- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.

configure

@@ -811,6 +811,7 @@ infodir
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -961,6 +962,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1213,6 +1215,15 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1350,7 +1361,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
+		libdir localedir mandir runstatedir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1503,6 +1514,7 @@ Fine tuning of the installation directories:
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]

doc/Changelog

@@ -1,3 +1,6 @@
+16 July 2021: George
+	- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
+
 16 July 2021: Wouter
 	- Merge #510 from ndptech: Don't call a function which hasn't been
 	  defined.
@@ -19,7 +22,8 @@
 	- Fix Wunused-result compile warnings.
 
 2 July 2021: Tom
-	- Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https
+	- Merge PR #491: Add SVCB and HTTPS types and handling according to
+	  draft-ietf-dnsop-svcb-https.
 
 2 July 2021: Wouter
 	- Fix #506: Python Module Seems to Leak Memory if it Experiences an

doc/example.conf.in

@@ -371,6 +371,9 @@ server:
 	# enable to not answer trustanchor.unbound queries.
 	# hide-trustanchor: no
 
+	# enable to not set the User-Agent HTTP header.
+	# hide-http-user-agent: no
+
 	# the identity to report. Leave "" or default to return hostname.
 	# identity: ""
 
@@ -380,6 +383,10 @@ server:
 	# NSID identity (hex string, or "ascii_somestring"). default disabled.
 	# nsid: "aabbccdd"
 
+	# User-Agent HTTP header to use. Leave "" or default to use package name
+	# and version.
+	# http-user-agent: ""
+
 	# the target fetch policy.
 	# series of integers describing the policy per dependency depth.
 	# The number of values in the list determines the maximum dependency

doc/unbound.conf.5.in

@@ -852,6 +852,17 @@ If enabled version.server and version.bind queries are refused.
 Set the version to report. If set to "", the default, then the package
 version is returned.
 .TP
+.B hide\-http\-user\-agent: \fI<yes or no>
+If enabled the HTTP header User-Agent is not set. Use with caution as some
+webserver configurations may reject HTTP requests lacking this header.
+If needed, it is better to explicitly set the
+.B http\-user\-agent
+below.
+.TP
+.B http\-user\-agent: \fI<string>
+Set the HTTP User-Agent header for outgoing HTTP requests. If set to "",
+the default, then the package name and version are used.
+.TP
 .B nsid:\fR <string>
 Add the specified nsid to the EDNS section of the answer when queried
 with an NSID EDNS enabled packet.  As a sequence of hex characters or

services/authzone.c

@@ -5426,7 +5426,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
 		xfr->task_transfer->cp = outnet_comm_point_for_http(
 			env->outnet, auth_xfer_transfer_http_callback, xfr,
 			&addr, addrlen, -1, master->ssl, master->host,
-			master->file);
+			master->file, env->cfg);
 		if(!xfr->task_transfer->cp) {
 			char zname[255+1], as[256];
 			dname_str(xfr->name, zname);

services/outside_network.c

@@ -3434,15 +3434,28 @@ outnet_comm_point_for_tcp(struct outside_network* outnet,
 	return cp;
 }
 
+/** setup the User-Agent HTTP header based on http-user-agent configuration */
+static void
+setup_http_user_agent(sldns_buffer* buf, struct config_file* cfg)
+{
+	if(cfg->hide_http_user_agent) return;
+	if(cfg->http_user_agent==NULL || cfg->http_user_agent[0] == 0) {
+		sldns_buffer_printf(buf, "User-Agent: %s/%s\r\n", PACKAGE_NAME,
+			PACKAGE_VERSION);
+	} else {
+		sldns_buffer_printf(buf, "User-Agent: %s\r\n", cfg->http_user_agent);
+	}
+}
+
 /** setup http request headers in buffer for sending query to destination */
 static int
-setup_http_request(sldns_buffer* buf, char* host, char* path)
+setup_http_request(sldns_buffer* buf, char* host, char* path,
+	struct config_file* cfg)
 {
 	sldns_buffer_clear(buf);
 	sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path);
 	sldns_buffer_printf(buf, "Host: %s\r\n", host);
-	sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
-		PACKAGE_VERSION);
+	setup_http_user_agent(buf, cfg);
 	/* We do not really do multiple queries per connection,
 	 * but this header setting is also not needed.
 	 * sldns_buffer_printf(buf, "Connection: close\r\n") */
@@ -3458,7 +3471,7 @@ struct comm_point*
 outnet_comm_point_for_http(struct outside_network* outnet,
 	comm_point_callback_type* cb, void* cb_arg,
 	struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
-	int ssl, char* host, char* path)
+	int ssl, char* host, char* path, struct config_file* cfg)
 {
 	/* cp calls cb with err=NETEVENT_DONE when transfer is done */
 	struct comm_point* cp;
@@ -3494,7 +3507,7 @@ outnet_comm_point_for_http(struct outside_network* outnet,
 	comm_point_start_listening(cp, fd, timeout);
 
 	/* setup http request in cp->buffer */
-	if(!setup_http_request(cp->buffer, host, path)) {
+	if(!setup_http_request(cp->buffer, host, path, cfg)) {
 		log_err("error setting up http request");
 		comm_point_delete(cp);
 		return NULL;

services/outside_network.h

@@ -63,6 +63,7 @@ struct edns_option;
 struct module_env;
 struct module_qstate;
 struct query_info;
+struct config_file;
 
