Home / server / Questions / 775515
Accepted
Lars Schneider
Asked: 2016-05-09 10:37:53 +0800 CST

<RequireAll> / Require expr equivalent in Apache 2.2.22 to check for headers?

  • 772

I use the following Apache config to to check for certain headers in my requests:

<LocationMatch /test-headers/>
    <RequireAll>
        Require expr %{HTTP:header1} == 'abc'
        Require expr %{HTTP:header2} == 'def'
    </RequireAll>
</LocationMatch>

This works fine with Apache 2.3 and later as "RequireAll" is supported in the authz_core_module [1].

Is there a way to achieve the same with Apache 2.2.22?

[1] https://httpd.apache.org/docs/trunk/mod/mod_authz_core.html

apache-2.2 http-headers

1 Answers

  1. Best Answer

    Apache 2.2 does not understand , so we use RewriteCond. And as RewriteCond does not allow testing for non-matches, we match the desired case first (header1 has abc, header2 has def), and let it pass by marking the RewriteRule as [L], "last rule, do not process any other matching RewriteRules after this"), and then have another RewriteRule that matches all other cases and lets them fail via '[F]', "fail the request".

    RewriteCond %{HTTP:header1} =abc
RewriteCond %{HTTP:haeder2} =def
RewriteRule ^/test-headers/.* - [L]
RewriteRule ^/test-headers/.* - [F]

    Solution found by Johannes Schindelin: https://github.com/git/git/commit/f1f2b45be0a2b205fc07758e0f4e9c13e90d34d9

    • 0