The goal is to ignore whatever the client sets for these headers, and
to pass our defined values on to the upstream cluster.
It appears that these values only get set if the client leaves them
out of the request. If the client sets X_SSL_VERIFIED to true, the
backend application sees 'true'.
I wanted to clarify that this is the expected behavior and that
proxy_set_header cannot be used to override the request header values
that a client sets. If this is the case, is there any way to
No, proxy_set_header always resets any client header.
Are you shure that you do not mix X_SSL_VERIFIED and X-SSL-VERIFIED ?
It appears to be the case that our application was rewriting the
dashes to underscores. What really needed to be in nginx was:
What appeared to be happening was that nginx was always setting
X_SSL_VERIFIED false, but the users were passing in X-SSL-VERIFIED
true, both being in the headers. The application would then change
the dashes to underscores and use the 'true' one.
The X_SSL_VERIFIED is invalid header name and nginx by default ignores it
and it never goes to backend. But if you set "ignore_invalid_headers off",
then such headers may go to the backend, if not overridden.