 /**
  * Send queries to outside servers and wait for answers from servers.
@@ -740,12 +741,13 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet,
  * @param ssl: set to true for https.
  * @param host: hostname to use for the destination. part of http request.
  * @param path: pathname to lookup, eg. name of the file on the destination.
+ * @param cfg: running configuration for User-Agent setup.
  * @return http_out commpoint, or NULL.
  */
 struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
 	comm_point_callback_type* cb, void* cb_arg,
 	struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
-	int ssl, char* host, char* path);
+	int ssl, char* host, char* path, struct config_file* cfg);
 
 /** connect tcp connection to addr, 0 on failure */
 int outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen);

testcode/fake_event.c

@@ -1749,7 +1749,7 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet,
 struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
 	comm_point_callback_type* cb, void* cb_arg,
 	struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
-	int ssl, char* host, char* path)
+	int ssl, char* host, char* path, struct config_file* cfg)
 {
 	struct replay_runtime* runtime = (struct replay_runtime*)
 		outnet->base;
@@ -1771,6 +1771,7 @@ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
 	(void)ssl;
 	(void)host;
 	(void)path;
+	(void)cfg;
 
 	/* handle http comm point and return contents from test script */
 	return (struct comm_point*)fc;

testdata/http_user_agent.tdir/127.0.0.1/example.com.zone

@@ -0,0 +1,3 @@
+example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
+example.com.	IN NS	ns.example.net.
+www.example.com. IN A	1.2.3.4

testdata/http_user_agent.tdir/http_user_agent.conf

@@ -0,0 +1,24 @@
+auth-zone:
+	name: "example.com"
+	for-upstream: yes
+	for-downstream: yes
+	url: "https://127.0.0.1:@TOPORT@/example.com.zone"
+remote-control:
+	control-enable: yes
+	control-interface: 127.0.0.1
+	control-port: @CONTROL_PORT@
+	server-key-file: "unbound_server.key"
+	server-cert-file: "unbound_server.pem"
+	control-key-file: "unbound_control.key"
+	control-cert-file: "unbound_control.pem"
+server:
+	verbosity: 7
+	interface: 127.0.0.1
+	port: @PORT@
+	use-syslog: no
+	directory: ""
+	pidfile: "unbound.pid"
+	chroot: ""
+	username: ""
+	do-not-query-localhost: no
+	use-caps-for-id: yes

testdata/http_user_agent.tdir/http_user_agent.dsc

@@ -0,0 +1,16 @@
+BaseName: http_user_agent
+Version: 1.0
+Description: Check the http-user-agent configuration
+CreationDate: Wed 2 Jun 13:59:26 CEST 2021
+Maintainer:
+Category: 
+Component:
+CmdDepends:
+Depends: 
+Help:
+Pre: http_user_agent.pre
+Post: http_user_agent.post
+Test: http_user_agent.test
+AuxFiles: 
+Passed:
+Failure:

testdata/http_user_agent.tdir/http_user_agent.post

@@ -0,0 +1,11 @@
+# #-- http_user_agent.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+PRE="../.."
+. ../common.sh
+kill_pid $UNBOUND_PID
+kill_pid $PETAL_PID

testdata/http_user_agent.tdir/http_user_agent.pre

@@ -0,0 +1,37 @@
+# #-- http_user_agent.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+get_random_port 3
+UNBOUND_PORT=$RND_PORT
+PETAL_PORT=$(($RND_PORT + 1))
+CONTROL_PORT=$(($RND_PORT + 3))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test
+echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
+
+get_make
+(cd $PRE; $MAKE petal)
+
+# start https daemon
+# More verbosity because we need to see the HTTP headers
+$PRE/petal -vv -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 &
+PETAL_PID=$!
+echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test
+cat .tpkg.var.test
+wait_petal_up petal.log
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/'< http_user_agent.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_unbound_up unbound.log
+

testdata/http_user_agent.tdir/http_user_agent.test

@@ -0,0 +1,103 @@
+# #-- http_user_agent.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+
+# Query and check check that we get the correct answer from the auth_zone
+query () {
+	echo "> dig www.example.com."
+	dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	if grep SERVFAIL outfile; then
+		echo "> try again"
+		dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	fi
+	if grep SERVFAIL outfile; then
+		echo "> try again"
+		sleep 1
+		dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	fi
+	if grep SERVFAIL outfile; then
+		echo "> try again"
+		sleep 1
+		dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	fi
+	if grep SERVFAIL outfile; then
+		echo "> try again"
+		sleep 1
+		dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	fi
+	if grep SERVFAIL outfile; then
+		echo "> try again"
+		sleep 10
+		dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	fi
+	if grep SERVFAIL outfile; then
+		echo "> try again"
+		sleep 10
+		dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
+	fi
+	echo "> check answer"
+	if grep "1.2.3.4" outfile; then
+		echo "OK"
+	else
+		echo "Not OK"
+		exit 1
+	fi
+}
+
+# Reload the configuration and retransfer the zone
+reload_and_retransfer () {
+	echo "> Reloading Unbound"
+	echo "$PRE/unbound-control -c ub.conf reload"
+	$PRE/unbound-control -c ub.conf reload
+	if test $? -ne 0; then
+		echo "wrong exit value from unbound-control"
+		exit 1
+	fi
+	echo "> Refetching example.com"
+	echo "$PRE/unbound-control -c ub.conf auth_zone_transfer example.com"
+	$PRE/unbound-control -c ub.conf auth_zone_transfer example.com
+	if test $? -ne 0; then
+		echo "wrong exit value from unbound-control"
+		exit 1
+	fi
+}
+
+# do the test
+query
+# add custom http-user-agent
+echo "server: http-user-agent: customUA" >> ub.conf
+reload_and_retransfer
+query
+# hide http-user-agent
+echo "server: hide-http-user-agent: yes" >> ub.conf
+reload_and_retransfer
+query
+
+echo "> cat logfiles"
+cat petal.log 
+cat unbound.log
+
+# check petal.log for the correct number of occurences.
+# It should be 2 User-Agents, one being the custom.
+echo "> check User-Agent occurences"
+occurences=`grep "User-Agent:" petal.log | wc -l`
+echo $occurences
+if test $occurences -eq 2; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+echo "> check custom User-Agent"
+if grep "User-Agent: customUA" petal.log; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+exit 0

