Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#1011 closed enhancement (duplicate)

Allow changing 'Server' header in HTTP/2

Reported by: raeesiqbal@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.11.x
Keywords: http2, h2 Cc:
uname -a: Linux 8a48a48b517f 4.4.14-moby #1 SMP Wed Jun 29 10:00:58 UTC 2016 x86_64 Linux
nginx -V: nginx version: nginx/1.11.2
built by gcc 5.3.0 (Alpine 5.3.0)
built with OpenSSL 1.0.2 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --with-cc-opt='-g -O3 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -I ../boringssl/.openssl/include/' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -L ../boringssl/.openssl/lib' --conf-path=/etc/nginx/nginx.conf --error-log-path=/dev/stderr --http-log-path=/dev/stdout --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/run/nginx/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --user=nobody --group=nobody --with-http_ssl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --with-threads --with-stream --with-stream_ssl_module --with-file-aio --with-http_v2_module --with-http_spdy_module --with-ipv6 --with-pcre --with-pcre-jit --without-http_ssi_module --without-http_userid_module --without-http_autoindex_module --without-http_status_module --without-http_geo_module --without-http_split_clients_module --without-http_referer_module --without-http_proxy_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --without-http_limit_conn_module --without-http_limit_req_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_keepalive_module --without-http_upstream_zone_module --add-module=/tmp/ngx_brotli_module

Description

Commit 531e6fbfd6c785a7b42c285c12d3f0721cc989c7 introduced HPACK Huffman encoding for response headers which hardcoded 'Server' header response for HTTP/2 connections. This ticket is about making changes to that and making 'u_char nginx' in 'ngx_http_v2_filter_module.c' editable

Attachments (1)

nginx_server_name.patch (5.2 KB ) - added by raeesiqbal@… 8 years ago.
Replace occurrences of string 'nginx' and NGINX_VER with new constants

Download all attachments as: .zip

Change History (12)

comment:1 by Maxim Dounin, 8 years ago

Duplicate of #936.

Please also note that referring to identifiers in a mirrored/converted github repo is a bad idea, they are not expected to be used for anything, and can disappear at any time. Development of nginx is in Mercurial as available from http://hg.nginx.org/nginx/.

comment:2 by Maxim Dounin, 8 years ago

Resolution: duplicate
Status: newclosed

comment:3 by raeesiqbal@…, 8 years ago

This ticket is completely different from ticket #936, which talks about a configuration option to remove 'Server' header completely. This ticket purposes that there should be a const NGINX_NAME like NGINX_VER in src/core/nginx.h and all of the occurrences of string 'nginx' and the HPACK representation of it should be replaced/derived from that, not hardcoded everywhere.

Last edited 8 years ago by raeesiqbal@… (previous) (diff)

comment:4 by raeesiqbal@…, 8 years ago

bump....

comment:5 by Valentin V. Bartenev, 8 years ago

Could you clarify the purpose of this change? Your patch breaks the HTTP/2 module.

comment:6 by raeesiqbal@…, 8 years ago

@vbart I've just updated the patch and have confirmed it to be working with HTTP/2. The purpose of this patch is to replace all client-facing instances of server name and version. Previously, if you wanted to change 'Server' header in your build of NGINX, you would have to change it from a lot of different places and there was no consistency. And because the server name for HTTP/2 was in HPACK representation, it was a little tricky to replace.
This patch enables us to change the Server Name and Version from one one place (src/core/nginx.h) and it will be reflected in every client-facing place, like the Server header in all protocols and server name at the bottom of special pages.
This patch creates consistency between Server headers of different protocols.

comment:7 by raeesiqbal@…, 8 years ago

Nevermind, the HTTP/2 module is broken. I see that now. But maybe you can take a look at it to see whats wrong?

Version 1, edited 8 years ago by raeesiqbal@… (previous) (next) (diff)

by raeesiqbal@…, 8 years ago

Attachment: nginx_server_name.patch added

Replace occurrences of string 'nginx' and NGINX_VER with new constants

in reply to:  6 ; comment:8 by Maxim Dounin, 8 years ago

Replying to raeesiqbal@…:

The purpose of this patch is to replace all client-facing instances of server name and version.

And that's why this ticket is closed as duplicate of #936.

in reply to:  8 comment:9 by raeesiqbal@…, 8 years ago

Replying to mdounin:

And that's why this ticket is closed as duplicate of #936.

Description of #936 says "It would be helpful if there was a configuration setting beyond "server_tokens off" that would completely suppress the the 'server' header." But this change is about the ability to change 'server' header and the footer signature of special pages easily and creating consistency between the 'server' header in different protocols.

comment:10 by Maxim Dounin, 8 years ago

And the summary of the #936 says "For security purposes it is necessary to remove or change the "server" header", which is essentially identical to what you are trying to suggest.

Either way, it's very unlikely to be implemented, as rationale for such changes is either seriously flowed or has nothing to do with nginx. For those who really need this feature (or think so) we have it available in the commercial version.

comment:11 by raeesiqbal@…, 8 years ago

Oh! I see, thanks for explaining.

Note: See TracTickets for help on using tickets.