Questions tagged [http-headers]

Question 1

I am trying to integrate OpenWebUi With a FastAPI multi-tenant gateway (layer2) behind Apache + Kerberos (layer1). Kerberos authentication works, and Apache successfully injects: X-Forwarded-User: ...

Question 2

I am trying to set up webserver (HAProxy) in front of puppetmaster (v8+) Got to the point of tinkering with custom headers and ran into a problem. Puppet Docs say: X-Client-Cert Optional. Should ...

Question 3

I have apache 2.4 installed on an oraclelinux server. I have included the mod_auth_mellon extension and have configured it to use our corporate single signon server for login/out. So far when I open ...

Question 4

We have an IIS server running as a reverse proxy for terminology.hl7.org. Requests come in with a host of terminology.hl7.org, and redirected to an internal server at http://3.142.231.50/terminology. ...

Question 5

Since Godot does not have a built in HTTP server, but only a TCP server, I managed to write proper responses manually. Javascript, css and html load and work properly, you might say seamlessly. ...

Question 6

I'm having issues setting the Strict-Transport-Security header to be any value other than 0. I've tried adding the following code to the Web.config: <add name="Strict-Transport-Security" ...

Question 7

I have an Apache/2.4.6 (CentOS) server with multiple subdomains as ServerAlias in Apache VirtualHost. something like: <VirtualHost *:443> ServerName example.com ServerAlias a.example.com ...

Question 8

I use a simple site enabled to publish files in Apache: File: /etc/apache2/sites-enabled/contents.conf <Directory "/mnt/data/contents/"> Options FollowSymLinks ...

Question 9

How should a blog search results page be cached, considering it returns a list of 10 items with pagination (GET ?query=<search_term>&page=<number>) to navigate to the next page? What ...

Question 10

The HTTP OPTIONS request is an HTTP request type (like GET, POST) to web servers. It is optional as a helper, you can use it to programmatically find out what requests web servers understand. But you ...

Question 11

The setup is as follows: Windows Server 2022 Standard with IIS 10. ASP .NET 4.8 based application, running with Integrated mode and Application Pool Identity. Im trying to remove the following headers:...

Question 12

I am getting a 499 error on a particular api call (specifically only when the browser is Firefox). My research has shown the 499 error is caused by the client severing the connection with the api. ...

Question 13

I have a virtualized router with public IP address assigned to it directly in proxmox. When i send a request to port 443 from a different network(from a browser) the router correctly portforwards it ...

Question 14

In my nginx setup, I'm adding some http-headers globally within the http-section. One specific header however depends on a value that I only know after mapping the location block. When I add the ...

Question 15

I am using Apache 2.4.6 I wanted to check if a custom header X-CUSTOM-HEADER is present in the request, if yes then set the same header and same value to the response. If the header is not present in ...

Question 16

I just spent the whole day trying to figure out this error. We have a PHP script that generates a file for download. After upgrading nginx (1.16 -> 1.24), this script suddenly started randomly ...

Question 17

I'm working on a Flask app that uses gunicorn and nginx and should hide its server header, so I managed to do it only for the homepage, like this: gunicorn.conf.py import gunicorn gunicorn.SERVER = '.'...

Question 18

I am moving a PHP application from an older CentOS 7 server with Apache 2.4.6 and PHP 7.3.33 (mod_php) to a newer Alma Linux 9 server with Apache 2.4.57 and PHP 8.0.30 (PHP-FPM). This is a back-end ...

Question 19

I mean why at first place polling and server events exist if websocket can not only solve the problems they are solving but also allow additional functionalities (like bidirectional nature). I guess ...

Question 20

Server is Windows Server 2016 I need to serve a single static file with a different header than all the other files (Cache-Control: max-age=15) A different answer gives the leaf XML node as: <...

Question 21

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-XSS-Protection "1; mode=block" Header always set X-Content-Type-...

Question 22

A bit of context : I'm using nginx as a reverse-proxy for a bunch of apps running in Docker containers. Among those apps there is Nextcloud (fpm), and the settings page complains about HTTP Referrer-...

Question 23

I'm looking for an Apache module that is able to log the RAW content of HTTP requests, unprocessed. Here is one example : POST https://foobar/ HTTP/1.1 Host: foorbar Connection: keep-alive Content-...

Question 24

I'm trying to investigate why Google isn't indexing some pages (allegedly, because they redirect) and, when using Lighthouse to check an example page, I see the following: Error parsing link header (...

Question 25

I have CloudFront configured with an API Gateway origin. In the application accessed via API Gateway, my application responds to a particular request with a Content-Disposition header so that the data ...

