我从设备收到以下请求,并应将其代理到 hd10.vtech.com:
GET http://hd10.vtech.com/test/pp_firmware/HD10-CH010_SUOTA.bin HTTP/1.1
Host: http://hd10.vtech.com/test/pp_firmware/HD10-CH010_SUOTA.bin
Range: bytes=0-59
不幸的是,nginx 认为客户端主机标头字段无效并抛出 400 错误。有没有办法在 nginx/openresty 验证请求之前重写客户端主机标头?我尝试使用 more_set_input_headers 例程来修改标头,但这是在验证之后进行的……
nginx.conf(测试中):
user nobody;
#number of cores:
#grep processor /proc/cpuinfo | wc -l
worker_processes 2;
#
pid logs/nginx.pid;
#daemon off;
error_log /var/log/nginx.log info;
events {
#number of files that can be opened simultaniously by a process:
#ulimit -n
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# note that the log_format directly below is a single line
log_format main '[$time_local] remote_ip: $remote_addr realip: $realip_remote_addr remote_user: $remote_user request: "$request" status: $status body_byte: $body_bytes_sent referer: "$http_referer" agent: "$http_user_agent" proxy: "$proxy_host" host: "$host"';
access_log /var/log/access.log main;
ignore_invalid_headers on;
sendfile on;
#tcp_nopush on;
#context should be upstream - don't know if applied
#keepalive_timeout 0;
keepalive_timeout 15;
#gzip on;
lua_package_path "/usr/local/openresty/lua-resty-http/lib/?.lua;/usr/local/openresty/src/?.lua;;";
lua_package_cpath "/usr/local/openresty/lualib/?.so;;";
#lua_code_cache off;
lua_shared_dict whitelist 500k;
lua_shared_dict useragent 100k;
lua_shared_dict captive 100k;
lua_shared_dict redirecttable 100k;
lua_shared_dict clients 2m;
init_by_lua_block {
require("initialize").go()
}
server {
lua_socket_connect_timeout 5m;
proxy_connect_timeout 15;
proxy_set_header HOST $host;
proxy_buffering off;
proxy_set_header Connection "";
proxy_http_version 1.1;
#proxy_ignore_client_abort on;
listen 172.16.23.238:8080;
###security hardening
#removes version of webserver in response headers
server_tokens off;
#overwrites Server headers
more_set_headers 'Server: Webproxy';
#prevents clickjacking - debatable if the proxy should enforce this
add_header X-Frame-Options "SAMEORIGIN";
#protects clients with Webkit browsers (IE8+) from XSS attacks
add_header X-XSS-Protection "1; mode=block";
#limits some types from turning into executable code (e.g style can only be text/css, if it's something else it is blocked)
add_header X-Content-Type-Options nosniff;
#proxy headers - passes useful info and original ip
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_bind 62.202.200.246;
#delete if breaks stuff
proxy_read_timeout 15;
proxy_send_timeout 15;
location / {
resolver 1.1.1.1 10.212.10.10 ipv6=off; #
set $target '';
access_by_lua_block {
require("sharedmemory").go()
require("useragent").go()
}
#pass remote Server in Header - currently overwritten by more_set_header
proxy_pass_header Server;
proxy_pass http://$target;
}
}
}
谢谢并问候 David
答案1
您的 Host 标头中有一个下划线。该指令的默认值为underscores_in_headers
。Off
因此您可以尝试将其设置为On
。