testdata/http_user_agent.tdir/petal.key

@@ -0,0 +1,21 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ
+RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1
+QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu
+O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU
+J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG
+Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh
+mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh
+qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU
+6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz
+lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc
+Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM
+XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ
+Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh
+C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C
+EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS
+3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY
+F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ
+kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3
+berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2
+-----END RSA PRIVATE KEY-----

testdata/http_user_agent.tdir/petal.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw
+ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT
+BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd
+OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03
+/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8
+67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL
+PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG
+9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD
+ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO
+mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV
+bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd
+q7miNnkO8vd0maw=
+-----END CERTIFICATE-----

testdata/http_user_agent.tdir/unbound_control.key

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
+1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
+F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
+ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
+vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
+IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
+cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
+lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
+15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
+LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
+Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
+YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
+whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
+lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
+tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
+U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
+Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
+Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
+ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
+1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
+b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
+ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
+TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
+tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
+aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
+A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
+LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
+R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
+7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
+7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
+jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
+BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
+kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
+qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
+VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
+MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
+C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
+-----END RSA PRIVATE KEY-----

testdata/http_user_agent.tdir/unbound_control.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
+WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
+A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
+OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
+1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
+NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
+A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
+Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
+TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
+nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
+4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
+hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
+9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
+ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
+pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
+72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
+muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
+uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
+-----END CERTIFICATE-----

testdata/http_user_agent.tdir/unbound_server.key

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
+0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
+GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
+uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
+WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
+FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
+q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
+A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
+7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
+XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
+iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
+2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
+MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
+WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
+O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
+IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
+qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
+dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
+bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
+YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
+7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
+gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
+5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
+ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
+oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
+s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
+zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
+ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
+oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
+BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
+mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
+kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
+7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
+RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
+jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
+O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
+MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
+-----END RSA PRIVATE KEY-----

testdata/http_user_agent.tdir/unbound_server.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
+WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
+igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
+a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
+4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
+aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
+TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
+uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
+XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
+dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
+84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
+JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
+fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
+XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
+qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
+sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
+yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
+CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
+-----END CERTIFICATE-----

util/config_file.c

@@ -238,8 +238,10 @@ config_create(void)
 	cfg->hide_identity = 0;
 	cfg->hide_version = 0;
 	cfg->hide_trustanchor = 0;
+	cfg->hide_http_user_agent = 0;
 	cfg->identity = NULL;
 	cfg->version = NULL;
+	cfg->http_user_agent = NULL;
 	cfg->nsid_cfg_str = NULL;
 	cfg->nsid = NULL;
 	cfg->nsid_len = 0;
@@ -595,8 +597,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_YNO("hide-identity:", hide_identity)
 	else S_YNO("hide-version:", hide_version)
 	else S_YNO("hide-trustanchor:", hide_trustanchor)
+	else S_YNO("hide-http-user-agent:", hide_http_user_agent)
 	else S_STR("identity:", identity)
 	else S_STR("version:", version)
+	else S_STR("http-user-agent:", http_user_agent)
 	else if(strcmp(opt, "nsid:") == 0) {
 		free(cfg->nsid_cfg_str);
 		if (!(cfg->nsid_cfg_str = strdup(val)))
@@ -1055,8 +1059,10 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_YNO(opt, "hide-identity", hide_identity)
 	else O_YNO(opt, "hide-version", hide_version)
 	else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
+	else O_YNO(opt, "hide-http-user-agent", hide_http_user_agent)
 	else O_STR(opt, "identity", identity)
 	else O_STR(opt, "version", version)
+	else O_STR(opt, "http-user-agent", http_user_agent)
 	else O_STR(opt, "nsid", nsid_cfg_str)
 	else O_STR(opt, "target-fetch-policy", target_fetch_policy)
 	else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize)
@@ -1532,6 +1538,7 @@ config_delete(struct config_file* cfg)
 #endif
 	free(cfg->identity);
 	free(cfg->version);
+	free(cfg->http_user_agent);
 	free(cfg->nsid_cfg_str);
 	free(cfg->nsid);
 	free(cfg->module_conf);

util/config_file.h

@@ -340,10 +340,14 @@ struct config_file {
 	int hide_version;
 	/** do not report trustanchor (trustanchor.unbound) */
 	int hide_trustanchor;
+	/** do not report the User-Agent HTTP header */
+	int hide_http_user_agent;
 	/** identity, hostname is returned if "". */
 	char* identity;
 	/** version, package version returned if "". */
 	char* version;
+	/** User-Agent for HTTP header */
+	char* http_user_agent;
 	/** nsid */
 	char *nsid_cfg_str;
 	uint8_t *nsid;

util/configlexer.lex

@@ -371,8 +371,10 @@ max-ecs-tree-size-ipv6{COLON}	{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) }
 hide-identity{COLON}		{ YDVAR(1, VAR_HIDE_IDENTITY) }
 hide-version{COLON}		{ YDVAR(1, VAR_HIDE_VERSION) }
 hide-trustanchor{COLON}		{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
+hide-http-user-agent{COLON}		{ YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) }
 identity{COLON}			{ YDVAR(1, VAR_IDENTITY) }
 version{COLON}			{ YDVAR(1, VAR_VERSION) }
+http-user-agent{COLON}			{ YDVAR(1, VAR_HTTP_USER_AGENT) }
 module-config{COLON}     	{ YDVAR(1, VAR_MODULE_CONF) }
 dlv-anchor{COLON}		{ YDVAR(1, VAR_DLV_ANCHOR) }
 dlv-anchor-file{COLON}		{ YDVAR(1, VAR_DLV_ANCHOR_FILE) }

