Maxim Dounin mdounin at
Mon Apr 6 22:22:45 MSD 2009


On Mon, Apr 06, 2009 at 09:40:12AM -0700, Michael Shadle wrote:

> 2009/4/6 Igor Sysoev <is at>:
> >    *) Bugfix: now nginx takes into account the "X-Accel-Expires",
> >       "Expires", and "Cache-Control" header lines in a backend response.
> It wasn't doing this before?

It should be read 'now proxy cache takes into account...'.  This 
change is about proxy_cache, not about stripping headers.

> I had code like this (PHP) - was the Cache-Control being ignored? (I
> think all headers should be allowed to pass arbitrarily on
> X-Accel-Redirect ... no reason to block headers anytime anything is
> being proxied unless it conflicts with the actual proxying process -
> people will eventually request them anyway :))
> header('Cache-Control: no-cache, no-store');
> header('Content-Type: application/octet-stream');
> header('Content-Transfer-Encoding: binary');
> header('Content-Length: ' . filesize($f_location));

NOTE: passing Content-Length which doesn't match actual message 
length is really bad idea.  This works now as nginx doesn't use 
persistent connections to backends, but likely break things as 
soon as persistent connections support will be introduced.  And it's 
not needed anyway (nginx will use actual file length instead).

> header('Content-Disposition: attachment; filename="'.basename($file_name).'"');
> header('X-Accel-Redirect: /foo/protected/' . basename($file_name));
> Do I need to change something in this so it works (I'll upgrade to 0.7.50 also)

X-Accel-Redirect takes the following headers from original 

Content-Type, Set-Cookie, Content-Disposition, Cache-Control, 
Expires, Accept-Ranges

If you want to pass something else, you may use something like 

    location /foo/protected/ {
        add_header  P3P  $upstream_http_p3p;

Maxim Dounin

More information about the nginx mailing list