Hide a request cookie in proxy_pass
AntoUX
nginx-forum at forum.nginx.org
Wed Nov 29 16:49:06 UTC 2017
Hello,
I've found strange behaviour with this rewrite method.
When :
- there are space (%20) in the URI
And
- a cookie match regexp (and is removed)
Nginx replace ";" and " " in Cookie header with %3B%20
For example:
I want to remove "Testy" cookie.
Here is nginx sample config :
server {
set $new_cookie $http_cookie;
if ($http_cookie ~ "(.*)(?:^|;)\s*Testy=[^;]+(.*)") {
set $new_cookie $1$2;
}
if ($new_cookie ~ "^[;]+(.*)") {
set $new_cookie $1;
}
proxy_set_header Cookie $new_cookie;
proxy_pass http://www.com_backend;
}
upstream www.com_backend {
server localhost:9020;
keepalive 30;
}
With this request :
GET /api/TEST%20TEST HTTP/1.1
Cookie: country_code=FR; session=IntcI; lastvisitfor=IjIwMT%3D;
Testy=uid%08474524469%26fst%3D15118; teaser=eyJ0eXBl2; popin=eyJib3R0
Nginx remove correctly Testy cookie but forward this cookie header to
backend:
Cookie:
country_code=FR%3B%20session=IntcI%3B%20lastvisitfor=IjIwMT%3D%3B%20teaser=eyJ0eXBl2%3B%20popin=eyJib3R0
Due to the fact there are no "; " anymore, backend consider there is only
one big cookie : "country_code".
nginx version: nginx/1.12.1
OS : CentOS 6.9
Any ideas on how to fix it ?
Thanks.
Anto
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,252944,277574#msg-277574
More information about the nginx
mailing list