Skip to main content

Tutorial: Specify Custom HTTP Headers

Abstract

Following this tutorial, you can provide the web server with additional HTTP headers.

Overview

The web server built into Access Server 2.9.4 and newer can be provided with additional HTTP headers. This is useful when security scanners test the web interface and require certain headers to be present. You can set multiple headers by specifying multiple configuration keys.

Caution

These custom HTTP headers are not checked for validity. They also are not meant to override headers that Access Server already implements.

Prerequisites

  • An installed Access Server 2.9.4 and newer.

  • Console access and the ability to get root access.

Step 1: Set custom headers

  1. Connect to the console and get root privileges.

  2. Switch to the scripts directory:

    cd /usr/local/openvpn_as/scripts/

  3. Set two custom headers (adjust your command for your necessary headers — our example sets two of them):

    ./sacli --key "cs.http_headers.0" --value "Custom Header: one" ConfigPut
./sacli --key "cs.http_headers.1" --value "Another Header: one two three" ConfigPut
./sacli start

Optional: Remove a custom header

  • Remove a custom header:

    ./sacli --key "cs.http_headers.0" ConfigDel
./sacli start
In this section:
See also: