Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
9
votes
2 answers

Impact of Connection Close vs Keep-alive

I'm configuring our servers, and due to the nature of our load balancer, we can't send connection keep-alive headers. I'm trying to determine the impact of sending these headers to both the end-user and the server. Will either one notice anything?
Willemk
  • 117
  • 1
  • 2
  • 6
9
votes
11 answers

.htaccess doesn't redirect to www-prefixed page properly

I'm trying to redirect an url without www. to www.version (example.com to www.example.com). I use the usual RewriteCond %{HTTP_HOST} ^example\.com [nc] RewriteRule (.*) http://www.example.com/$1 [R=301,L] This works on all my other projects.…
cypher
  • 91
  • 4
9
votes
2 answers

get the authenticated user under apache

Using Apache 2.2 on Windows with mod_auth_sspi and mod_headers. I'm trying to pass the current authenticated user through to the proxy target in the X-Remote-User header. I expect that this is simple, but I've been wrangling Apache for an hour now…
brofield
  • 260
  • 1
  • 3
  • 12
9
votes
2 answers

How to send Content-Disposition headers in apache for files?

I have a directory of text files that I'm serving out with apache 2. Normally when I (or any user) access the files they see them in their browser. I want to 'force'* the web browser to pop up a 'Save as' dialog box. I know this is possible to do…
Amandasaurus
  • 31,471
  • 65
  • 192
  • 253
8
votes
3 answers

Does it makes sense from a security perspective to remove the Server HTTP header?

I'm using Varnish and I'm not quite sure if I should also remove the Server: nginx HTTP header. Why do someone needs to know that I'm using NGINX? Is it ok to remove this HTTP header from the response or is it needed somewhere? From a security…
manifestor
  • 6,079
  • 7
  • 27
  • 39
8
votes
2 answers

If I send a HTTP GET request do I receive the response in GET?

This is probably a very basic question so pardon my ignorance Which method does the server use to respond to the requests it gets? I am making a web app and there's a certain route which returns a big (say .iso image) file. So when user clicks on a…
RinkyPinku
  • 192
  • 1
  • 1
  • 7
8
votes
4 answers

Is it possible to serve specific pages based on IP address?

I've been the target of a brute force attack on two WordPress sites I own. The attacker is using the good old XML-RPC thing to amplify brute-force password attacking. Luckily we have extremely well-generated passwords, so I highly doubt he'll ever…
Aurelius
  • 343
  • 2
  • 15
8
votes
2 answers

The Content-Length header does not exist

I have nginx server installed on Linux. When I send a request with curl, the Content-Length header is missing from the response. The 1.php file is: The example request is: curl api.mysite.com/taxi/1.php -i HTTP/1.1 200…
user3393523
  • 91
  • 1
  • 1
  • 4
8
votes
1 answer

Nginx $http_x_forwarded_for not always being set

I've noticed in our access logs that sometimes, the $http_x_forwarded_for variable has not been set, and instead, the correct IP is the one set to $remote_addr. Is it possible to set $http_x_forwarded_for as $remote_addr, when it doesn't otherwise…
SteveEdson
  • 1,539
  • 3
  • 12
  • 23
8
votes
3 answers

IIS 7 returns HTTP 200 on custom 404 error page

I have successfully set up custom static error pages for IIS7. IIS7 is currently working as a gateway to a Java tomcat application. The issue is that when the 404 error page is served it is served with a HTTP 200 status code header. I would like a…
Ben Doerr
  • 231
  • 1
  • 2
  • 6
8
votes
1 answer

Using curl to make a HEAD request with a hard timeout

I'd like to use curl to send a HTTP HEAD request to a URL to verify that it is working correctly (server is up and sends a successful response). At the end, I need the final HTTP response code returned and URL (after following any redirects).…
jrdioko
  • 567
  • 5
  • 9
  • 18
8
votes
3 answers

How do I alter the Last-Modified header on nginx?

My server returns the following headers: Cache-Control:no-cache Connection:keep-alive Date:Thu, 07 Jul 2011 10:41:57 GMT Expires:Thu, 01 Jan 1970 00:00:01 GMT Last-Modified:Thu, 07 Jul 2011 08:06:32 GMT Server:nginx/0.8.46` I want the content I'm…
evilpenguin
  • 781
  • 3
  • 9
  • 16
8
votes
1 answer

Haproxy load balancing with HTTP Headers

We're using HAProxy to load balance our websocket and comet application. There is one HAProxy and 3 applications running in the back. We use HTTP Basic Auth (and we will use other types of auth in the future, like OAuth) to identify the connected…
Julien Genestoux
  • 609
  • 8
  • 19
8
votes
2 answers

Set Apache HTTP header except for specified URL

I'm using Apache 2.2 and want to set the X-Frame-Options header to "deny" across most of the site. I can turn it on unconditionally using mod_headers. However, there is one CGI scripts that returns content that has to be framed, so I need to turn…
user9876
  • 187
  • 1
  • 1
  • 8
7
votes
1 answer

How to dynamically set HTTP Header in Apache 2.2?

Seems like this should be easy, but I cannot figure out the syntax. In Apache, I want to use the value of an existing request header to set a new request header. Some simple non-working code that illustrates what I'd like to do: RequestHeader set…
Michael
1 2 3
41 42