Questions[requestheader](server)

For HTTP/0.9:

GET /

For HTTP/1.0:

GET / HTTP/1.0

For HTTP/1.1:

GET / HTTP/1.1
Host: example.com

What is the request line for HTTP/2? Is it something like:

GET / HTTP/2.0

Or HTTP/2?

I'm using Basic file type authorization in my Apache httpd configuration.

And my http request contains X-Authorization request header instead of Authorization.

I'm getting unauthorized error. How can I get my request authorized? What changes I should make in apache configurations?

I'm using apache 2.4.

Thanks in advance!

I need to add to prevent attack:

# a2enmod headers
 RequestHeader unset Range
 RequestHeader unset Request-Range

Where I can add it? This is my htttp.conf, maybe another file?

<VirtualHost *>
ServerName www.example.com
DocumentRoot /path/
<Location "/">
  SetHandler python-program
  PythonHandler django.core.handlers.modpython
  SetEnv DJANGO_SETTINGS_MODULE projectname.settings
  PythonDebug Off
  PythonAutoReload Off
  PythonPath "['/usr/local/lib/python2.7/dist-packages/django','/usr/local/lib/python2.7/sidt-packages/django/bin/projectname'] + sys.path"
</Location>

<Location "/media/">
  SetHandler None
</Location>

<Location "/static/">
  SetHandler None
</Location>
</VirtualHost>

Sorry, maybe I'm asking question without preparations, but I need to prevent attacks.

I'm trying to add a header value to every request via Apache (ver 2.2). I've edited my VirtualHost to include the following vaiations: (I've tried both RequestHeader and Header, add and set in all of these cases)

RequestHeader set X-test_url "Test"

or

<Directory />
  RequestHeader set X-test_url "Test"
</Directory>

or

<Location ~ "/*" >
  RequestHeader set X-test_url "Test"
</Location>

It's hard to explain how I've gotten to this point, but I have to get this done in Apache. Again I'm trying to add the header value to every request. Thanks.

I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request.

The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header "Authorization" is empty.

Any idea ? Thanks.

<VirtualHost *:8010>
  RewriteLog "/var/apache2/logs/rewrite.log"
  RewriteLogLevel 9
  RewriteEngine On
  RewriteRule ^/(.*)&authorization=@(.*)@(.*) http://<ip>:<port>/$1&authorization=@$2@$3 [L,P]
  RewriteRule ^/(.*)&authorization=@(.*)@(.*) - [E=AUTHORIZATION:$2,NE]
  RequestHeader add "Authorization" "%{AUTHORIZATION}e"
</VirtualHost>

I need to handle several cases because sometimes parameters are in the path and sometines they are in the query. Depending on the user. This last case fails. The header value for AUTHORIZATION looks empty.

# if the query string includes the authorization parameter
RewriteCond %{QUERY_STRING} ^(.*)authorization=@(.*)@(.*)$
# keep the value of the parameter in the AUTHORIZATION variable and redirect
RewriteRule ^/(.*) http://<ip>:<port>/ [E=AUTHORIZATION:%2,NE,L,P]
# add the value of AUTHORIZATION  in the header
RequestHeader add "Authorization" "%{AUTHORIZATION}e"