Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
6
votes
5 answers

Nginx reverse proxy pass through client certificate

I'm trying to set up a load balancer via an Nginx reverse proxy. My application uses client certificates to authenticate clients. I would like my reverse proxy to forward the client certificate to my back-end servers. I have added this line to my…
Hidde
  • 211
  • 1
  • 2
  • 6
6
votes
1 answer

Nginx location block add_header not working when try_files exists?

I have simple location used for server-generated caches: location /api/get-hloc { #add acccess-allow headers add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header…
Denis Matafonov
  • 225
  • 3
  • 6
6
votes
0 answers

How do I allow users to override X-Frame-Options when using Apache + PHP-FPM?

I have an Ubuntu 14.04 server running Apache + PHP-FPM + FastCGI, serving user home pages. For security, I have enabled in Apache's configuration: Header set X-Content-Type-Options: "nosniff" Header set X-Frame-Options: "sameorigin" Header set…
muru
  • 589
  • 8
  • 26
6
votes
1 answer

Nginx - Allow requests without a Host header

When Nginx receives a request that's missing the Host header, it rejects it with a 400 response. As it should. Is there any way around this? There is a piece of hardware that needs to be able to make REST calls to my Nginx web server, but this…
Chris.B
  • 411
  • 1
  • 4
  • 9
6
votes
2 answers

apache: Send request URI within HTTP header for static files

To fulfil the requirements of the PubSubHubbub 0.4 spec, I have to send a rel=self header for each file. I'm now trying to do that with Apache's mod_headers and environment variables: Header append Link ';…
cweiske
  • 791
  • 1
  • 13
  • 36
6
votes
2 answers

Apache HSTS exception for some virtual hosts

In the global config section for Apache 2.2.15, I have the following (per recommendation) Header add Strict-Transport-Security "max-age=15768000;includeSubDomains" env=HTTPS I would like to add this header only…
Gaia
  • 1,855
  • 5
  • 34
  • 60
6
votes
1 answer

How can I use SSL behind a load balancer and still get the client IP?

Note, I can't use SSL termination at the load balancer, due to network security related issues. The client IP I get is of course that of the load balancer. I know that the load balancer can't modify the HTTPS message without having my key, but is…
orokusaki
  • 2,763
  • 4
  • 32
  • 43
6
votes
2 answers

IIS sets http header Expires to -1, how do I override this with mod_expires

I'm using an IIS website with a Apache HTTP reverse proxy (mod_proxy with ProxyRequests Off). I want to control the expires headers in apache (don't ask), but IIS is setting the header Expires: -1. This causes mod_expires to ignore the request since…
Jaap
  • 367
  • 3
  • 16
6
votes
1 answer

Adding and using header (HTTP) in nginx

I am using two system (both are nginx load balancer and one act as an backup). I want to add and use few http custom headers. Please give your suggestion e.g upstream upstream0{ #list of upstream servers server…
mohan
  • 173
  • 1
  • 1
  • 5
6
votes
4 answers

Static file with HTTP headers?

Is it possible to save a static html file with built in http headers ? So that putting it on any server will work including the http headers? If so how?
Niro
  • 1,401
  • 4
  • 20
  • 36
6
votes
4 answers

How to check for the existence of a response header in Nginx rules?

Setting up the rewriting rules for the request proved to be quite easy in Nginx. For the response, not so much (at least, not for me). I want to strip the Content-Type header from the response if the Content-Length header of the response isn't set.…
Victor Welling
  • 163
  • 1
  • 1
  • 5
6
votes
2 answers

Header set Access-Control-Allow-Origin not working with mod_rewrite + mod_jk

My first question on here on SF so please forgive me if I manage to bork the post. :) Anyways, I'm using mod_rewrite on one of my machines with a simple rule that redirects to a webapp on another machine. I'm also setting the header…
tharant
  • 61
  • 1
  • 1
  • 4
6
votes
3 answers

Incorrect gzipping of http requests, can't find who's doing it

We're seeing some very strange mangling of HTTP responses, and we can't figure out what is doing it. We have an app server handling JSON requests. Occasionally, the response is returned gzipped, but with incorrect headers that prevent the browser…
Ned Batchelder
  • 163
  • 1
  • 5
5
votes
2 answers

HSTS in Nginx: should the Strict-Transport-Security header be added in subdomain server blocks too?

Let's take the following nginx.conf configuration file with server blocks for example.com and subdomain.example.com: http { ... server { listen [::]:80 ipv6only=off default_server; server_name example.com; return 301…
Will
  • 229
  • 3
  • 7
5
votes
2 answers

nginx: multiple matching location blocks

I try to set max-age header directive and Content-Disposition "attachment" as follows: location / { # set up max-age header directive for certain file types for proper caching location ~*…
user1876484
  • 155
  • 1
  • 1
  • 5
1 2 3
41 42