|
27 | 27 | #define NGX_HTTP_RP_HEADER_STRICT_ORIG_WHEN_CROSS 7 |
28 | 28 | #define NGX_HTTP_RP_HEADER_UNSAFE_URL 8 |
29 | 29 |
|
| 30 | +/* ngx_hide_header macros */ |
| 31 | +#define ngx_hide_header(r, name) \ |
| 32 | + ngx_str_set(&key, name); \ |
| 33 | + ngx_str_set(&val, ""); \ |
| 34 | + ngx_set_headers_out_by_search(r, &key, &val); |
30 | 35 |
|
31 | 36 |
|
32 | 37 | typedef struct { |
@@ -224,25 +229,30 @@ ngx_http_security_headers_filter(ngx_http_request_t *r) |
224 | 229 | } |
225 | 230 | h_server->hash = 0; |
226 | 231 |
|
227 | | - /* Hide X-Powered-By header */ |
228 | | - ngx_str_set(&key, "x-powered-by"); |
229 | | - ngx_str_set(&val, ""); |
230 | | - ngx_set_headers_out_by_search(r, &key, &val); |
231 | | - |
232 | | - /* Hide X-Page-Speed header */ |
233 | | - ngx_str_set(&key, "x-page-speed"); |
234 | | - ngx_str_set(&val, ""); |
235 | | - ngx_set_headers_out_by_search(r, &key, &val); |
236 | | - |
237 | | - /* Hide X-Varnish */ |
238 | | - ngx_str_set(&key, "x-varnish"); |
239 | | - ngx_str_set(&val, ""); |
240 | | - ngx_set_headers_out_by_search(r, &key, &val); |
241 | | - |
242 | | - /* Hide X-Application-Version */ |
243 | | - ngx_str_set(&key, "x-application-version"); |
244 | | - ngx_str_set(&val, ""); |
245 | | - ngx_set_headers_out_by_search(r, &key, &val); |
| 232 | + ngx_hide_header(r, "x-powered-by"); |
| 233 | + ngx_hide_header(r, "x-cf-powered-by"); |
| 234 | + ngx_hide_header(r, "via"); |
| 235 | + ngx_hide_header(r, "x-amz-cf-id"); |
| 236 | + ngx_hide_header(r, "x-amz-cf-pop"); |
| 237 | + ngx_hide_header(r, "x-page-speed"); |
| 238 | + ngx_hide_header(r, "x-varnish"); |
| 239 | + ngx_hide_header(r, "x-cache"); |
| 240 | + ngx_hide_header(r, "x-cache-hits"); |
| 241 | + ngx_hide_header(r, "x-cache-status"); |
| 242 | + ngx_hide_header(r, "x-application-version"); |
| 243 | + ngx_hide_header(r, "x-hudson"); |
| 244 | + ngx_hide_header(r, "x-hudson-theme"); |
| 245 | + ngx_hide_header(r, "x-instance-identity"); |
| 246 | + ngx_hide_header(r, "x-jenkins"); |
| 247 | + ngx_hide_header(r, "x-jenkins-session"); |
| 248 | + ngx_hide_header(r, "x-envoy-upstream-service-time"); |
| 249 | + ngx_hide_header(r, "x-drupal-cache"); |
| 250 | + ngx_hide_header(r, "x-generator"); |
| 251 | + ngx_hide_header(r, "x-backend-server"); |
| 252 | + ngx_hide_header(r, "x-wix-request-id"); |
| 253 | + ngx_hide_header(r, "x-request-id"); |
| 254 | + ngx_hide_header(r, "x-sucuri-id"); |
| 255 | + ngx_hide_header(r, "x-hacker"); |
246 | 256 | } |
247 | 257 |
|
248 | 258 | if (1 != slcf->enable) { |
|
0 commit comments