avoiding disk cache on proxy ?

Igor Sysoev is at rambler-co.ru
Tue Jan 16 23:58:23 MSK 2007


On Tue, 16 Jan 2007, Jonathan Vanasco wrote:

>
> On Jan 16, 2007, at 3:17 PM, Igor Sysoev wrote:
>
>> Of course, a client "X-Forwarded-For" is not reliable,
>> but you may log the header for some reason.
>> 
>> I usually pass a client address in "X-Real-IP" header and
>> the "X-Forwarded-For" header is passed as is.
>
> in the past, I've done this:
>
> 	Proxy in:
> 		strip all x-* headers
> 		insert x-forwarded-for / x-real-ip info
> 		insert x-internal-passkey , which is just a simple string 
> that is known only to proxy and backend apps.  this gives a little more 
> assurance to the backend app that the request came through the expected proxy 
> server
> 	Proxy out:
> 		strip all x-* headers
>
> would that be difficult to do in nginx ?

nginx does not allow wildcards in proxy_set_header and in proxy_hide_header,
you may set only exact names: for perfomance reason it uses the hashes
to look up header names. Thus you may only

in:
         proxy_set_header  x-internal-passkey  value;

out:
         proxy_hide_header  x-internal-header;


Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list