GDPR Proxy
Maxim Dounin
mdounin at mdounin.ru
Fri Nov 4 23:04:45 UTC 2022
Hello!
On Fri, Nov 04, 2022 at 04:01:22PM +0100, basti wrote:
> we have a website with some embedded content to YT. So the idea is to
> setup a GDPR Proxy.
>
> Setup:
>
> User Client -> example.com (embedded content media.example.com) -> YT
>
> So YT only can see the IP of media.example.com.
>
> What's about cookies?
> Can YT track the 'User Client'?
>
> Something like that should be enough, I think:
>
> location /media/(.*)$ {
> proxy_pass https://media.example.com;
> proxy_redirect off;
> proxy_cache off;
> proxy_hide_header X-Real-IP;
> proxy_hide_header X-Forwarded-For;
Note that proxy_hide_header hides _response_ headers, while
X-Real-IP and X-Forwarded-For only expected to appear in
_requests_*. To remove request headers, try proxy_set_header
instead, e.g.:
proxy_set_header X-Real-IP "";
proxy_set_header X-Forwareded-For "";
See http://nginx.org/r/proxy_set_header for details.
> }
>
> Did I miss something?
> Sometimes I see
> proxy_set_header Host $upstream_host;
>
> But I have not found any info what $upstream_host stands for.
There is no such builtin variable in nginx.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list