipulate the response.

Is there a way to make Header run "later", or some other directive which could manipulate the response after it comes back from the proxy.

I'm having this exact problem in 2.4, except with `Header always edit` (trying to modify cookies). Did you ever find a solution? Is `mod_proxy` fundamentally incompatible with `mod_headers`? — Coderer, May 28 '21 at 13:17

Unset a header from a proxied response

0 Answers0