nginx proxy_hide_header when used in multiple contextes

Posted . Visible to the public.

You can use proxy_hide_header in different contextes:

Syntax:	proxy_hide_header field;
Default:	 —
Context:	http, server, location

(from http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header)

But if you use it in multiple contexes only the "lowest" occurrences are used.

So if you specify it in the server and location context (even if you hide different header) only the proxy_hide_header in the location block are used.

Example:

server {
[...]
  proxy_hide_header X-Example;
[...]
  location / {
    proxy_hide_header X-Foobar;
  [...]
  }
}

then if you access something:

curl -I https://example.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Dec 2015 20:26:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Example: foobar

You still get the X-Example because you used proxy_hide_header also in the location context. If you also want to hide X-Example you have to repeat it in the location:

server {
[...]
  proxy_hide_header X-Example;
[...]
  location / {
    proxy_hide_header X-Foobar;
    proxy_hide_header X-Example;
  [...]
  }
}
nginx.org
Kim Klotz
makandra.com
Say thanks
Last edit
Kim Klotz
License
Source code in this card is licensed under the MIT License.
Posted by Kim Klotz to makandra dev (2015-12-09 20:12)
This website uses short-lived cookies to improve usability.
or learn more