util/configparser.h

@@ -289,84 +289,86 @@ extern int yydebug;
     VAR_FAKE_SHA1 = 490,           /* VAR_FAKE_SHA1  */
     VAR_LOG_IDENTITY = 491,        /* VAR_LOG_IDENTITY  */
     VAR_HIDE_TRUSTANCHOR = 492,    /* VAR_HIDE_TRUSTANCHOR  */
-    VAR_TRUST_ANCHOR_SIGNALING = 493, /* VAR_TRUST_ANCHOR_SIGNALING  */
-    VAR_AGGRESSIVE_NSEC = 494,     /* VAR_AGGRESSIVE_NSEC  */
-    VAR_USE_SYSTEMD = 495,         /* VAR_USE_SYSTEMD  */
-    VAR_SHM_ENABLE = 496,          /* VAR_SHM_ENABLE  */
-    VAR_SHM_KEY = 497,             /* VAR_SHM_KEY  */
-    VAR_ROOT_KEY_SENTINEL = 498,   /* VAR_ROOT_KEY_SENTINEL  */
-    VAR_DNSCRYPT = 499,            /* VAR_DNSCRYPT  */
-    VAR_DNSCRYPT_ENABLE = 500,     /* VAR_DNSCRYPT_ENABLE  */
-    VAR_DNSCRYPT_PORT = 501,       /* VAR_DNSCRYPT_PORT  */
-    VAR_DNSCRYPT_PROVIDER = 502,   /* VAR_DNSCRYPT_PROVIDER  */
-    VAR_DNSCRYPT_SECRET_KEY = 503, /* VAR_DNSCRYPT_SECRET_KEY  */
-    VAR_DNSCRYPT_PROVIDER_CERT = 504, /* VAR_DNSCRYPT_PROVIDER_CERT  */
-    VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 505, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED  */
-    VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 506, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE  */
-    VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 507, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS  */
-    VAR_DNSCRYPT_NONCE_CACHE_SIZE = 508, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE  */
-    VAR_DNSCRYPT_NONCE_CACHE_SLABS = 509, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS  */
-    VAR_PAD_RESPONSES = 510,       /* VAR_PAD_RESPONSES  */
-    VAR_PAD_RESPONSES_BLOCK_SIZE = 511, /* VAR_PAD_RESPONSES_BLOCK_SIZE  */
-    VAR_PAD_QUERIES = 512,         /* VAR_PAD_QUERIES  */
-    VAR_PAD_QUERIES_BLOCK_SIZE = 513, /* VAR_PAD_QUERIES_BLOCK_SIZE  */
-    VAR_IPSECMOD_ENABLED = 514,    /* VAR_IPSECMOD_ENABLED  */
-    VAR_IPSECMOD_HOOK = 515,       /* VAR_IPSECMOD_HOOK  */
-    VAR_IPSECMOD_IGNORE_BOGUS = 516, /* VAR_IPSECMOD_IGNORE_BOGUS  */
-    VAR_IPSECMOD_MAX_TTL = 517,    /* VAR_IPSECMOD_MAX_TTL  */
-    VAR_IPSECMOD_WHITELIST = 518,  /* VAR_IPSECMOD_WHITELIST  */
-    VAR_IPSECMOD_STRICT = 519,     /* VAR_IPSECMOD_STRICT  */
-    VAR_CACHEDB = 520,             /* VAR_CACHEDB  */
-    VAR_CACHEDB_BACKEND = 521,     /* VAR_CACHEDB_BACKEND  */
-    VAR_CACHEDB_SECRETSEED = 522,  /* VAR_CACHEDB_SECRETSEED  */
-    VAR_CACHEDB_REDISHOST = 523,   /* VAR_CACHEDB_REDISHOST  */
-    VAR_CACHEDB_REDISPORT = 524,   /* VAR_CACHEDB_REDISPORT  */
-    VAR_CACHEDB_REDISTIMEOUT = 525, /* VAR_CACHEDB_REDISTIMEOUT  */
-    VAR_CACHEDB_REDISEXPIRERECORDS = 526, /* VAR_CACHEDB_REDISEXPIRERECORDS  */
-    VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 527, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM  */
-    VAR_FOR_UPSTREAM = 528,        /* VAR_FOR_UPSTREAM  */
-    VAR_AUTH_ZONE = 529,           /* VAR_AUTH_ZONE  */
-    VAR_ZONEFILE = 530,            /* VAR_ZONEFILE  */
-    VAR_MASTER = 531,              /* VAR_MASTER  */
-    VAR_URL = 532,                 /* VAR_URL  */
-    VAR_FOR_DOWNSTREAM = 533,      /* VAR_FOR_DOWNSTREAM  */
-    VAR_FALLBACK_ENABLED = 534,    /* VAR_FALLBACK_ENABLED  */
-    VAR_TLS_ADDITIONAL_PORT = 535, /* VAR_TLS_ADDITIONAL_PORT  */
-    VAR_LOW_RTT = 536,             /* VAR_LOW_RTT  */
-    VAR_LOW_RTT_PERMIL = 537,      /* VAR_LOW_RTT_PERMIL  */
-    VAR_FAST_SERVER_PERMIL = 538,  /* VAR_FAST_SERVER_PERMIL  */
-    VAR_FAST_SERVER_NUM = 539,     /* VAR_FAST_SERVER_NUM  */
-    VAR_ALLOW_NOTIFY = 540,        /* VAR_ALLOW_NOTIFY  */
-    VAR_TLS_WIN_CERT = 541,        /* VAR_TLS_WIN_CERT  */
-    VAR_TCP_CONNECTION_LIMIT = 542, /* VAR_TCP_CONNECTION_LIMIT  */
-    VAR_FORWARD_NO_CACHE = 543,    /* VAR_FORWARD_NO_CACHE  */
-    VAR_STUB_NO_CACHE = 544,       /* VAR_STUB_NO_CACHE  */
-    VAR_LOG_SERVFAIL = 545,        /* VAR_LOG_SERVFAIL  */
-    VAR_DENY_ANY = 546,            /* VAR_DENY_ANY  */
-    VAR_UNKNOWN_SERVER_TIME_LIMIT = 547, /* VAR_UNKNOWN_SERVER_TIME_LIMIT  */
-    VAR_LOG_TAG_QUERYREPLY = 548,  /* VAR_LOG_TAG_QUERYREPLY  */
