feat(proxy) toggle server and latency tokens

Add two new configuration properties `server_tokens` and `latency_tokens` to toggle `Server` and `X-Kong-*-Latency` response headers. From #2259 Fix #1009
Kong · Mar 31, 2017 · fd18d0d · fd18d0d
1 parent 4844dcf
commit fd18d0d
Show file tree

Hide file tree

Showing 7 changed files with 341 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 ## [Unreleased][unreleased]
 
+### Added
+
+- Ability to hide Kong-specific response headers. Two new configuration fields:
+  `server_tokens` and `latency_tokens` will respectively toggle whether the
+  `Server` and `X-Kong-*-Latency` headers should be sent to downstream clients.
+  [#2259](https://github.com/Mashape/kong/pull/2259)
+
 ## [0.10.1] - 2017/03/27
 
 ### Changed

diff --git a/kong.conf.default b/kong.conf.default
@@ -120,6 +120,16 @@
                                  # process. When this number is exceeded, the
                                  # least recently used connections are closed.
 
+#server_tokens = on              # Enables or disables emitting Kong version on
+                                 # error pages and in the "Server" or "Via"
+                                 # (in case the request was proxied) response
+                                 # header field.
+
+#latency_tokens = on             # Enables or disables emitting Kong latency
+                                 # information in the "X-Kong-Proxy-Latency"
+                                 # and "X-Kong-Upstream-Latency" response
+                                 # header fields.
+
 #------------------------------------------------------------------------------
 # DATASTORE
 #------------------------------------------------------------------------------

diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua
@@ -62,6 +62,8 @@ local CONF_INFERENCES = {
   nginx_user = {typ = "string"},
   nginx_worker_processes = {typ = "string"},
   upstream_keepalive = {typ = "number"},
+  server_tokens = {typ = "boolean"},
+  latency_tokens = {typ = "boolean"},
 
   database = {enum = {"postgres", "cassandra"}},
   pg_port = {typ = "number"},
@@ -425,7 +427,7 @@ local function load(path, custom_conf)
   -- initialize the dns client, so the globally patched tcp.connect method
   -- will work from here onwards.
   assert(require("kong.tools.dns")(conf))
-  
+
   return setmetatable(conf, nil) -- remove Map mt
 end
 

diff --git a/kong/core/error_handlers.lua b/kong/core/error_handlers.lua
@@ -1,3 +1,5 @@
+local singletons = require "kong.singletons"
+
 local find = string.find
 local format = string.format
 
@@ -52,7 +54,10 @@ return function(ngx)
   local status = ngx.status
   message = BODIES["s"..status] and BODIES["s"..status] or format(BODIES.default, status)
 
-  ngx.header["Server"] = SERVER_HEADER
+  if singletons.configuration.server_tokens then
+    ngx.header["Server"] = SERVER_HEADER
+  end
+
   ngx.header["Content-Type"] = content_type
   ngx.say(format(template, message))
-end
+end
diff --git a/kong/core/handler.lua b/kong/core/handler.lua
@@ -119,7 +119,7 @@ return {
       end
 
       -- if set `host_header` is the original header to be preserved
-      var.upstream_host = host_header or 
+      var.upstream_host = host_header or
           balancer_address.hostname..":"..balancer_address.port
 
     end,
@@ -137,19 +137,34 @@ return {
   },
   header_filter = {
     before = function()
-      if ngx.ctx.KONG_PROXIED then
+      local ctx = ngx.ctx
+
+      if ctx.KONG_PROXIED then
         local now = get_now()
-        ngx.ctx.KONG_WAITING_TIME = now - ngx.ctx.KONG_ACCESS_ENDED_AT -- time spent waiting for a response from upstream
-        ngx.ctx.KONG_HEADER_FILTER_STARTED_AT = now
+        ctx.KONG_WAITING_TIME = now - ctx.KONG_ACCESS_ENDED_AT -- time spent waiting for a response from upstream
+        ctx.KONG_HEADER_FILTER_STARTED_AT = now
       end
     end,
     after = function()
-      if ngx.ctx.KONG_PROXIED then
-        ngx.header[constants.HEADERS.UPSTREAM_LATENCY] = ngx.ctx.KONG_WAITING_TIME
-        ngx.header[constants.HEADERS.PROXY_LATENCY] = ngx.ctx.KONG_PROXY_LATENCY
-        ngx.header["Via"] = server_header
+      local ctx, header = ngx.ctx, ngx.header
+
+      if ctx.KONG_PROXIED then
+        if singletons.configuration.latency_tokens then
+          header[constants.HEADERS.UPSTREAM_LATENCY] = ctx.KONG_WAITING_TIME
+          header[constants.HEADERS.PROXY_LATENCY]    = ctx.KONG_PROXY_LATENCY
+        end
+
+        if singletons.configuration.server_tokens then
+          header["Via"] = server_header
+        end
+
       else
-        ngx.header["Server"] = server_header
+        if singletons.configuration.server_tokens then
+          header["Server"] = server_header
+
+        else
+          header["Server"] = nil
+        end
       end
     end
   },

diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua
@@ -20,6 +20,8 @@ admin_ssl = on
 admin_ssl_cert = NONE
 admin_ssl_cert_key = NONE
 upstream_keepalive = 60
+server_tokens = on
+latency_tokens = on
 
 database = postgres
 pg_host = 127.0.0.1