Last updated on September 21st, 2021 at 10:59 am
Apache allows you to dynamically set request header environment variable for your website, as well as modify response headers conditionally. Here’s how to set Apache header conditionally using SetEnvIf directive, and IF Else condition.
How to Set Apache Header Conditionally
Here are the steps to set Apache header conditionally for your website. There are 3 ways to dynamically set request header environment variable in Apache. We will look at each of them.
Using SetEnvIf (Apache <=2.2)
Here’s the syntax of SetEnvIf
SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]]
SetEnvIf basically matches each request’s attribute value with specified regex and sets matching requests’s request header environment variable. In the above statement, an attribute can be:
- HTTP Request header such as Host, User-agent,etc
- Server variables such as Remote_Host, Remote_Addr, etc
- An environment variable defined upstream
Bonus Read : How to Find Apache Version in Linux
Let’s say you want to dynamically allow cross-origin access from a specific IP such as 245.103.193.53, then add the following lines to <Location> or <Directory> context, or .htaccess file.
SetEnvIf Remote_Addr 245.103.193.53 cors Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cors
In the above statements, SetEnvIf checks the Remote_addr request attribute and if it matches the specified IP then sets request header environment variable as cors. Then the header directive sets the header of those requests whose environment variable is cors.
Bonus Read : How to Enable mod_headers in Apache in Ubuntu
Similarly, if you want to set conditional Apache header based on requested URL (e.g /product/ ) you can use the REQUEST_URI attribute
SetEnvIf Request_URI "/product/" cors Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cor
Using IF Else (Apache >=2.2)
You can also set Apache header conditionally using IF..Else directive and Apache expressions. Here’s the above example using Apache expressions
<If "%{REMOTE_ADDR} == '245.103.193.53'">
Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cors
</If>
Bonus Read : How to Upgrade Apache Version in CentOS, Redhat Linux
Similarly, if you want to set header based on requested url (e.g /product/) you can use QUERY_STRING variable.
<If "%{QUERY_STRING} =~ /product/">
Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cors
</If>
Just like, SetEnvIf, you can place this If-else condition in your server’s location or directory directives, or .htaccess file.
Using Rewrite Rule
You can also use RewriteRule to match requests and set header dynamically.
RewriteRule ^/product/$ - [ENV=cors:true]
Header set "Access-Control-Allow-Origin" "*" env=cors
In the above code, RewriteRule will match all URLs starting with /product/ and set their environment variable to cors. Then Apache will set Access-Control-Allow-Origin header of all requests whose request header environment variable is set to cors.
You can place the above lines in your server’s location or directory directives, or .htaccess file. However, you will need to enable Apache mod_rewrite module to use rewrite rule.
That’s it! Now you can dynamically set Apache headers conditionally for your websites & applications.
Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it Today!
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.