Modify HTTP Messages
Modify HTTP Messages🔗
Tempesta FW can modify, add and remove HTTP headers before forwarding messages to recipient. Both request and response messages can be modified. User is responsible for correctness of HTTP message after the modifications. Although it’s possible to modify any header, the modification took place just before transmitting and no additional HTTP headers validation happen.
Directives for modifying responses and requests have the same syntax which is described below.
Append a new header to HTTP message before forwarding it:
resp_hdr_add <NAME> <VALUE>;
req_hdr_add <NAME> <VALUE>;
NAME – Header name;
VALUE – Value of header.
Existing headers with the same name won’t be removed or modified, instead a new header will be added with the user
defined value.
Example:
With directive resp_hdr_add Cache-Control "no-cache";:
- already existing header
Cache-Control: no-storewill be updated toCache-Control: no-store, no-cache; - if
Cache-Controlheader is not found in response, a new headerCache-Control: no-cachewill be added.
Modify an existing header of HTTP message before forwarding it:
resp_hdr_set <NAME> <VALUE>;
req_hdr_set <NAME> <VALUE>;
NAME – Header name;
VALUE – Value of header, optional.
Unlike req_hdr_add, all existing headers of the same name are removed from the message and, if VALUE is specified, a new header with the specified VALUE is added.
Example:
With directive resp_hdr_set Cache-Control "no-cache";:
- already existing header
Cache-Control: no-storewill be replaced byCache-Control: no-cache; - if
Cache-Controlheader is not found in response, a new headerCache-Control: no-cachewill be added.
With directive resp_hdr_set Cache-Control;:
- already existing header
Cache-Control: no-storewill be removed; - if
Cache-Controlheader is not found in response, no modifications will happen.
Up to 64 directives (64 modifications) may be specified for each of request and response. The directives can be grouped by locations as defined in the Locations section.
Inheritance🔗
Inner scopes do not inherit directives from outer scopes unless the inner scope lacks those directives.
This means that, in the following example, only the location_scope_header header will be added to the request
with uri "/test".
req_hdr_add global_hdr "global_hdr_val";
vhost tempesta-tech.com {
req_hdr_add vhost_scope_header "vhost_scope_header_val";
location prefix "/test" {
req_hdr_add location_scope_header "location_scope_header_val";
proxy_pass grp2;
}
proxy_pass grp1;
}
However, in this example, the vhost_scope_header header will be added. The global_hdr header will be ignored,
as in the example above.
req_hdr_add global_hdr "global_hdr_val";
vhost tempesta-tech.com {
req_hdr_add vhost_scope_header "vhost_scope_header_val";
location prefix "/test" {
proxy_pass grp2;
}
proxy_pass grp1;
}
Usage example🔗
A usage example to implement HTTP Strict Transport Security
resp_hdr_set Strict-Transport-Security "max-age=31536000; includeSubDomains"