-    VAR_STREAM_WAIT_SIZE = 549,    /* VAR_STREAM_WAIT_SIZE  */
-    VAR_TLS_CIPHERS = 550,         /* VAR_TLS_CIPHERS  */
-    VAR_TLS_CIPHERSUITES = 551,    /* VAR_TLS_CIPHERSUITES  */
-    VAR_TLS_USE_SNI = 552,         /* VAR_TLS_USE_SNI  */
-    VAR_IPSET = 553,               /* VAR_IPSET  */
-    VAR_IPSET_NAME_V4 = 554,       /* VAR_IPSET_NAME_V4  */
-    VAR_IPSET_NAME_V6 = 555,       /* VAR_IPSET_NAME_V6  */
-    VAR_TLS_SESSION_TICKET_KEYS = 556, /* VAR_TLS_SESSION_TICKET_KEYS  */
-    VAR_RPZ = 557,                 /* VAR_RPZ  */
-    VAR_TAGS = 558,                /* VAR_TAGS  */
-    VAR_RPZ_ACTION_OVERRIDE = 559, /* VAR_RPZ_ACTION_OVERRIDE  */
-    VAR_RPZ_CNAME_OVERRIDE = 560,  /* VAR_RPZ_CNAME_OVERRIDE  */
-    VAR_RPZ_LOG = 561,             /* VAR_RPZ_LOG  */
-    VAR_RPZ_LOG_NAME = 562,        /* VAR_RPZ_LOG_NAME  */
-    VAR_DYNLIB = 563,              /* VAR_DYNLIB  */
-    VAR_DYNLIB_FILE = 564,         /* VAR_DYNLIB_FILE  */
-    VAR_EDNS_CLIENT_STRING = 565,  /* VAR_EDNS_CLIENT_STRING  */
-    VAR_EDNS_CLIENT_STRING_OPCODE = 566, /* VAR_EDNS_CLIENT_STRING_OPCODE  */
-    VAR_NSID = 567,                /* VAR_NSID  */
-    VAR_ZONEMD_PERMISSIVE_MODE = 568, /* VAR_ZONEMD_PERMISSIVE_MODE  */
-    VAR_ZONEMD_CHECK = 569,        /* VAR_ZONEMD_CHECK  */
-    VAR_ZONEMD_REJECT_ABSENCE = 570 /* VAR_ZONEMD_REJECT_ABSENCE  */
+    VAR_HIDE_HTTP_USER_AGENT = 493, /* VAR_HIDE_HTTP_USER_AGENT  */
+    VAR_HTTP_USER_AGENT = 494,     /* VAR_HTTP_USER_AGENT  */
+    VAR_TRUST_ANCHOR_SIGNALING = 495, /* VAR_TRUST_ANCHOR_SIGNALING  */
+    VAR_AGGRESSIVE_NSEC = 496,     /* VAR_AGGRESSIVE_NSEC  */
+    VAR_USE_SYSTEMD = 497,         /* VAR_USE_SYSTEMD  */
+    VAR_SHM_ENABLE = 498,          /* VAR_SHM_ENABLE  */
+    VAR_SHM_KEY = 499,             /* VAR_SHM_KEY  */
+    VAR_ROOT_KEY_SENTINEL = 500,   /* VAR_ROOT_KEY_SENTINEL  */
+    VAR_DNSCRYPT = 501,            /* VAR_DNSCRYPT  */
+    VAR_DNSCRYPT_ENABLE = 502,     /* VAR_DNSCRYPT_ENABLE  */
+    VAR_DNSCRYPT_PORT = 503,       /* VAR_DNSCRYPT_PORT  */
+    VAR_DNSCRYPT_PROVIDER = 504,   /* VAR_DNSCRYPT_PROVIDER  */
+    VAR_DNSCRYPT_SECRET_KEY = 505, /* VAR_DNSCRYPT_SECRET_KEY  */
+    VAR_DNSCRYPT_PROVIDER_CERT = 506, /* VAR_DNSCRYPT_PROVIDER_CERT  */
+    VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 507, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED  */
+    VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 508, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE  */
+    VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 509, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS  */
+    VAR_DNSCRYPT_NONCE_CACHE_SIZE = 510, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE  */
+    VAR_DNSCRYPT_NONCE_CACHE_SLABS = 511, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS  */
+    VAR_PAD_RESPONSES = 512,       /* VAR_PAD_RESPONSES  */
+    VAR_PAD_RESPONSES_BLOCK_SIZE = 513, /* VAR_PAD_RESPONSES_BLOCK_SIZE  */
+    VAR_PAD_QUERIES = 514,         /* VAR_PAD_QUERIES  */
+    VAR_PAD_QUERIES_BLOCK_SIZE = 515, /* VAR_PAD_QUERIES_BLOCK_SIZE  */
+    VAR_IPSECMOD_ENABLED = 516,    /* VAR_IPSECMOD_ENABLED  */
+    VAR_IPSECMOD_HOOK = 517,       /* VAR_IPSECMOD_HOOK  */
+    VAR_IPSECMOD_IGNORE_BOGUS = 518, /* VAR_IPSECMOD_IGNORE_BOGUS  */
+    VAR_IPSECMOD_MAX_TTL = 519,    /* VAR_IPSECMOD_MAX_TTL  */
+    VAR_IPSECMOD_WHITELIST = 520,  /* VAR_IPSECMOD_WHITELIST  */
+    VAR_IPSECMOD_STRICT = 521,     /* VAR_IPSECMOD_STRICT  */
+    VAR_CACHEDB = 522,             /* VAR_CACHEDB  */
+    VAR_CACHEDB_BACKEND = 523,     /* VAR_CACHEDB_BACKEND  */
+    VAR_CACHEDB_SECRETSEED = 524,  /* VAR_CACHEDB_SECRETSEED  */
+    VAR_CACHEDB_REDISHOST = 525,   /* VAR_CACHEDB_REDISHOST  */
+    VAR_CACHEDB_REDISPORT = 526,   /* VAR_CACHEDB_REDISPORT  */
+    VAR_CACHEDB_REDISTIMEOUT = 527, /* VAR_CACHEDB_REDISTIMEOUT  */
+    VAR_CACHEDB_REDISEXPIRERECORDS = 528, /* VAR_CACHEDB_REDISEXPIRERECORDS  */
+    VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 529, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM  */
+    VAR_FOR_UPSTREAM = 530,        /* VAR_FOR_UPSTREAM  */
