LoginSignup
42
34

More than 1 year has passed since last update.

@k_enoki(enomoto katutoshi)

リバースプロキシ(nginx)経由でリクエストを投げるとカスタムヘッダが消えて困った

Last updated at Posted at 2014-06-19

なんぞ

nginxを使ったリバースプロキシ経由でリクエストを投げると、カスタムヘッダが消えて困った。
ヘッダはこんな感じ → X-Test.Hoge

結論

nginxのデフォルトではヘッダ名に英数字とハイフン以外は認めてない。
http://nginx.org/en/docs/http/ngx_http_core_module.html#ignore_invalid_headers

リクエストヘッダをそのままBodyに入れて返すスクリプト書いた。

nginx的に合法なヘッダの場合
$ curl -H 'X-Test-Hoge: hoge' http://hoge.huga.com/
[('X-Forwarded-Server', 'hoge.huga.com'),
 ('X-Real-Ip', 'xxx.xxx.xxx.xxx'),
 ('Connection', 'close'),
 ('Content-Length', ''),
 ('Accept', '*/*'),
 ('User-Agent',
  'curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5'),
 ('Host', 'hoge.huga.com'),
 ('X-Test-Hoge', 'hoge'),
 ('X-Forwarded-For', 'xxx.xxx.xxx.xxx'),
 ('X-Forwarded-Host', 'hoge.huga.com'),
 ('Content-Type', 'text/plain')]
nginx的にに非合法な場合
$ curl -H 'X-Test.Hoge: hoge' http://hoge.huga.com/
[('X-Forwarded-Server', 'hoge.huga.com'),
 ('X-Real-Ip', 'xxx.xxx.xxx.xxx'),
 ('Connection', 'close'),
 ('Content-Length', ''),
 ('Accept', '*/*'),
 ('User-Agent',
  'curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5'),
 ('Host', 'hoge.huga.com'),
 ('X-Forwarded-For', 'xxx.xxx.xxx.xxx'),
 ('X-Forwarded-Host', 'hoge.huga.com'),
 ('Content-Type', 'text/plain')]

対応策

httpもしくはserverコンテキストにignore_invalid_headers off; を追加する

example.conf
upstream hoge-huga-com {
  server xxx.xxx.xxx.xxx:yyyy;
}

server {
    listen       80;
    server_name  hoge.huga.com;
    access_log on;
    ignore_invalid_headers off;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://hoge-huga-com;
    }
}
ignore_invalid_headersをoffにした後
$ curl -H 'X-Test.Hoge: hoge' http://hoge.huga.com/
[('X-Forwarded-Server', 'hoge.huga.com'),
 ('X-Real-Ip', 'xxx.xxx.xxx.xxx'),
 ('Connection', 'close'),
 ('Content-Length', ''),
 ('Accept', '*/*'),
 ('X-Test.Hoge', 'hoge'),
 ('User-Agent',
  'curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5'),
 ('Host', 'hoge.huga.com'),
 ('X-Forwarded-For', 'xxx.xxx.xxx.xxx'),
 ('X-Forwarded-Host', 'hoge.huga.com'),
 ('Content-Type', 'text/plain')]

小ネタ

_は-に直される
$ curl -H 'X-Test_Hoge: hoge' http://hoge.huga.com/
[('X-Forwarded-Server', 'hoge.huga.com'),
 ('X-Real-Ip', 'xxx.xxx.xxx.xxx'),
 ('Connection', 'close'),
 ('Content-Length', ''),
 ('Accept', '*/*'),
 ('User-Agent',
  'curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5'),
 ('Host', 'hoge.huga.com'),
 ('X-Test-Hoge', 'hoge'),
 ('X-Forwarded-For', 'xxx.xxx.xxx.xxx'),
 ('X-Forwarded-Host', 'hoge.huga.com'),
 ('Content-Type', 'text/plain')]
42
34
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
42
34