Add support to hide headers from upstream servers (#1928)

This commit is contained in:
Manuel Alejandro de Brito Fontes 2018-01-18 16:37:22 -02:00 committed by GitHub
parent 858f3398f8
commit 8975800740
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 1 deletions

View file

@ -21,6 +21,7 @@ The following table shows a configuration option's name, type, and the default v
|:---|:---|:------|
|[add‑headers](#add-headers)|string|""|
|[allow‑backend‑server‑header](#allow-backend-server-header)|bool|false|
|[hide‑headers&#8209](#hide-headers)|string array|empty|
|[access‑log‑path](#access-log-path)|string|"/var/log/nginx/access.log"|
|[error‑log‑path](#error-log-path)|string|"/var/log/nginx/error.log"|
|[enable‑dynamic‑tls‑records](#enable-dynamic-tls-records)|bool|true|
@ -126,7 +127,12 @@ Sets custom headers from named configmap before sending traffic to the client. S
## allow-backend-server-header
AllowBackendServerHeader enables the return of the header Server from the backend instead of the generic nginx string. By default this is disabled.
Enables the return of the header Server from the backend instead of the generic nginx string. By default this is disabled.
## hide-headers
Sets additional header that will not be passed from the upstream server to the client response.
Default: empty
_References:_
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header

View file

@ -462,6 +462,11 @@ type Configuration struct {
// Default: false
// Reason for the default: https://trac.nginx.org/nginx/ticket/1300
ReusePort bool `json:"reuse-port"`
// HideHeaders sets additional header that will not be passed from the upstream
// server to the client response
// Default: empty
HideHeaders []string `json:"hide-headers"`
}
// NewDefault returns the default nginx configuration

View file

@ -38,6 +38,7 @@ const (
bindAddress = "bind-address"
httpRedirectCode = "http-redirect-code"
proxyStreamResponses = "proxy-stream-responses"
hideHeaders = "hide-headers"
)
var (
@ -56,6 +57,8 @@ func ReadConfig(src map[string]string) config.Configuration {
skipUrls := make([]string, 0)
whitelist := make([]string, 0)
proxylist := make([]string, 0)
hideHeaderslist := make([]string, 0)
bindAddressIpv4List := make([]string, 0)
bindAddressIpv6List := make([]string, 0)
redirectCode := 308
@ -71,6 +74,10 @@ func ReadConfig(src map[string]string) config.Configuration {
}
}
}
if val, ok := conf[hideHeaders]; ok {
delete(conf, hideHeaders)
hideHeaderslist = strings.Split(val, ",")
}
if val, ok := conf[skipAccessLogUrls]; ok {
delete(conf, skipAccessLogUrls)
skipUrls = strings.Split(val, ",")
@ -133,6 +140,7 @@ func ReadConfig(src map[string]string) config.Configuration {
to.ProxyRealIPCIDR = proxylist
to.BindAddressIpv4 = bindAddressIpv4List
to.BindAddressIpv6 = bindAddressIpv6List
to.HideHeaders = hideHeaderslist
to.HTTPRedirectCode = redirectCode
to.ProxyStreamResponses = streamResponses

View file

@ -290,6 +290,9 @@ http {
proxy_pass_header Server;
{{ end }}
{{ range $header := $cfg.HideHeaders }}proxy_hide_header {{ $header }};
{{ end }}
{{ if not (empty $cfg.HTTPSnippet) }}
# Custom code snippet configured in the configuration configmap
{{ $cfg.HTTPSnippet }}