+    VAR_AUTH_ZONE = 531,           /* VAR_AUTH_ZONE  */
+    VAR_ZONEFILE = 532,            /* VAR_ZONEFILE  */
+    VAR_MASTER = 533,              /* VAR_MASTER  */
+    VAR_URL = 534,                 /* VAR_URL  */
+    VAR_FOR_DOWNSTREAM = 535,      /* VAR_FOR_DOWNSTREAM  */
+    VAR_FALLBACK_ENABLED = 536,    /* VAR_FALLBACK_ENABLED  */
+    VAR_TLS_ADDITIONAL_PORT = 537, /* VAR_TLS_ADDITIONAL_PORT  */
+    VAR_LOW_RTT = 538,             /* VAR_LOW_RTT  */
+    VAR_LOW_RTT_PERMIL = 539,      /* VAR_LOW_RTT_PERMIL  */
+    VAR_FAST_SERVER_PERMIL = 540,  /* VAR_FAST_SERVER_PERMIL  */
+    VAR_FAST_SERVER_NUM = 541,     /* VAR_FAST_SERVER_NUM  */
+    VAR_ALLOW_NOTIFY = 542,        /* VAR_ALLOW_NOTIFY  */
+    VAR_TLS_WIN_CERT = 543,        /* VAR_TLS_WIN_CERT  */
+    VAR_TCP_CONNECTION_LIMIT = 544, /* VAR_TCP_CONNECTION_LIMIT  */
+    VAR_FORWARD_NO_CACHE = 545,    /* VAR_FORWARD_NO_CACHE  */
+    VAR_STUB_NO_CACHE = 546,       /* VAR_STUB_NO_CACHE  */
+    VAR_LOG_SERVFAIL = 547,        /* VAR_LOG_SERVFAIL  */
+    VAR_DENY_ANY = 548,            /* VAR_DENY_ANY  */
+    VAR_UNKNOWN_SERVER_TIME_LIMIT = 549, /* VAR_UNKNOWN_SERVER_TIME_LIMIT  */
+    VAR_LOG_TAG_QUERYREPLY = 550,  /* VAR_LOG_TAG_QUERYREPLY  */
+    VAR_STREAM_WAIT_SIZE = 551,    /* VAR_STREAM_WAIT_SIZE  */
+    VAR_TLS_CIPHERS = 552,         /* VAR_TLS_CIPHERS  */
+    VAR_TLS_CIPHERSUITES = 553,    /* VAR_TLS_CIPHERSUITES  */
+    VAR_TLS_USE_SNI = 554,         /* VAR_TLS_USE_SNI  */
+    VAR_IPSET = 555,               /* VAR_IPSET  */
+    VAR_IPSET_NAME_V4 = 556,       /* VAR_IPSET_NAME_V4  */
+    VAR_IPSET_NAME_V6 = 557,       /* VAR_IPSET_NAME_V6  */
+    VAR_TLS_SESSION_TICKET_KEYS = 558, /* VAR_TLS_SESSION_TICKET_KEYS  */
+    VAR_RPZ = 559,                 /* VAR_RPZ  */
+    VAR_TAGS = 560,                /* VAR_TAGS  */
+    VAR_RPZ_ACTION_OVERRIDE = 561, /* VAR_RPZ_ACTION_OVERRIDE  */
+    VAR_RPZ_CNAME_OVERRIDE = 562,  /* VAR_RPZ_CNAME_OVERRIDE  */
+    VAR_RPZ_LOG = 563,             /* VAR_RPZ_LOG  */
+    VAR_RPZ_LOG_NAME = 564,        /* VAR_RPZ_LOG_NAME  */
+    VAR_DYNLIB = 565,              /* VAR_DYNLIB  */
+    VAR_DYNLIB_FILE = 566,         /* VAR_DYNLIB_FILE  */
+    VAR_EDNS_CLIENT_STRING = 567,  /* VAR_EDNS_CLIENT_STRING  */
+    VAR_EDNS_CLIENT_STRING_OPCODE = 568, /* VAR_EDNS_CLIENT_STRING_OPCODE  */
+    VAR_NSID = 569,                /* VAR_NSID  */
+    VAR_ZONEMD_PERMISSIVE_MODE = 570, /* VAR_ZONEMD_PERMISSIVE_MODE  */
+    VAR_ZONEMD_CHECK = 571,        /* VAR_ZONEMD_CHECK  */
+    VAR_ZONEMD_REJECT_ABSENCE = 572 /* VAR_ZONEMD_REJECT_ABSENCE  */
   };
   typedef enum yytokentype yytoken_kind_t;
 #endif
@@ -610,84 +612,86 @@ extern int yydebug;
 #define VAR_FAKE_SHA1 490
 #define VAR_LOG_IDENTITY 491
 #define VAR_HIDE_TRUSTANCHOR 492
-#define VAR_TRUST_ANCHOR_SIGNALING 493
-#define VAR_AGGRESSIVE_NSEC 494
-#define VAR_USE_SYSTEMD 495
-#define VAR_SHM_ENABLE 496
-#define VAR_SHM_KEY 497
-#define VAR_ROOT_KEY_SENTINEL 498
-#define VAR_DNSCRYPT 499
-#define VAR_DNSCRYPT_ENABLE 500
-#define VAR_DNSCRYPT_PORT 501
-#define VAR_DNSCRYPT_PROVIDER 502
-#define VAR_DNSCRYPT_SECRET_KEY 503
-#define VAR_DNSCRYPT_PROVIDER_CERT 504
-#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 505
-#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 506
-#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 507
-#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 508
-#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 509
-#define VAR_PAD_RESPONSES 510
-#define VAR_PAD_RESPONSES_BLOCK_SIZE 511
-#define VAR_PAD_QUERIES 512
-#define VAR_PAD_QUERIES_BLOCK_SIZE 513
-#define VAR_IPSECMOD_ENABLED 514
-#define VAR_IPSECMOD_HOOK 515
-#define VAR_IPSECMOD_IGNORE_BOGUS 516
-#define VAR_IPSECMOD_MAX_TTL 517
-#define VAR_IPSECMOD_WHITELIST 518
-#define VAR_IPSECMOD_STRICT 519
-#define VAR_CACHEDB 520
-#define VAR_CACHEDB_BACKEND 521
-#define VAR_CACHEDB_SECRETSEED 522
-#define VAR_CACHEDB_REDISHOST 523
-#define VAR_CACHEDB_REDISPORT 524
-#define VAR_CACHEDB_REDISTIMEOUT 525
-#define VAR_CACHEDB_REDISEXPIRERECORDS 526
-#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 527
