[GH-ISSUE #153] Unable to remove Authorization header #133

New issue

Closed

opened 2026-02-26 06:30:34 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 06:30:34 +03:00

Owner

Originally created by @etricky on GitHub (May 25, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/153

I have a host_proxy set with access list but I need for the Authorization header to not be passed to the proxied server. In the advanced section, I added:
proxy_set_header Authorization "";
However, I still see this header in the request to the proxied server.

Here's the config:

server {
  set $forward_scheme http;
  set $server         "192.168.1.69";
  set $port           80;

  listen 8080;
listen 4443 ssl http2;

  server_name xxxx.duckdns.org;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-3/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-3/privkey.pem;

  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
  add_header Strict-Transport-Security "max-age=31536000; preload" always;

  access_log /data/logs/proxy_host-6.log proxy;

proxy_set_header Authorization  "";

  location / {# Access List
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/2;

    # Force SSL
    include conf.d/include/force-ssl.conf;

  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
  add_header Strict-Transport-Security "max-age=31536000; preload" always;

    # Proxy!
    include conf.d/include/proxy.conf;
  }
}

In the proxied server, when I run a pcap, I see the HTTP request with that header.

In my server, this is causing a failed login attempt because it's receiving the Authorization header filled with the credentials of the nginx user.

Am I missing something or, for some reason, the advanced config is not being set?

Originally created by @etricky on GitHub (May 25, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/153 I have a host_proxy set with access list but I need for the Authorization header to not be passed to the proxied server. In the advanced section, I added: `proxy_set_header Authorization "";` However, I still see this header in the request to the proxied server. Here's the config: ``` server { set $forward_scheme http; set $server "192.168.1.69"; set $port 80; listen 8080; listen 4443 ssl http2; server_name xxxx.duckdns.org; # Let's Encrypt SSL include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/ssl-ciphers.conf; ssl_certificate /etc/letsencrypt/live/npm-3/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-3/privkey.pem; # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year) add_header Strict-Transport-Security "max-age=31536000; preload" always; access_log /data/logs/proxy_host-6.log proxy; proxy_set_header Authorization ""; location / {# Access List auth_basic "Authorization required"; auth_basic_user_file /data/access/2; # Force SSL include conf.d/include/force-ssl.conf; # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year) add_header Strict-Transport-Security "max-age=31536000; preload" always; # Proxy! include conf.d/include/proxy.conf; } } ``` In the proxied server, when I run a pcap, I see the HTTP request with that header. ![pcap](https://user-images.githubusercontent.com/6766415/58298180-6dc8ef80-7dd2-11e9-9e3b-4dfb3b285e49.jpg) In my server, this is causing a failed login attempt because it's receiving the Authorization header filled with the credentials of the nginx user. Am I missing something or, for some reason, the advanced config is not being set?

kerem

2026-02-26 06:30:34 +03:00

closed this issue
added the
bug
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#133

No description provided.

Rows
Columns