Nginx: Reject request if header is not present

It was surprisingly difficult to find a full working example of this, so here’s my take on “How to make Nginx require that a certain header is present with a certain value in the incoming request”:

nginx.conf:

http {
  map $http_x_mycustomheader $is_mycustomheader_not_ok {
      default "1";
      MyApprovedValue "0";
  }
  
  ... 
}

mysite.conf:

server {
  ...
    location / {
      if ($is_mycustomheader_not_ok) {
        return 403;
      }
    }
  ...
}

To allow requests that contain the header with any value except an empty value, all you need is:

mysite.conf:

server {
  ...
    location / {
      if ($http_x_mycustomheader = "") {
        return 403;
      }
    }
  ...
}

I don’t know how to accept requests where the header is set to any value including an empty value. If anyone has an example, please leave a comment.

This entry was posted in IT. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *