[英]Is there a way to remove apaches Reverse Proxy Request Headers?
When acting as a reverse proxy, apache adds x-forwarded headers as described here. 当充当反向代理时,apache会添加x-forwarded标头,如此处所述。
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
In my configuration I have configured server A as a forward proxy. 在我的配置中,我已将服务器A配置为转发代理。 There is a rule like this:
有一个这样的规则:
RewriteRule proxy:(.*example.com)/(.*) $1.mysecondserver.com/$2 [P]
This rule lets the server request the resource from one of my other servers. 此规则允许服务器从我的其他服务器请求资源。
On the second server (origin) I have a virtual host container for the resource and another rewrite rule like this: 在第二个服务器(原始)上,我有一个资源的虚拟主机容器和另一个重写规则,如下所示:
RewriteRule some-regex some-url [P]
It may not seem to make sense like this but there is a lot of other stuff going on that I left out as it is not part of the problem. 它似乎没有这样的意义,但是我遗漏了许多其他的东西,因为它不是问题的一部分。
However that final request has these headers: 但是,最终请求具有以下标头:
[X-Forwarded-For] => ip of 1st server
[X-Forwarded-Host] => example.myseconserver.com
[X-Forwarded-Server] => example.com
I want those headers gone. 我想要那些标题消失了。
I seem to be unable to unset them with mod_headers. 我似乎无法用mod_headers取消它们。 I can add more entries to them, but I can not remove them.
我可以添加更多条目,但我无法删除它们。
Any ideas? 有任何想法吗?
corrected answer: there is no way to do that since its hardcoded 纠正的答案:自硬编码以来没有办法做到这一点
to fix this in the source code of mod_proxy_http.c search for the following part: 要在mod_proxy_http.c的源代码中修复此问题,请搜索以下部分:
apr_table_mergen(r->headers_in, "X-Forwarded-Server",
r->server->server_hostname);
}
and immediately after that add this code: 然后立即添加此代码:
// remove any X-Forwarded headers
apr_table_unset(r->headers_in, "X-Forwarded-For");
apr_table_unset(r->headers_in, "X-Forwarded-Host");
apr_table_unset(r->headers_in, "X-Forwarded-Server");
then compile by running apxs2 -cia mod_proxy_http.c
然后通过运行
apxs2 -cia mod_proxy_http.c
进行编译
Since Apache 2, as this pretty answer says, the 自Apache 2以来,正如这个漂亮的答案所说的那样
ProxyAddHeaders Off
theoretically disables it. 理论上禁用它。 In my experiences, it had no effect.
根据我的经验,它没有任何效果。 However, combined with
但是,加上
<Proxy *>
ProxyAddHeaders Off
</Proxy>
and, with 与
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Server
somewhere it started to work. 它开始工作的某个地方。
I had the same problem on httpd 2.2 on CentOS 5. Installing httpd 2.4 wasn't possible. 我在CentOS 5上的httpd 2.2上遇到了同样的问题。安装httpd 2.4是不可能的。 But because of some reasons I couldn't switch to nginx completly.
但由于某些原因,我无法完全切换到nginx。 So I did it by inserting nginx proxy between httpd and the destination address.
所以我通过在httpd和目标地址之间插入nginx代理来实现它。 So I had: httpd(
localhost:80/path
) -> nginx( localhost:81/path
) -> http://your.destination/path
. 所以我有:httpd(
localhost:80/path
) - > nginx( localhost:81/path
) - > http://your.destination/path
。 Installation steps are the following: 安装步骤如下:
Add an location in nginx that will remove those httpd's reverse proxy request headers. 在nginx中添加一个位置,删除那些httpd的反向代理请求标头。 It can look like this:
它看起来像这样:
location /path { proxy_set_header x-forwarded-for ""; proxy_set_header x-forwarded-host ""; proxy_set_header x-forwarded-server ""; proxy_pass http://your.destination/path; }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.