Nginx module that allows blocking all response HTTP headers except for those that are specified.
Run the following commands to build and install this module.
wget "https://github.com/NicolasFlamel1/Allow-Headers/archive/refs/heads/master.zip"
unzip "./master.zip"
wget "https://nginx.org/download/nginx-$(nginx -v 2>&1 | awk '{print $3}' | awk -F'/' '{print $2}').tar.gz"
tar -xf "./nginx-$(nginx -v 2>&1 | awk '{print $3}' | awk -F'/' '{print $2}').tar.gz"
cd "./nginx-$(nginx -v 2>&1 | awk '{print $3}' | awk -F'/' '{print $2}')"
echo $(nginx -V 2>&1 >/dev/null | grep -oP '(?<=^configure arguments: ).*?(?= --add-dynamic-module|$)') --add-dynamic-module="../Allow-Headers-master" | xargs "./configure"
make modules
sudo mv "./objs/ngx_http_allow_headers_module.so" "/usr/share/nginx/modules/"
Add the following line to the top-level context in your Nginx configuration file, /etc/nginx/nginx.conf, to enable this module.
load_module modules/ngx_http_allow_headers_module.so;
This module provides the following directives that can be used in a location context.
allow_headers: This directive accepts a parameter with the valueonoroffwhich enables or disables blocking all response HTTP headers respectively.allow_header: This directive accepts a parameter with the case-sensitive value of a response HTTP header that won't be blocked whenallow_headersison.
For example, the following demonstrates how to allow only the Content-Type, Transfer-Encoding, Content-Length, and Content-Encoding response HTTP headers for requests made to /.
location / {
allow_headers on;
allow_header Content-Type;
allow_header Transfer-Encoding;
allow_header Content-Length;
allow_header Content-Encoding;
}