Remove cookies by cookie name in nginx reverse proxy
Wouldn't it be possible to explicitly set the cookie-headers? So something like:
add_header Set-Cookie "A=deleted; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Domain=.foo.com
add_header Set-Cookie "B=deleted; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Domain=.foo.com
add_header Set-Cookie "C=deleted; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Domain=.foo.com
You could use I don't have a development nginx instance running here so I can't test..proxy_set_header
with the header name "Cookie" instead of add_header
, if it doesn't work.
Sources:
Related videos on Youtube
Martin Taleski
Updated on September 18, 2022Comments
-
Martin Taleski over 1 year
I am fairly new to nginx and I am trying to set it up as a reverse proxy server. So far I have apache working as a backend server on 8080 and nginx on port 80.
My website uses a lot of cookies which I have no control on... I am using Expression Engine CMS, and it does not allow me to disable the cookies that I don't want (don't want to mantle with EE core code).
So lets say that a typical hit on my homepage returns cookies A, B and C which I don't use. Sometimes I also have cookies D and E which I need.
I want to set up nginx to hide cookies A, B and C from the response and return cached content only if the request is cookie free or cookies D and E are empty.
Is that possible to set up under nginx?
So far I have this in my config, which ignores any cookies. I just want to ignore or hide certain cookies:
proxy_cache_path /opt/nginx/cache levels=1:2 keys_zone=mycache:20m max_size=1G; proxy_temp_path /opt/nginx/tmp_cache/; proxy_hide_headers Expires Cache-Control Set-Cookie; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_bypass $cookie_nocache; proxy_no_cache $cookie_nocache;
...
location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache mycache; proxy_cache_valid 200 302 6h; proxy_cache_valid 404 1m; proxy_pass http://x.x.x.x:8080; }
-
Allan Jude over 11 yearsBecause you are using 'proxy_ignore_headers' on Set-Cookie, you are going to cache responses even if they do have cookies D or E, that may not be what you want.
-
Martin Taleski over 11 yearsyeah, I need proxy_hide_headers but only on the ones that I want to hide
-
-
Allan Jude over 11 yearsproxy_set_header sets the headers that are sent to the backend (apache in this case), so that won't do what you want in this case.
-
bartlaarhoven over 11 yearsYou're right about that. Edited my response.
-
fbmd about 3 yearsThe proposed solution does not work on my setup: the cookie set and delete are being sent in the same header, which apparently causes the browser to effectively set the cookie instead of ignoring or removing it.