-#define VAR_FOR_UPSTREAM 528
-#define VAR_AUTH_ZONE 529
-#define VAR_ZONEFILE 530
-#define VAR_MASTER 531
-#define VAR_URL 532
-#define VAR_FOR_DOWNSTREAM 533
-#define VAR_FALLBACK_ENABLED 534
-#define VAR_TLS_ADDITIONAL_PORT 535
-#define VAR_LOW_RTT 536
-#define VAR_LOW_RTT_PERMIL 537
-#define VAR_FAST_SERVER_PERMIL 538
-#define VAR_FAST_SERVER_NUM 539
-#define VAR_ALLOW_NOTIFY 540
-#define VAR_TLS_WIN_CERT 541
-#define VAR_TCP_CONNECTION_LIMIT 542
-#define VAR_FORWARD_NO_CACHE 543
-#define VAR_STUB_NO_CACHE 544
-#define VAR_LOG_SERVFAIL 545
-#define VAR_DENY_ANY 546
-#define VAR_UNKNOWN_SERVER_TIME_LIMIT 547
-#define VAR_LOG_TAG_QUERYREPLY 548
-#define VAR_STREAM_WAIT_SIZE 549
-#define VAR_TLS_CIPHERS 550
-#define VAR_TLS_CIPHERSUITES 551
-#define VAR_TLS_USE_SNI 552
-#define VAR_IPSET 553
-#define VAR_IPSET_NAME_V4 554
-#define VAR_IPSET_NAME_V6 555
-#define VAR_TLS_SESSION_TICKET_KEYS 556
-#define VAR_RPZ 557
-#define VAR_TAGS 558
-#define VAR_RPZ_ACTION_OVERRIDE 559
-#define VAR_RPZ_CNAME_OVERRIDE 560
-#define VAR_RPZ_LOG 561
-#define VAR_RPZ_LOG_NAME 562
-#define VAR_DYNLIB 563
-#define VAR_DYNLIB_FILE 564
-#define VAR_EDNS_CLIENT_STRING 565
-#define VAR_EDNS_CLIENT_STRING_OPCODE 566
-#define VAR_NSID 567
-#define VAR_ZONEMD_PERMISSIVE_MODE 568
-#define VAR_ZONEMD_CHECK 569
-#define VAR_ZONEMD_REJECT_ABSENCE 570
+#define VAR_HIDE_HTTP_USER_AGENT 493
+#define VAR_HTTP_USER_AGENT 494
+#define VAR_TRUST_ANCHOR_SIGNALING 495
+#define VAR_AGGRESSIVE_NSEC 496
+#define VAR_USE_SYSTEMD 497
+#define VAR_SHM_ENABLE 498
+#define VAR_SHM_KEY 499
+#define VAR_ROOT_KEY_SENTINEL 500
+#define VAR_DNSCRYPT 501
+#define VAR_DNSCRYPT_ENABLE 502
+#define VAR_DNSCRYPT_PORT 503
+#define VAR_DNSCRYPT_PROVIDER 504
+#define VAR_DNSCRYPT_SECRET_KEY 505
+#define VAR_DNSCRYPT_PROVIDER_CERT 506
+#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 507
+#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 508
+#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 509
+#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 510
+#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 511
+#define VAR_PAD_RESPONSES 512
+#define VAR_PAD_RESPONSES_BLOCK_SIZE 513
+#define VAR_PAD_QUERIES 514
+#define VAR_PAD_QUERIES_BLOCK_SIZE 515
+#define VAR_IPSECMOD_ENABLED 516
+#define VAR_IPSECMOD_HOOK 517
+#define VAR_IPSECMOD_IGNORE_BOGUS 518
+#define VAR_IPSECMOD_MAX_TTL 519
+#define VAR_IPSECMOD_WHITELIST 520
+#define VAR_IPSECMOD_STRICT 521
+#define VAR_CACHEDB 522
+#define VAR_CACHEDB_BACKEND 523
+#define VAR_CACHEDB_SECRETSEED 524
+#define VAR_CACHEDB_REDISHOST 525
+#define VAR_CACHEDB_REDISPORT 526
+#define VAR_CACHEDB_REDISTIMEOUT 527
+#define VAR_CACHEDB_REDISEXPIRERECORDS 528
+#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 529
+#define VAR_FOR_UPSTREAM 530
+#define VAR_AUTH_ZONE 531
+#define VAR_ZONEFILE 532
+#define VAR_MASTER 533
+#define VAR_URL 534
+#define VAR_FOR_DOWNSTREAM 535
+#define VAR_FALLBACK_ENABLED 536
+#define VAR_TLS_ADDITIONAL_PORT 537
+#define VAR_LOW_RTT 538
+#define VAR_LOW_RTT_PERMIL 539
+#define VAR_FAST_SERVER_PERMIL 540
+#define VAR_FAST_SERVER_NUM 541
+#define VAR_ALLOW_NOTIFY 542
+#define VAR_TLS_WIN_CERT 543
+#define VAR_TCP_CONNECTION_LIMIT 544
+#define VAR_FORWARD_NO_CACHE 545
+#define VAR_STUB_NO_CACHE 546
+#define VAR_LOG_SERVFAIL 547
+#define VAR_DENY_ANY 548
+#define VAR_UNKNOWN_SERVER_TIME_LIMIT 549
+#define VAR_LOG_TAG_QUERYREPLY 550
+#define VAR_STREAM_WAIT_SIZE 551
+#define VAR_TLS_CIPHERS 552
+#define VAR_TLS_CIPHERSUITES 553
+#define VAR_TLS_USE_SNI 554
+#define VAR_IPSET 555
+#define VAR_IPSET_NAME_V4 556
+#define VAR_IPSET_NAME_V6 557
+#define VAR_TLS_SESSION_TICKET_KEYS 558
+#define VAR_RPZ 559
+#define VAR_TAGS 560
+#define VAR_RPZ_ACTION_OVERRIDE 561
+#define VAR_RPZ_CNAME_OVERRIDE 562
+#define VAR_RPZ_LOG 563
+#define VAR_RPZ_LOG_NAME 564
+#define VAR_DYNLIB 565
+#define VAR_DYNLIB_FILE 566
+#define VAR_EDNS_CLIENT_STRING 567
+#define VAR_EDNS_CLIENT_STRING_OPCODE 568
+#define VAR_NSID 569
+#define VAR_ZONEMD_PERMISSIVE_MODE 570
+#define VAR_ZONEMD_CHECK 571
+#define VAR_ZONEMD_REJECT_ABSENCE 572
 
