Nginx Header,实现对HTTP/S请求、响应进行添加、修改、删除等操作
Nginx Header,实现对HTTP/S请求、响应进行添加、修改、删除等操作
通过Nginx内置
文档地址:
http://nginx.org/en/docs/http/ngx_http_headers_module.html
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_hide_header
[可选]支持允许下划线Header
underscores_in_headers on;
1 添加Header
来源库:http_headers_module
add_header ‘Key’ ‘values’;
| Syntax: | add_header name value [always]; |
|---|---|
| Default: | — |
| Context: | http, server, location, if in location |
例如:add_header ‘Content-Type’ ’text/html;charset=utf-8’;
关于 add_header 无效不起作用,一般是没有在最后一条匹配规则中进行操作,需要将其加入到最深层的匹配规则中,例如location 比 server 深,if 比 location 深。
2 删除Header
来源库:ngx_http_fastcgi_module、ngx_http_proxy_module
fastcgi_hide_header ‘Key’;
| Syntax: | fastcgi_hide_header field; |
|---|---|
| Default: | — |
| Context: | http, server, location |
proxy_hide_header ‘Key’;
| Syntax: | proxy_hide_header field; |
|---|---|
| Default: | — |
| Context: | http, server, location |
例如:反向代理和fastcgi区分不同的场景使用。
fastcgi_hide_header X-Powered-By;
proxy_hide_header X-Powered-By;
3 修改Header
通过内置的操作,修改header分为两步,先将其删除再增加。
例如:
fastcgi_hide_header Content-Type;
proxy_hide_header Content-Type;
add_header ‘Content-Type’ ’text/css’;
4 添加请求Header
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
fastcgi_param ‘HTTP-X-Forwarded-For’ $remote_addr;
5 删除请求Header
proxy_set_header X-Forwarded-For ‘’;
fastcgi_param ‘HTTP-X-Forwarded-For’ ‘’;
通过第三方模块
headers-more-nginx-module
Github:https://github.com/openresty/headers-more-nginx-module
1 添加/设置Header
syntax: more_set_headers [-t
default: no
context: http, server, location, location if
phase: output-header-filter
more_set_headers “Server: yunjiasu-nginx”;
2 清除Header
syntax: more_clear_headers [-t
default: no
context: http, server, location, location if
phase: output-header-filter
more_clear_headers -s 404 -t ’text/plain’ Foo Baz;
more_clear_headers ‘X-Hidden-*’;
3 添加请求Header
4 more_set_input_headers
syntax: more_set_input_headers [-r] [-t
default: no
context: http, server, location, location if
phase: rewrite tail
5 删除请求Header
6 more_clear_input_headers
syntax: more_clear_input_headers [-t
default: no
context: http, server, location, location if
phase: rewrite tail
例子:
more_clear_input_headers -t ’text/plain’ Foo Baz;
more_clear_input_headers “Foo” “Baz”; more_clear_input_headers ‘X-Hidden-*’;
综合案例
例如:
# 根据请求文件名,返回对应的 Content-Type if ( $request_uri ~ .*\.(css)$ ) { add_header ‘Content-Type’ ’text/css’; }
if ( $request_uri ~ .*\.(html|htm|php|php5)$ ) { add_header ‘Content-Type’ ’text/html;charset=utf-8’; }
if ( $request_uri ~ .*\.(js)$ ) { add_header ‘Content-Type’ ‘application/javascript;application/x-javascript’; }
隐藏脚本版本及服务器版本信息
fastcgi_hide_header X-Powered-By; fastcgi_hide_header Server;
伪造服务器应用版本信息
more_set_headers ‘Server: yunjiasu-nginx/1.0’;
允许跨域请求
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
转自: https://cloud.tencent.com/developer/article/1402282