The mysterious header

Just a general query. Except for Strict-Transport-Security that Nextcloud complains about, I’ve managed to shy away from anything to do with headers such as:

  1. the header directive;
  2. request matchers header and header_regex; and
  3. header switches in other directives such as header_up and header_down in the reverse_proxy directive.

However, I often see references to headers in forum threads and the clever use of them in wiki articles such as Example: configure WordPress with a static cache.

It’s time to leave my comfort zone. I look at a line like the following…

		not header_regexp Cookie "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"

…and several questions spring to mind `What is the source of the information for this matcher?’ and What tools do I use to view this source?’. It’s a mystery to me. Can someone put me out of my misery and enlighten me please?

The inputs for matchers are always the request. In your browser, if you use the network inspector (right click on the page → inspect → click network tab, reload the page) you can see the request and response headers your browser is sending.

That regexp seems to be looking for requests that have a Cookie header with any one of those names/patterns in it.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.