Hi in my rails application I am using nginx/1.0.6 , Phusion Passenger to host my rails application. But for the security issue I want to stop the display of headers on public network. Now when I run the following curl command. `
curl -I http://domain.name
it give me the following trace:
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.9
ETag: "b7da2b7b2fa6349"
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 1.193656
Set-Cookie: demand_session=BAh7ByIQX2NzcmZfdG9rZW4iMUVMREdHRDJGcHhnVzhWNTNsRGhGSWRyNmRQbWZZSnpyZGcwbFYx3D%3D--eb470df0951aac0e6612861ef30ed7a699d073a0; path=/; HttpOnly
Cache-Control: max-age=0, private, must-revalidate
Server: nginx/1.0.6 + Phusion Passenger 3.0.9 (mod_rails/mod_rack)
But I want to hide these headers: Server,Set-Cookie,X-Powered-By,X-UA-Compatible,ETag,Cache-ControlCache-Control to be display.
If you are using proxy you can use and configure directive proxy_hide_header
from proxy
module by that:
proxy_hide_header X-Powered-By;
proxy_hide_header X-UA-Compatible;
proxy_hide_header X-Runtime;
proxy_hide_header ETag;
# and so on...
But this directive allow you only to hide headers coming from proxy server. For response headers coming from main server not proxy you can use directive set
and variable $sent_http_HEADER
where HEADER
means header name you would like to set. Here an example:
set $sent_http_x_powered_by your_value;
set $sent_http_etag your_value;
set $sent_http_cache_control your_value;
# and so on...
But take in consideration two things: 1. Set
directive works only in server
, location
and if
blocks, 2. As you can read in comments to your question it's not realy good idea to hide or change some headers like Cache-Control because they aren't only information but have impact on browser and user clients work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.