Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
0
votes
0 answers

How to get nginx to strip cookies except for an allow list?

I'm trying to host sites that use things like WordPress, using nginx as a reverse proxy for PHP-FPM. Often these systems will set all kinds of annoying cookies that are unnecessary and/or the site does not have permission to set. So I'm looking to…
Synchro
  • 3,148
  • 6
  • 27
  • 38
0
votes
0 answers

How can we capture the REQUEST_URI into an Apache variable and after third party SSO authentication?

How can we capture the REQUEST_URI into an Apache variable and after third party SSO authentication? We have a third party SSO authentication in place, which is working fine. After successful authentication, the third-party tool redirects to our…
Rose Wood
  • 1
  • 1
0
votes
1 answer

Sending cache headers only for a single request [or for a request following a certain path string]

I have the proxy pass in nginx config defined as follows: location / { proxy_pass http://localhost:3001; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header…
Amanda
  • 125
  • 1
  • 6
0
votes
0 answers

Are requests with no headers a sign of hacking?

I run a NodeJS web application with packages up to date and secured with a strong password and RSA for ssh. The application runs on two domains. I check the request headers to get the domain and found some weird requests that had no…
miguelmorin
  • 249
  • 1
  • 5
  • 13
0
votes
1 answer

NGINX: How to allow full access if a certain HTTP header is set, else trigger HTTP Basic Authentication

As the question implies I want to allow full access to my website if the X-Auth HTTP header is set and contains a specific string. If this is not the case, HTTP basic authentication should be triggered. Something like this: if ($http_x_auth =…
manifestor
  • 6,079
  • 7
  • 27
  • 39
0
votes
1 answer

HAProxy 1.5 - Show Server Name or IP Address in response while behind DNS

Basically exactly what the title is. I have haproxy fronting a server, and infront of that a DNS to provide a human readable name. I would like to setup haproxy to include either the responding server name or IP address in the response. …
SVill
  • 77
  • 3
  • 13
0
votes
0 answers

(Reverse Proxy) Apache REMOTE_ADDR Returns (null)

I have a server that sits behind a reverse proxy that require client IP address, and to achieve that I'm trying with the lines below to add X-Forwarded-For in the request header, RequestHeader set "X-Forwarded-For" %{REMOTE_ADDR}e However, the…
Zia
  • 3
  • 3
0
votes
0 answers

Feature-Policy fullscreen not working as expected

I have NGINX running as a reverse proxy and set the Feature-Policy header with fullscreen to "self". The site itself contains the HTML5 video player, but unless I set fullscreen to "*" the fullscreen button on the video player is disabled. What…
Sven Cazier
  • 101
  • 2
0
votes
1 answer

Why does Firefox still make connections to server although the HTTP resources are shown as "cached"?

I am confused by the way Firefox shows loaded resources as cached but then I can see the browser issues new DNS query for the domain name and contact the HTTP server again. Below is a simple example of this behavior. I visited https://example.com…
23r23f23q
  • 123
  • 6
0
votes
0 answers

Modify Cache-Control header based on condition over other header in Nginx

In a Nginx working as a proxy, I need to set the "Cache-Control" header on a response based on the size defined on their "content-length". For example, if the response have "150" or less, "Cache-Control" must be "max-age=60", if not,…
rfmoz
  • 772
  • 9
  • 15
0
votes
1 answer

nginx is not redirecting 302 redirect response to https

Hi I have nginx setup to redirect all port 80 requests to use https instead: server { listen 80; ... return 301 https://$host$request_uri; } Then I have all https requests route to my application server server { listen 443 ssl; …
user1589188
  • 103
  • 1
  • 4
0
votes
2 answers

Nginx return changes http response header content type from application/pdf to text/html

I want to redirect from this url: localhost:80/files/1.pdf to this url: localhost:80/viewer.html?pdf=/files/1.pdf I am using nginx return to do that: location ~* /files/(.+\.pdf)$ { return…
Yhprums
  • 103
  • 3
0
votes
1 answer

Alter Nginx reverse proxy cache header from Public to Private

I have an Nginx cache server getting content from an origin server, the origin server sets Cache-Control to Public so my Nginx cache server can cache the content and make less requests to origin. But when serving to users, I don't want it to send…
adrianTNT
  • 1,077
  • 6
  • 22
  • 43
-1
votes
1 answer

I can see HTTP/2 headers with curl. But, if this protocol works with frames and binary numbers: shouldn't these headers be "invisible"?

HTTP/2 has several differences with respect to HTTP/1.1. One of them is the use of frames, binary numbers and compression to optimize the headers. However, when I use "curl -v --http2" against a domain that supports HTTP/2, I can see response…
john smith
  • 51
  • 3
-1
votes
1 answer

The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF

I've tested my website with mxtoolbox.com and got this message: Result: The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF I've googled around but I've only found Microsoft related answers that…
Paxxil
  • 181
  • 1
  • 10
1 2 3
41
42