CODEWITHSUNDEEP
nginx
Umut Benzer
Umut Benzer

Reputation: 3526

Nginx and raw headers

I am developing a web api using Play Framework. I use nginx as the reverse proxy. Since the api will be used by embedded systems, the returning informantion should be as light as possible.

Play Framework in production mode returns excatly this: (RAW HTTP is taken from Fiddler)

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache
Content-Length: 14

aTqYu1mxQPy|10

However, when I placed nginx between user and api, the response turns into this:

HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Sun, 05 Aug 2012 15:08:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 14
Connection: close
Cache-Control: no-cache

aTqYu1mxQPy|10

I don't need Server, Date, Connection headers at all. They are added automatically by nginx. (or it is because I messed up nginx configuration of mine on my previous experiments)

Is there anyway to tell ngnix not to tell any of headers and pass them untouched?

Upvotes: 3

Views: 6118

Answers (2)

hacknull
hacknull

Reputation: 415

Here is a patch for nginx sources to delete the "Connection" header: http://mailman.nginx.org/pipermail/nginx-devel/2017-February/009440.html

diff -r d2b2ff157da5 -r 25129d5509b8 src/http/ngx_http_header_filter_module.c
--- a/src/http/ngx_http_header_filter_module.c  Tue Jan 31 21:19:58 2017 +0300
+++ b/src/http/ngx_http_header_filter_module.c  Thu Feb 02 02:14:06 2017 +0800
@@ -389,7 +389,9 @@
         }

     } else {
-        len += sizeof("Connection: close" CRLF) - 1;
+        if (clcf->keepalive_header != 0) {
+            len += sizeof("Connection: close" CRLF) - 1;
+        }
     }

 #if (NGX_HTTP_GZIP)
@@ -560,8 +562,10 @@
         }

     } else {
-        b->last = ngx_cpymem(b->last, "Connection: close" CRLF,
-                             sizeof("Connection: close" CRLF) - 1);
+        if (clcf->keepalive_header != 0){
+             b->last = ngx_cpymem(b->last, "Connection: close" CRLF,
+                                  sizeof("Connection: close" CRLF) - 1);
+        }
     }

 #if (NGX_HTTP_GZIP)

Here is the module for nginx to delete other headers: https://github.com/openresty/headers-more-nginx-module

keepalive_timeout 0;
keepalive_requests 0;

chunked_transfer_encoding off;

more_clear_headers 'Cache-Control';
more_clear_headers 'Content-Type';
more_clear_headers 'Date';
more_clear_headers 'Expires';
more_clear_headers 'Server';
more_clear_headers 'X-Debug-Token';
more_clear_headers 'X-Debug-Token-Link';
more_clear_headers 'X-Powered-By';
more_clear_headers 'X-Robots-Tag';

Upvotes: 0

CyberDem0n
CyberDem0n

Reputation: 15056

You can modify(and remove) any headers by using third-party module for nginx, https://github.com/agentzh/headers-more-nginx-module
But according to RFC 2616, in HTTP protocol you can remove only Server header.
Connection: close - used for closing persistent (HTTP/1.1) connection.
Date header must be presented in HTTP/1.1, in all requests, except in these cases:

  1. If the response status code is 100 (Continue) or 101 (Switching
     Protocols), the response MAY include a Date header field, at
     the server's option.

  2. If the response status code conveys a server error, e.g. 500
     (Internal Server Error) or 503 (Service Unavailable), and it is
     inconvenient or impossible to generate a valid Date.

  3. If the server does not have a clock that can provide a
     reasonable approximation of the current time, its responses
     MUST NOT include a Date header field

As far as i know, nginx strictly following to RFC.

Upvotes: 3

Related Questions