Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
7
votes
3 answers

Apache Custom Header with an environment variable

I try to set a custom HTTP Header with an environment variable** with Apache server 2.4.6 and headers_module. I work inside a HTTP VHost on port 80. Everything work as expected with basic example like: Header set MyHeader "%D %t" I have read the…
S. Di Cioccio
  • 111
  • 1
  • 1
  • 5
7
votes
1 answer

Is it permissible for an intermediate proxy to add cookies during proxy authentication?

I recently encountered a certain security appliance (BlueCoat) which requires that all connections to the internet must be proxied through it (hello there, man-in-the-middle) and accordingly uses a special SSL certificate to intercept all…
Patrick
  • 323
  • 3
  • 11
7
votes
1 answer

Declare nginx add_header globally relevant to all locations?

I have an nginx configuration which is made up of a number of locations. I want to add a directive add_header for each location, and I am checking a way how this could be done globally. Without modifying any location, but each location will inherit…
drowzee
  • 93
  • 1
  • 1
  • 3
7
votes
1 answer

Add haproxy X-Forwarded-Host request header

I have a Haproxy instance that rewrites Host headers to internal ones using http-request set-header. http-request set-header Host internal.example However, I'd still like backends to have access to the original Host header. I think X-Forwarded-Host…
steveh7
  • 163
  • 1
  • 2
  • 6
7
votes
2 answers

How can the x-frame-options HTTP header of ADFS 3 be manipulated?

By default, ADFS 3 responses contain the "X-Frame-Options: DENY" HTTP header. This prevents ADFS from being run in an iframe, because this presents an opportunity for clickjacking attacks. At the moment my company is however implementing an…
wkampmann
  • 71
  • 1
  • 5
7
votes
2 answers

Does Nginx `if_modified_since` only work on static resources?

I can't seem to find enough documentation. I have an app that generates some dynamic responses, but could still benefit from the Last-Modified header -- so I send it. However, turning on if_modified_since (set to before, per…
anonymous coward
  • 615
  • 3
  • 8
  • 15
7
votes
1 answer

How to avoid duplication of add_header directives in nginx?

The documentation says this: These directives are inherited from the previous level if and only if there are no add_header directives defined on the current level. My problem is that I have several location blocks that I want to cache, like this…
ChocoDeveloper
  • 422
  • 2
  • 5
  • 11
7
votes
1 answer

Nginx not processing proxy_hide_header and proxy_ignore_header directives

I have trouble trying to make Nginx ignore and hide some headers from a proxied server. I want Nginx to hide and ignore the "Cache-Control" and "Server" headers but it didn't work, I don't know why. My conf is as follows : location / { …
Dakser
  • 165
  • 2
  • 2
  • 7
7
votes
4 answers

What's wrong with this HTTP POST request?

I'm trying to fuzz a server using the Sulley fuzzing framework. I observe the following stream in Wireshark. The error talks about a problem with JSON parsing, however, when I try the same HTTP POST request using Google Chrome's Postman extension,…
bigboy
  • 101
  • 1
  • 1
  • 4
7
votes
2 answers

Force Nginx to send Content-Length header for static files with gzip?

We're running Nginx 0.7.65[-1ubuntu2.3]. I've just noticed that when serving local static files using an alias directive and gzip on, the Content-Length header is not getting sent. Since it's serving files from the local filesystem, it shouldn't…
David Eyk
  • 667
  • 1
  • 7
  • 17
7
votes
2 answers

How to set cache to never expire and minimize requests in Nginx?

I have a cache invalidation system in place, so I need to set the cache for css|js to never expire. I tried this location ~* \.(js|css)$ { # |png|jpg|jpeg|gif|ico expires max; #log_not_found off; # what's this for? } And this is what I see in…
ChocoDeveloper
  • 422
  • 2
  • 5
  • 11
7
votes
1 answer

Nginx : strip header on HTTP, add header on HTTPS

I'm configuring an Nginx server so as to serve as a reverse proxy to serve a Django app (run on Gunicorn). My problem is that I want my site secured with HTTPS, and so I want my Django app to be able to determine whether a connection is secure or…
Thomas Orozco
  • 171
  • 1
  • 1
  • 6
7
votes
1 answer

Force encoding with IIS 7

I try to force encoding with IIS 7. When I add in the http response headers the key : Content-Type and value charset=utf-8 i got this key content-type : text/html,content-type=utf-8 it's there a way to remove the comma ? Thanks Justin for your…
Cédric Boivin
  • 744
  • 4
  • 13
  • 31
6
votes
1 answer

Overwrite HTTP headers comming back from a web application server proxied in nginx

I have a web application server reverse-proxied behind nginx 1.15 like so: location / { proxy_pass https://some.awesome.IP:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } add_header…
cis
  • 247
  • 1
  • 2
  • 9
6
votes
1 answer

HTTP status code to signal bad or missing Host header

Is there an HTTP status code which is appropriate to use for clients which send a bad hostname (or none at all) through SNI or the HTTP Host header? An older question address how and why such requests happen in the first place as well as how you can…
kasperd
  • 30,455
  • 17
  • 76
  • 124
1 2 3
41 42