Synchro

Asked: 2021-03-04 08:57:59 +0800 CST2021-03-04 08:57:59 +0800 CST 2021-03-04 08:57:59 +0800 CST

How to get nginx to strip cookies except for an allow list?

I'm trying to host sites that use things like WordPress, using nginx as a reverse proxy for PHP-FPM. Often these systems will set all kinds of annoying cookies that are unnecessary and/or the site does not have permission to set.

So I'm looking to strip all cookies except for those that appear in an allow list. In WordPress for example, I might want to allow only the admin session cookie which is called wordpress_sec_*.

I've found the "headers more" extension which has some nice things like:

more_clear_headers 'Set-Cookie';

which will delete all cookies, though that's obviously excessive. I can probably delete specific cookies, but that's a whack-a-mole as plugins keep setting cookies they don't really need.

Any bright ideas?

How to get nginx to strip cookies except for an allow list?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

How to get nginx to strip cookies except for an allow list?

0 Answers