Is there a way to remove apaches Reverse Proxy Request Headers?

The Surrican picture The Surrican · Sep 5, 2011 · Viewed 15.2k times · Source

When acting as a reverse proxy, apache adds x-forwarded headers as described here.

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers

In my configuration I have configured server A as a forward proxy. There is a rule like this:

RewriteRule proxy:(.*example.com)/(.*) $1.mysecondserver.com/$2 [P]

This rule lets the server request the resource from one of my other servers.

On the second server (origin) I have a virtual host container for the resource and another rewrite rule like this:

RewriteRule some-regex some-url [P]

It may not seem to make sense like this but there is a lot of other stuff going on that I left out as it is not part of the problem.

However that final request has these headers:

[X-Forwarded-For] => ip of 1st server
[X-Forwarded-Host] => example.myseconserver.com
[X-Forwarded-Server] => example.com

I want those headers gone.

I seem to be unable to unset them with mod_headers. I can add more entries to them, but I can not remove them.

Any ideas?

Answer

peterh picture peterh · Apr 19, 2018

Since Apache 2, as this pretty answer says, the

ProxyAddHeaders Off

theoretically disables it. In my experiences, it had no effect. However, combined with

<Proxy *>
  ProxyAddHeaders Off
</Proxy>

and, with

  RequestHeader unset X-Forwarded-Host
  RequestHeader unset X-Forwarded-For
  RequestHeader unset X-Forwarded-Server

somewhere it started to work.