Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-headers]

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

HTTP header fields are components of the message header of requests and responses in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

Refer to RFC 2616

624 questions
4
votes
2 answers

How can the HSTS header be added to WebLogic?

Is there an implementation for using the Strict-Transport-Security header to WebLogic? I figure it would be using something in web.xml under I know how to do this for an Apache based server, but I am unsure on adding it in for…
Vnge
  • 195
  • 3
  • 12
4
votes
1 answer

What is the meaning of an IIS http status code 404.503?

Microsoft lists the IIS http status codes including the substatus codes here. In the 404 section there are substatus codes between 0 and 20, but in my logs I get a 503 as sc-substatus I can't find any information about it. Don't confuse this with…
Peter Hahndorf
  • 14,058
  • 3
  • 41
  • 58
4
votes
2 answers

Redirect depending on preferred language (Accept-Language) with .htaccess

When users request /, I want to redirect them to /en or /de, depending on their preference specified in the HTTP request header Accept-Language. I guess this is easy with server-side scripting, but I need a .htaccess solution as it has to work for a…
unor
  • 246
  • 2
  • 19
4
votes
2 answers

Nginx silently dropping header lines that exceed 1128 bytes

I have Nginx set up as a reverse proxy to a uWSGI application (a Django app). Due to the nature of the content that the Django app is hosting, sometimes the URLs get long. Really long. Because of this, the Referer HTTP header can also sometimes get…
Nathan Osman
  • 2,725
  • 7
  • 32
  • 46
4
votes
4 answers

Sending machine hostname as a header in Apache

I have a group of linux apache 1.3 servers behind a load balancer, and I want to be able to, at a glance, determine which server I'm hitting. The load balancer is severely limited in its monitoring capabilities, so what I'd like to do is configure…
EvanK
  • 247
  • 3
  • 7
  • 13
4
votes
2 answers

Remove "X-Page-Speed" version from headers in ngx_pagespeed

I have compiled ngx_pagespeed, but forgot to remove the version number. Is there any way to overwrite/delete/hide them? Apache has feature to 'unset' them, but I couldn't find anything similar for nginx. Perhaps I do not know how to use headers…
Dzh
  • 205
  • 2
  • 7
4
votes
2 answers

File Specific cache http header for IIS 6

Is there a way to set cache related header for a specific file type in II6? We want to turn off cache on all our *.js and *.css file here, but IIS6 is forcing us to do a all or nothing approach.
c24chan
4
votes
3 answers

HTTP/1.1 Status Codes 400 and 417, cannot choose which

I've got a processing file which handles the user sent data, before that, however, it compares the input from client to the expected values to ensure no client-side data change. I can say I don't know lot about HTTP status codes, but I have made up…
ASertacAkkaya
  • 143
  • 1
  • 1
  • 4
4
votes
1 answer

Apache reverse proxy not preserving headers

Does anyone know if there is something strange going on? It seems that my reverse proxy setup, doesn't preserve the correct caching headers from the original virtualhost. Let me explain... I am currently using PHP Slim to create an API for my web…
crawf
  • 149
  • 1
  • 3
4
votes
2 answers

In Nginx, block user based on X header value

I have 6 Nginx servers behind load balancer. Of course, if I just try to "deny" based on IP address it does not work as the app servers just see the load balancer IP. However, I learned about the Real IP module and I have that enabled in the…
messick
  • 205
  • 2
  • 7
4
votes
1 answer

Hide/Replace Nginx Location Header?

I am trying to pass a PCI compliance test, and I'm getting a single "high risk vulnerability". The problem is described as: Information on the machine which a web server is located is sometimes included in the header of a web page. Under certain…
Steven Ou
  • 151
  • 1
  • 2
4
votes
2 answers

Obfuscating the server field of an HTTP response header

I'm new to administering a server, and I'm wondering if there is any value in obfuscating the server field for HTTP response headers I'm sending out. Would this prevent hackers from determining which webserver I'm using, and therefore make it more…
Anony372
  • 143
  • 4
4
votes
1 answer

Applying header range fix to apache 2.0.59 issue CVE-2011-3192

I've been trying to apply the suggested fix to apache for CVE-2011-3192 which was to add to httpd.conf # Drop the Range header when more than 5 ranges. # CVE-2011-3192 SetEnvIf Range (,.*?){5,} bad-range=1 RequestHeader unset Range…
M Bishop
  • 43
  • 3
4
votes
1 answer

Apache - disable range requests - disadvantages?

As there is a working exploit against Apache's byte range implementation (CVE-2011-3192, see here), I'd like to disable it until official patches are shipped with my distros (Debian, Ubuntu). The sites are all "normal" websites without big…
maff
  • 311
  • 1
  • 4
  • 14
4
votes
3 answers

Is it possible to route requests to different applications via Content-Type?

I'm designing a JSON API, and I'd like to version the API using content negotiation of some kind. I'm currently planning on using Vendor MIME Types to do this. While I can definitely do this at the application level, I'm thinking it would be best to…
Adam Lassek
  • 492
  • 1
  • 9
  • 18
1 2 3
41 42