How to remove a response header in nginx after having stored its value in case of proxy_pass

Question

Fundamentally, I am having troubles to find out a way to remove a response header in nginx in case of proxy_pass after having stored it in a variable. proxy_hide_header doesn't let me store the value.

In other words:

I am trying to get access to a custom response header, save it into a variable, and get rid of it so that it will not be propagated to the client. That variable is then used in the access logs. Unfortunately, the following doesn't seem to work:

http {

log_format main '$remote_addr $http_host $destination_addr [$time_local]   
"$request" $status';
access_log /opt/logs/access.log main;

server { 
 listen 142.133.151.129:8090 default; 

 ##This is my internal variable for the response header field 
 set $destination_addr "-"; 

 location / { 
   proxy_pass http://my_upstream_server; 

   #store the response header field
   set $destination_addr $sent_http_x_destination; 

   #now get rid of this response header field
   set $sent_http_x_destination ""; 
  }   
 }
}

I am getting empty values for $sent_http_x_destination.

Here is the curl request and response:

# curl -Ov http://142.133.151.129:8090/ao3/vod/soccer/worldcup2014/final1

< HTTP/1.1 206 Partial Content
< Server: openresty/1.9.3.1
< Date: Tue, 16 Feb 2016 22:25:32 GMT
< Content-Type: application/octet-stream
< Content-Length: 99990100
< Connection: keep-alive
< X-Destination: 142.133.151.94 

Does anyone know how to remove "X-Destination" after having it stored and used for access log? I am getting "$destination_addr" with empty value.

Thanks

Answer 1

one could use proxy_hide_header to remove header returned to NGINX from the proxy, see ngx_http_proxy_module docs
$upstream_http_x_destination can be used for logging, see ngx_http_upstream_module docs

rewrite of your config would look like this:

http {
  log_format main '$remote_addr $http_host $upstream_http_x_destination '
                  '[$time_local] "$request" $status';
  access_log /opt/logs/access.log main;
  server { 
    listen 142.133.151.129:8090 default; 
    location / {
      proxy_hide_header x_destination;
      proxy_pass http://my_upstream_server; 
    }   
  }
}

Answer 2

I'm not completely sure about this, but I think that as long as you rely on that header for the logs, it needs to be set as a header... else, the logs won't be able to use it.

Having said that, you can try proxy_hide_header and see if it works.

Answer 3

The only way I can see is to create a lua script that will re-implement the proxy pass using http-resty, saves the header in an nginx variable and removes it right before returning. The saved nginx variable will then be used for access logs. This is my answer. I was hoping that nginx offers a simpler way to do that.

Please let me know your comments on this answer. Thanks for all your inputs on this topic!