set apache header conditionally

How to Set Apache Header Conditionally

Apache allows you to dynamically set request header environment variable for your website, as well as modify response headers conditionally. Here’s how to set Apache header conditionally using SetEnvIf directive, and IF Else condition.

 

How to Set Apache Header Conditionally

Here are the steps to set Apache header conditionally for your website. There are 3 ways to dynamically set request header environment variable in Apache. We will look at each of them.

 

Using SetEnvIf (Apache <=2.2)

Here’s the syntax of SetEnvIf

SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]]

SetEnvIf basically matches each request’s attribute value with specified regex and sets matching requests’s request header environment variable. In the above statement, an attribute can be:

  • HTTP Request header such as Host, User-agent,etc
  • Server variables such as Remote_Host, Remote_Addr, etc
  • An environment variable defined upstream

Bonus Read : How to Find Apache Version in Linux

 

Let’s say you want to dynamically allow cross-origin access from a specific IP such as 245.103.193.53, then add the following lines to <Location> or <Directory> context, or .htaccess file.

SetEnvIf Remote_Addr 245.103.193.53 cors
Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cors

In the above statements, SetEnvIf checks the Remote_addr request attribute and if it matches the specified IP then sets request header environment variable as cors. Then the header directive sets the header of those requests whose environment variable is cors.

Bonus Read : How to Enable mod_headers in Apache in Ubuntu

 

Similarly, if you want to set conditional Apache header based on requested URL (e.g /product/ ) you can use the REQUEST_URI attribute

SetEnvIf Request_URI "/product/" cors
Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cor

 

Using IF Else (Apache >=2.2)

You can also set Apache header conditionally using IF..Else directive and Apache expressions. Here’s the above example using Apache expressions

<If "%{REMOTE_ADDR} == '245.103.193.53'"> 
 Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cors 
</If>

Bonus Read : How to Upgrade Apache Version in CentOS, Redhat Linux

 

Similarly, if you want to set header based on requested url (e.g /product/) you can use QUERY_STRING variable.

<If "%{QUERY_STRING} =~ /product/"> 
Header Set Access-Control-Allow-Origin "https://www.yoursite.com" env=cors 
</If>

Just like, SetEnvIf, you can place this If-else condition in your server’s location or directory directives, or .htaccess file.

 

Using Rewrite Rule

You can also use RewriteRule to match requests and set header dynamically.

RewriteRule ^/product/$ - [ENV=cors:true]
Header set "Access-Control-Allow-Origin" "*" env=cors

In the above code, RewriteRule will match all URLs starting with /product/ and set their environment variable to cors. Then Apache will set Access-Control-Allow-Origin header of all requests whose request header environment variable is set to cors.

You can place the above lines in your server’s location or directory directives, or .htaccess file. However, you will need to enable Apache mod_rewrite module to use rewrite rule.

 

 

That’s it! Now you can dynamically set Apache headers conditionally for your websites & applications.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it Today!