nginx가 필드의 유효성을 검사하기 전에 클라이언트 "호스트" http 헤더를 다시 작성합니다.

장치에서 다음 요청을 받았고 이를 hd10.vtech.com으로 프록시해야 합니다.

   GET http://hd10.vtech.com/test/pp_firmware/HD10-CH010_SUOTA.bin HTTP/1.1
   Host: http://hd10.vtech.com/test/pp_firmware/HD10-CH010_SUOTA.bin
   Range: bytes=0-59

불행하게도 nginx는 클라이언트 호스트 헤더 필드가 유효하지 않고 400 오류를 발생시킨다고 결정합니다. nginx/openresty가 요청을 검증하기 전에 클라이언트 호스트 헤더를 다시 작성할 수 있는 방법이 있습니까? 헤더를 수정하기 위해 more_set_input_headers 루틴을 시도했지만 이는 유효성 검사 후에 발생합니다...

nginx.conf(테스트 중):

user  nobody;
#number of cores:
#grep processor /proc/cpuinfo | wc -l
worker_processes  2;

#
pid        logs/nginx.pid;

#daemon off;
error_log /var/log/nginx.log info;

events {
#number of files that can be opened simultaniously by a process:
#ulimit -n
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    # note that the log_format directly below is a single line
    log_format main '[$time_local] remote_ip: $remote_addr realip: $realip_remote_addr remote_user: $remote_user  request: "$request" status: $status body_byte: $body_bytes_sent referer: "$http_referer" agent: "$http_user_agent" proxy: "$proxy_host" host: "$host"';

    access_log  /var/log/access.log  main;

    ignore_invalid_headers on;
    sendfile        on;
    #tcp_nopush     on;

    #context should be upstream - don't know if applied
    #keepalive_timeout  0;
    keepalive_timeout  15;

    #gzip  on;
    lua_package_path "/usr/local/openresty/lua-resty-http/lib/?.lua;/usr/local/openresty/src/?.lua;;";
    lua_package_cpath "/usr/local/openresty/lualib/?.so;;";
    #lua_code_cache off;
    lua_shared_dict whitelist 500k;
    lua_shared_dict useragent 100k;
    lua_shared_dict captive 100k;
    lua_shared_dict redirecttable 100k;
    lua_shared_dict clients 2m;

    init_by_lua_block {
        require("initialize").go()
        }

    server {
        lua_socket_connect_timeout 5m;
        proxy_connect_timeout   15;
        proxy_set_header HOST $host;
        proxy_buffering off;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        #proxy_ignore_client_abort on;
        listen 172.16.23.238:8080;
        ###security hardening
        #removes version of webserver in response headers
        server_tokens off;
        #overwrites Server headers
        more_set_headers 'Server: Webproxy';
        #prevents clickjacking - debatable if the proxy should enforce this
        add_header X-Frame-Options "SAMEORIGIN";
        #protects clients with Webkit browsers (IE8+) from XSS attacks
        add_header X-XSS-Protection "1; mode=block";
        #limits some types from turning into executable code (e.g style can only be text/css, if it's something else it is blocked)
        add_header X-Content-Type-Options nosniff;
        #proxy headers - passes useful info and original ip
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_bind 62.202.200.246;

        #delete if breaks stuff
        proxy_read_timeout 15;
        proxy_send_timeout 15;

        location / {

            resolver 1.1.1.1 10.212.10.10 ipv6=off;  #
            set $target '';

            access_by_lua_block {
            require("sharedmemory").go()
            require("useragent").go()
            }
            #pass remote Server in Header - currently overwritten by more_set_header
            proxy_pass_header Server;
            proxy_pass http://$target;
        }
  }

}

감사와 안부 데이빗