The mysterious header

basil · April 28, 2021, 7:27am

Just a general query. Except for Strict-Transport-Security that Nextcloud complains about, I’ve managed to shy away from anything to do with headers such as:

the header directive;
request matchers header and header_regex; and
header switches in other directives such as header_up and header_down in the reverse_proxy directive.

However, I often see references to headers in forum threads and the clever use of them in wiki articles such as Example: configure WordPress with a static cache.

It’s time to leave my comfort zone. I look at a line like the following…

		not header_regexp Cookie "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"

…and several questions spring to mind `What is the source of the information for this matcher?’ and What tools do I use to view this source?’. It’s a mystery to me. Can someone put me out of my misery and enlighten me please?

francislavoie · April 28, 2021, 2:52pm

The inputs for matchers are always the request. In your browser, if you use the network inspector (right click on the page → inspect → click network tab, reload the page) you can see the request and response headers your browser is sending.

That regexp seems to be looking for requests that have a Cookie header with any one of those names/patterns in it.

system · May 28, 2021, 7:27am

This topic was automatically closed after 30 days. New replies are no longer allowed.