Reputation: 29874
Is there a way to remove apaches Reverse Proxy Request Headers?
When acting as a reverse proxy, apache adds x-forwarded headers as described here.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
In my configuration I have configured server A as a forward proxy. There is a rule like this:
RewriteRule proxy:(.*example.com)/(.*) $1.mysecondserver.com/$2 [P]
This rule lets the server request the resource from one of my other servers.
On the second server (origin) I have a virtual host container for the resource and another rewrite rule like this:
RewriteRule some-regex some-url [P]
It may not seem to make sense like this but there is a lot of other stuff going on that I left out as it is not part of the problem.
However that final request has these headers:
[X-Forwarded-For] => ip of 1st server
[X-Forwarded-Host] => example.myseconserver.com
[X-Forwarded-Server] => example.com
I want those headers gone.
I seem to be unable to unset them with mod_headers. I can add more entries to them, but I can not remove them.
Any ideas?
Upvotes: 15
Views: 23782
Answers (3)
Reputation: 1
Since Apache 2, as this pretty answer says, the
ProxyAddHeaders Off
theoretically disables it. In my experiences, it had no effect. However, combined with
<Proxy *>
ProxyAddHeaders Off
</Proxy>
and, with
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Server
somewhere it started to work.
Upvotes: 4
Reputation: 799
I had the same problem on httpd 2.2 on CentOS 5. Installing httpd 2.4 wasn't possible. But because of some reasons I couldn't switch to nginx completly. So I did it by inserting nginx proxy between httpd and the destination address. So I had: httpd(localhost:80/path) -> nginx(localhost:81/path) -> http://your.destination/path. Installation steps are the following:
- Install nginx according to these instructions
- Configure nginx to avoid security problems.
Add an location in nginx that will remove those httpd's reverse proxy request headers. It can look like this:
location /path { proxy_set_header x-forwarded-for ""; proxy_set_header x-forwarded-host ""; proxy_set_header x-forwarded-server ""; proxy_pass http://your.destination/path; }
Upvotes: 1
Reputation: 29874
corrected answer: there is no way to do that since its hardcoded
to fix this in the source code of mod_proxy_http.c search for the following part:
apr_table_mergen(r->headers_in, "X-Forwarded-Server",
r->server->server_hostname);
}
and immediately after that add this code:
// remove any X-Forwarded headers
apr_table_unset(r->headers_in, "X-Forwarded-For");
apr_table_unset(r->headers_in, "X-Forwarded-Host");
apr_table_unset(r->headers_in, "X-Forwarded-Server");
then compile by running apxs2 -cia mod_proxy_http.c
Upvotes: 2
Related Questions
- Remove "Server: Apache" from response headers
- Changing request header before forward proxy in Apache
- How to rewrite Location response header in a proxy setup with Apache?
- How to remove apache information completely from response headers
- How to debug request headers?
- Apache2 reverse proxy strips my custom header
- Apache 2.4.25 some headers being stripped in proxied request
- Removing duplicate headers from HTTP requests
- Removing http headers in Apache2
- Apache, include correct "Server" header when proxying