 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@@ -697,7 +701,7 @@ union YYSTYPE
 
 	char*	str;
 
-#line 701 "util/configparser.h"
+#line 705 "util/configparser.h"
 
 };
 typedef union YYSTYPE YYSTYPE;

util/configparser.y

@@ -154,6 +154,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
 %token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
 %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
+%token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
 %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
 %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
 %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
@@ -225,6 +226,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_harden_short_bufsize | server_harden_large_queries |
 	server_do_not_query_address | server_hide_identity |
 	server_hide_version | server_identity | server_version |
+	server_hide_http_user_agent | server_http_user_agent |
 	server_harden_glue | server_module_conf | server_trust_anchor_file |
 	server_trust_anchor | server_val_override_date | server_bogus_ttl |
 	server_val_clean_additional | server_val_permissive_mode |
@@ -1337,6 +1339,15 @@ server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
 		free($2);
 	}
 	;
+server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
+	{
+		OUTYY(("P(server_hide_user_agent:%s)\n", $2));
+		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+			yyerror("expected yes or no.");
+		else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
+		free($2);
+	}
+	;
 server_identity: VAR_IDENTITY STRING_ARG
 	{
 		OUTYY(("P(server_identity:%s)\n", $2));
@@ -1351,6 +1362,13 @@ server_version: VAR_VERSION STRING_ARG
 		cfg_parser->cfg->version = $2;
 	}
 	;
+server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
+	{
+		OUTYY(("P(server_http_user_agent:%s)\n", $2));
+		free(cfg_parser->cfg->http_user_agent);
+		cfg_parser->cfg->http_user_agent = $2;
+	}
+	;
 server_nsid: VAR_NSID STRING_ARG
 	{
 		OUTYY(("P(server_nsid:%s)\n", $2));