Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
2
votes
2 answers

How should web servers handle requests with incorrect Host header?

I am getting a number of requests to my site with the Host header set incorrectly (most commonly to the IP address instead of domain name). Currently I am returning 400 Bad Request. I am thinking of returning 301 or 302, but not sure if it's a good…
Flash
  • 119
  • 5
2
votes
0 answers

ModSecurity and custom headers

How can we add a custom header using the 'msg' value from a ModSecurity rule, for all rules triggered? I'm basically trying to track the ModSec block reason at an edge point (Varnish) based on Apache's response. For example, I would like: SecRule…
Andrei
  • 124
  • 1
  • 7
2
votes
1 answer

How to tell which Web Node is serving Content?

I have a loadbalancer that distributes traffic to 1 of 5 Web Nodes. Is there an easy way to tell what Web Node I am talking to when it serves me content. For example whould I implement a Header in Apache? Add a hidden HTML element on each…
go0n
  • 59
  • 1
  • 6
2
votes
1 answer

htaccess conditional header set is ignoring the condition

I'm trying to set headers if the origin is a particular site to solve a resource conflict I'm having (using Mautic hosted on a subdomain). If I add the headers for any situation I get a 500 error when I try to use Mautic, but the resource being…
Elenchus
  • 121
  • 4
2
votes
1 answer

Prevent varnish from caching page when backend explicitly sets Cache-Control: no-cache?

There are times when certain pages need to avoid being cached, and they all have the following response header set by the backend: Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Varnish, however, happily caches these pages…
Anonymous
  • 131
  • 5
2
votes
1 answer

What's the best way to set Cache-Control headers in Apache2?

Under this link you have some examples on how to set Cache-Control headers in Apache2 server. So generally, there are three different approaches to have these headers set: Using both mod_expires + mod_headers Using only mod_headers Using only…
Mikhail Morfikov
  • 966
  • 1
  • 10
  • 12
2
votes
0 answers

HAProxy, why would a replaced HTTP header have a number at the end?

Can someone explain what the "X-Forwarded-Proto2" header is in this HAProxy frontend stanza?: frontend main *:443 ... reqirep ^(X-Forwarded-Proto:)(.*) X-Forwarded-Proto2:\2 ... I understand that HAProxy is injecting a HTTP header. But why…
blindsnowmobile
  • 377
  • 1
  • 5
  • 16
2
votes
0 answers

Cookie Secure Flag not persistent

I'm trying to implement a Secure flag for all cookies. I'm doing this via Headers. Here's how I did it: Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4" It successfully does its job on the first load. But on the…
jarvis
  • 2,006
  • 4
  • 18
  • 31
2
votes
0 answers

Very long useragent

We have requests in our server log with a very long useragent: HEADER: user-agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0; WUID=4bddaa48430e60af6132822cd6fab6c4; WTB=2873; WUID=4bddaa48430e60af6132822cd6fab6c4; WTB=2873;…
wutzebaer
  • 129
  • 8
2
votes
1 answer

Content security policy: blocked uri "about"

I am implementing Content security policy to my website headers. I currently have it on report-only setting for testing. My server is Apache 2.4.7. After setting up some policies I keep seeing reports like this: "csp-report": { …
Madoc Comadrin
  • 570
  • 4
  • 11
  • 29
2
votes
1 answer

Disable User-Agent based Vary header response in nginx?

It seems that nginx includes a Vary: Accept-Encoding header in some cases regardless of the file types I specify via "gzip_types". I do not have much experience with nginx. Does it in fact send Vary: Accept-Encoding headers depending on the…
Structure
  • 185
  • 1
  • 4
  • 9
2
votes
1 answer

$sent_http_ variables disappear in Nginx in some circumstances

I face a strange issue with Nginx. This is a minimal config that reproduce the error: server { server_name mydomain.com; listen 111.111.111.111:80; root /some/path; set $some_var …
Oleg
  • 276
  • 4
  • 18
2
votes
1 answer

Access to Proxy Protocol address within HAProxy

I am running HAProxy that is receiving layer 4 proxy protocol from an upstream source. I have a need to create a custom HTTP header with the address contained there. I can't seem to find how I can reference that TCP header. Below is a sample of what…
Justin Talbott
  • 123
  • 1
  • 5
2
votes
1 answer

nginx force http header overwrite

We had some misplaced http headers on our sites set up for around one day which creates problems on some of our subdomains. Resolving this fault is pretty hard because the headers we sent are valid for a long time (182,5 days(!)) and so we cannot…
Flatron
  • 318
  • 2
  • 5
  • 19
2
votes
1 answer

How to stop tinyproxy from using "Proxy-Connection" header

I just setup tinyproxy for the first time, and I'm trying to make it mimic a normal connection as closely as possible. I already disabled the Via header, but I'm not sure how to change the Proxy-Connection:keep-alive header. I would like for it to…
Indigenuity
  • 123
  • 1
  • 5
1 2 3
41 42