Question 26

(Reposting my post deleted after a year of inactivity) Let's assume I use etag off (and if_modified_since off with add_header Last-Modified "" to not make redundancy) in NGINX and I generate ...

Question 27

We have several Apache 2.4 web servers behind a load balancer and CDN front end - where HTTPS is terminated - we see the client IP in headers from the front end in the back end Apache logs. I'm ...

Question 28

I am using this in a VirtualHost <IfModule headers_module> Header set ProcessingTime "%D" Header set Server "Apache 2.4" </IfModule> I can see that the ...

Question 29

JPEG, GIF, PNG and WEBP images are already compressed. Is there any reason to serve them up using GZIP compression, regardless of whether or not the client says it may accept GZIP compression? curl -H ...

Question 30

I have the following haproxy config that adds the access-control-allow-origin header on successful 200 requests with the below config. My problem is, when I hit timeouts or haproxy itself (not my ...

Question 31

Using https://cors-test.codehappy.dev/ to test our test server's new CORS policy, we receive: These are the response headers received when making the request: access-control-allow-credentials: true ...

Question 32

Invoking caddy run against the Caddyfile: http://localhost header ETag forcedValue file_server I expect curl -v http://localhost/Caddyfile to show a response with the ETag forcedValue. Instead, a ...

Question 33

I'm running an OpenLiteSpeed server and would like to only allow webpages that start with a specific url on my site (e.g. https://example.com/video/**) to be iframed by others. (I want to allow anyone ...

Question 34

I have an Apache webserver behind a load balancer which proxies request to Apache and have problem regarding configuring directories. Here is my scenario: Upper Load Balancer proxies request to ...

Question 35

I am facing a rather odd issue with my web server. The server is configured with Ubuntu 20.04, Nginx v1.22.1, PHP 8.0, and MariaDB to host my WordPress website. The issue is, the server is not sending ...

Question 36

I'm using Node.js/express and if I set the headers Content-Type: application/json Content-Encoding: gzip and send gzipped compressed bodies of JSON data, this works as expected - when not behind ...

Question 37

This is kind of a theoretical question, and I guess it may be too broad or unclear. Foobar is an application serving users across the internet. It relies on a CDN to improve its resiliency, speed, etc ...

Question 38

The configuration I have set (below) works for localhost but not for my domain. The goal is to access port 3000 externally with basic auth so only I can access it. When I go to localhost, it is ...

Question 39

I'm trying to do something like the following: <If "%{IPV6} == 'off'"> Header always set Attention "you are using still using IPV4 in %{TIME_YEAR}, please blahblah etc" <...

Question 40

An answer on SO to the same nice - and following guidelines - question but for Apache, how to set Access-Control-Allow-Origin entry header for multiple origin domains deals with .htaccess, checking ...

Question 41

I have an icecast server that runs on port 8000 however when I set up a proxy using NGINX I seem not to be able to make it look like it is the original server. I am wondering is there anyway to kinda ...

Question 42

I am looking at an old web form located at: http://www.teleservices.lyon.fr/etat-civil/naissance/ Of course, it is obsolete, bogus, without TLS, etc. But I don’t recognize the web server publishing it....

Question 43

I came across a "Bearer" Authentication in the header of a HTTP request (I want to understand an API) that I want to replicate. This is the header field: authentication : Bearer ...

Question 44

Hey guys. I have the following question: Is it possible to remove or change the value of a header that was added a few lines earlier? Here is the whole scenario: Setup my-website.com.conf ... server { ...

Question 45

In modern versions of Nginx, the ETag is automatically generated for static file types, even if you don't specifically enable the etag on in your location blocks or otherwise: https://nginx.org/en/...

Question 46

My NGINX web server has byte ranges enabled via add_header Accept-Ranges bytes; and I can successfully get byte ranges of podcast episodes via curl: $ curl -I -r 200-300 https://konradhoeffner.de/...

Question 47

Problem Suppose we have a compressed archive on disk, e.g. file.tar.gz, which should be served as-is. The file is served with Content-Type: application/gzip, but for some reason the server also adds a ...

Question 48

I have configured a basic virtual host just to be able to list a specific directory on the server. For the local files it’s working perfectly, but one of the folder listed at the root is a symlink to ...

Question 49

I'd like to set a header on all page request except for one. I've tried the following: location ~ ^\/(?!allow-iframes) { add_header 'X-Frame-Options' 'DENY'; } This has some unexpected behavior. It ...

Question 50

The recent update to zlib due to a security hole appears to cause a major problem when serving PHP-FPM 8.0 via nginx on Ubuntu focal. Any requests with a gzip encoding fail right at the start of the ...