Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Set multiple headers conditionally with rewrite rules [apache httpd.conf]

Tags:

php

webserver

apache

.htaccess

mod-rewrite

I've been trying to set headers conditionally with few RewriteCond. Doesn't quite seem to work.

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteLog "/tmp/rewrite.log"
  RewriteLogLevel 9

  RewriteCond %{HTTP_REFERER} "/id\:no\:"
  RewriteCond %{REQUEST_URI} "/live-stream/"

  RewriteRule ^.*$ - [ENV=stream:true]
  Header unset X-Frame-Options env=stream
  Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream
</IfModule>

Both the conditions match, but the rewrite rule does not seem to show the results, when curled. It is taking the common settings set for other uri's.

Update1: I have got the unset string header to work.

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteLog "/tmp/rewrite.log"
  RewriteLogLevel 9

  RewriteCond %{HTTP_REFERER} "/id\:no\:"
  RewriteCond %{REQUEST_URI} "/live-stream/"
  RewriteRule ^ - [ENV=stream1:true]

  RewriteCond %{HTTP_REFERER} "/id\:no\:"
  RewriteCond %{REQUEST_URI} "/live-stream/"
  RewriteRule ^ - [ENV=stream2:true]

  Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream2
</IfModule>

I have managed to unset the header by using the Env variable at rewrite rule and negated at the level where it was setting it.

The only thing that doesn't work now is the Content-Security-Policy changes.

This is the output I get: $ curl -H 'Referer: https://www.example.net/buy/id:no:1234567' 'www.example.net/applications/buy/live-stream/list/en-us/ind‌​ex.html' -sS -o /dev/null -D -

HTTP/1.1 200 OK
Date: Tue, 19 Dec 2017 00:31:14 GMT
Content-Security-Policy: frame-ancestors 'self' *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream2
like image 514
Kamal Chanda Avatar asked Mar 01 '26 06:03

Kamal Chanda

1 Answers

Try this code as this works for me:

RewriteCond %{HTTP_REFERER} "/id:no:" [NC]
RewriteCond %{REQUEST_URI} "/live-stream/" [NC]
RewriteRule ^ - [E=stream1:1,E=stream2:1]

Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;" env=stream2

Make sure you don't get any 404 while running your curl command.

Try with this curl command:

curl -IkL -H 'Referer: http://localhost/buy/id:no:1234567' 'localhost/applications/buy/live-stream/list/en-us/index.html'
like image 135
anubhava Avatar answered Mar 02 '26 19:03

anubhava
Sign in to Comment

Related questions

How to disable/readonly some checkboxes from a MultiCheckbox?
First time building paypal ecommerce website - how to do it right?
Postgresql and PHP: is the currval a efficent way to retrieve the last row inserted id, in a multiuser application?
Cannot iterate over iterator with array_walk since php 7.4
Woocommerce aJax apply coupon code in checkout page
How to generate a url with Laravel's url generator helper with parameters that are not at the end?
Page refreshes after ajax request
How do I pre-allocate memory for an array in PHP?
How to produce a short unique id in php?
Is it possible to have multiple "values" posted from a HTML form (checkboxes)?
Get value from textbox
Delete last character of string (if exists)
WooCommerce - Calculate cart total after Ajax update
WordPress wrap div inside echo shortcode php
ffmpeg/PHP - Problems converting any video format to ogg - Choppy Video / No Audio - win64
What is the FQDN for localhost PHP? [closed]
Add custom tab to all pages in MediaWiki
Having mysql connection timeout issue in joomla virtuemart?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!