tilecache: do not pass cookie to backend

diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index f0bfdf20908c4bf7fcf2fdc827618ca9d13fbf72..a223912551c16e1becc468124a0a011fa7879027 100644 (file)
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -36,6 +36,17 @@ server {
       proxy_http_version 1.1;
       proxy_set_header Connection "";
 
+      proxy_connect_timeout 5s;
+
+      # Do not pass cookies to backend.
+      proxy_set_header Cookie "";
+      # Do not pass Accept-Encoding to backend.
+      proxy_set_header Accept-Encoding "";
+
+      # Do not allow setting cookies from cached pages.
+      proxy_ignore_headers Set-Cookie;
+      proxy_hide_header Set-Cookie;
+
       # Slow traffic slightly
       limit_rate 24576;
     }