Welcome! Log In Create A New Profile


Validate Accept-Encoding

Posted by rihad 
Validate Accept-Encoding
December 08, 2017 11:59AM
Hi there. Our origin server's config includes "gzip_vary on", which tells proxy caches to vary on Accept-Encoding of the received response. When an nginx cache later caches the response, it takes into account the Vary Accept-Encoding header:

"If the header includes the “Vary” field with the special value “*”, such a response will not be cached (1.7.7). If the header includes the “Vary” field with another value, such a response will be cached taking into account the corresponding request header fields (1.7.7). "
(taken from http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid )

Now the question is: a client can send any Accept-Encoding, really. Any bogus string like "foo" there would make nginx fetch normal un-encoded content from the upstream as if Accept-Encoding: none was specified, and cache it on disk under a different key which would include "foo" as per Nginx rules. Which is NFG. Is there any way to restrict the allowed Accept-Encoding to gzip, br (Brotli) and none at all?

Edited 4 time(s). Last edit at 12/08/2017 12:05PM by rihad.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 141
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready