It was surprisingly difficult to find a full working example of this, so here’s my take on “How to make Nginx require that a certain header is present with a certain value in the incoming request”:
nginx.conf:
http { map $http_x_mycustomheader $is_mycustomheader_not_ok { default "1"; MyApprovedValue "0"; } ... }
mysite.conf:
server { ... location / { if ($is_mycustomheader_not_ok) { return 403; } } ... }
To allow requests that contain the header with any value except an empty value, all you need is:
mysite.conf:
server { ... location / { if ($http_x_mycustomheader = "") { return 403; } } ... }
I don’t know how to accept requests where the header is set to any value including an empty value. If anyone has an example, please leave a comment.
Thanks, it really helped me today to save a lot of time.