header handling
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 17 11:31:53 UTC 2015
Hello!
On Sat, Aug 15, 2015 at 12:15:47AM -0700, Frank Liu wrote:
> I made the below patch and can now use $upstream_http_x_header for
> logformat to capture the header X.header in the access log. Does anybody
> see any issues with the patch?
>
> --- src/http/ngx_http_variables.c.orig 2015-08-15 02:19:31.635328112 +0000
>
> +++ src/http/ngx_http_variables.c 2015-08-15 02:19:42.051541422 +0000
>
> @@ -897,6 +897,8 @@
>
>
>
> } else if (ch == '-') {
>
> ch = '_';
>
> + } else if (ch == '.') {
>
> + ch = '_';
>
> }
Such approach will likely result in security problems, as
"X.header" and "X-header" would be indistinguishable from nginx
point of view.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list