Modify downstream headers in upgrade to websocket

Caddy Version



Running from binary via a systemd service on an Ubuntu Server based image as a nonprivileged service user.
dns cloudflare is the only additional plugin installed and is used for acme challenges the caddy binary is an official one downloaded from the Caddy download page: Download Caddy


(common) {
        header /* {
                +x-gateway "dz021"
} {
        import common
        tls {
                dns cloudflare "[ Redacted ]"

The problem I’m having:

Normal requests to say would have the Server: Caddy removed and the x-gateway: dz021 header is present. However when requesting a url which upgrades to a websocket the response headers lack the gateway header and the Server header is still present. I’ve tried reading the documentation and shifting options around in the Caddyfile but was met with errors. How can I get the desired headers to show in the response?

Thank you for any assistance. :slightly_smiling_face:

Since you’re doing a - delete operation in your header directive, the header operations get deferred until the header directive gets called again on the way back up the middleware chain. See the note at the top of the docs here header (Caddyfile directive) — Caddy Documentation. But since websocket connections involve hijacking the connection to transition it from HTTP to TCP, it never goes back up the middleware chain, and your header stuff never happens.

You can try this:

reverse_proxy {
	header_down X-Gateway dz021

Or try this:

header X-Gateway dz021

In that case, there’s no - delete operation, so it shouldn’t get deferred, and it should work fine.

FWIW, there’s no benefit to removing the Server header. It doesn’t reveal any information that clients couldn’t otherwise figure out trivially by observing traffic patterns.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.