How to remove "Client-Peer" (etc) header in nginx with php-fastcgi

iblamefish asked:

My setup:

  • OS: Ubuntu 11.04
  • HTTP Server: nginx 1.2.1
  • (other irrelevant software – ruby, python, etc)

My problem:

I’m trying to completely mask the software which serves the pages (partly security, mostly because it’s fun), I’ve managed to change the server name and remove the X-Powered-By header which php-fastcgi adds, but I’m having trouble removing three headers:

Client-Date: Thu, 14 Jun 2012 20:32:34 GMT
Client-Response-Num: 1

I have used more_clear_headers from the HttpHeadersMore module but that has no effect, despite being able to remove the X-Powered-By headers.

This is in my http block

more_set_headers "Server: Tesco Value";
more_clear_headers "X-Powered-By";
more_clear_headers "Client-*";
more_clear_headers "Client-Date";
more_clear_headers "Client-Response-Num";
more_clear_headers "Client-Peer";
more_clear_headers "X-Pingback";

add_header X-Required-Volume-Setting 11;
add_header X-Required-Speed 88mph;

# NEW: added in thanks to the answer from @kworr - but still doesn't work
fastcgi_hide_header "Client-Date";
fastcgi_hide_header "Client-Response-Num";
fastcgi_hide_header "Client-Peer";

If you run HEAD you’ll see that neither explicit nor wildcard rules get rid of the header. I’m guessing that these headers are set after the output-header-filter phase – but I’d like to know if anyone has any more information on this, and especially if anyone has a solution.


@kworr suggested that fastcgi_hide_header might be what I’m looking for – but still doesn’t work. Perhaps it’s just my system?

My answer:

Those headers were not present in the HTTP response at all. Neither nginx nor php-fpm ever sent them, so trying to block them is pointless.

They are synthetic response headers added to the response by your user agent, libwww-perl.

If you don’t wish to see them, make HTTP requests with some other library, such as libcurl.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.