A question about add_header replication
Maxim Dounin
mdounin at mdounin.ru
Mon Oct 5 19:55:57 MSD 2009
Hello!
On Mon, Oct 05, 2009 at 04:11:53PM +0800, bit bull wrote:
> hi,all:
>
> hello, I config "add_header Server xxxx;", then I get response header:
>
> < HTTP/1.1 200 OK
> < Server: nginx/0.8.17
> < Date: Mon, 05 Oct 2009 07:59:18 GMT
> < Content-Type: text/html
> < Content-Length: 151
> < Last-Modified: Mon, 05 Oct 2009 07:24:51 GMT
> < Connection: keep-alive
> < Server: xxxx
> < Accept-Ranges: bytes
>
> We can see Server field is printed twice. I need replace first one.
>
> So I read source code, found:
>
> 1.add_header is simple push to header_out array, keep
> headers_out.server == NULL.
> 2. "Server:nginx/0.8.17" field is setted at http_header_filter_module.c:457
> 3. a loop start at http_header_filter_module.c:568, it concat all
> header fields(include "Server xxxx").
> 4. Server field is replication.
>
> why not set headers_out.server at add_header? how to implement my need?
1. Directive add_header does not support arbitrary header rewriting.
2. No, you can't redefine Server header without patching code. It
isn't considered to be good thing to do, but for those who still
thinks that hiding head in sand is a good way to handle security
there is directive "server_tokens off;" which will hide version
string from Server header and standard error pages.
Maxim Dounin
More information about the nginx
mailing list