Filtering the webserver information in the nginx default error responses

Signed-off-by: jan shahid shaik <[email protected]>
chef · Jun 22, 2021 · 64413e2 · 64413e2
1 parent aa39c4d
commit 64413e2
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/oc-chef-pedant/spec/api/header_spec.rb b/oc-chef-pedant/spec/api/header_spec.rb
@@ -42,4 +42,10 @@
       end
     end
   end # context "Request Headers"
+
+  context "Verify nginx default error responses", :nginx_default_error do
+    it "openresty tag should not be present in the nginx default error responses" do
+      get(request_url.sub!('https', 'http'), superuser).to_s.should_not loosely_match(/.*openresty.*/)
+    end
+  end # context "Verify nginx default error response"
 end # describe "Headers"
diff --git a/omnibus/files/private-chef-cookbooks/private-chef/templates/default/nginx/nginx.conf.erb b/omnibus/files/private-chef-cookbooks/private-chef/templates/default/nginx/nginx.conf.erb
@@ -26,6 +26,8 @@ http {
   # logged to the request log.
   log_not_found off;
 
+  error_page 301 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417
+      418 421 422 423 424 425 426 428 429 431 451 500 501 502 504 505 506 507 508 510 511 = @errorrespfilter;
   server_names_hash_bucket_size <%= @server_names_hash_bucket_size %>;
 
   sendfile <%= @sendfile %>;
@@ -148,6 +150,14 @@ http {
             more_clear_headers Server;
             access_log /var/log/opscode/nginx/rewrite-port-80.log;
             return 301 https://$host$request_uri;
+            # Filters 'openresty' string in the default nginx error reponses
+            location @errorrespfilter {
+              return 301 https://$host$request_uri;
+              header_filter_by_lua_block { ngx.header.content_length = nil }
+              body_filter_by_lua '
+              ngx.arg[1] = ngx.re.sub(ngx.arg[1],"openresty", "")
+              ';
+            }
           }
       <%- end -%>
     <%-  end %>

diff --git a/...es/private-chef-cookbooks/private-chef/templates/default/nginx/nginx_chef_api_lb.conf.erb b/...es/private-chef-cookbooks/private-chef/templates/default/nginx/nginx_chef_api_lb.conf.erb
@@ -48,6 +48,8 @@
 
     error_page 404 =404 /404.html;
     error_page 503 =503 /503.json;
+    error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 
+      418 421 422 423 424 425 426 428 429 431 451 500 501 502 504 505 506 507 508 510 511 = @errorrespfilter;
 
     # Whitelist the docs necessary to serve up error pages and friendly
     # html to non-chef clients hitting this host.
@@ -209,4 +211,11 @@
       proxy_pass http://$upstream;
       proxy_redirect http://$upstream /;
     }
+    # Filters 'openresty' string in the default nginx error reponses
+    location @errorrespfilter {
+      header_filter_by_lua_block { ngx.header.content_length = nil }
+      body_filter_by_lua '
+      ngx.arg[1] = ngx.re.sub(ngx.arg[1],"openresty", "")
+      ';
+    }
   }