diff options
Diffstat (limited to '')
| -rw-r--r-- | docs/manual/mod/mod_headers.html.en | 623 |
1 files changed, 623 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_headers.html.en b/docs/manual/mod/mod_headers.html.en new file mode 100644 index 0000000..5261e8e --- /dev/null +++ b/docs/manual/mod/mod_headers.html.en @@ -0,0 +1,623 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>mod_headers - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body> +<div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Modules</a></div> +<div id="page-content"> +<div id="preamble"><h1>Apache Module mod_headers</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/mod/mod_headers.html" title="English"> en </a> | +<a href="../fr/mod/mod_headers.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ja/mod/mod_headers.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="../ko/mod/mod_headers.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> +</div> +<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Customization of HTTP request and response +headers</td></tr> +<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>headers_module</td></tr> +<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_headers.c</td></tr></table> +<h3>Summary</h3> + + <p>This module provides directives to control and modify HTTP + request and response headers. Headers can be merged, replaced + or removed.</p> +</div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3> +<ul id="topics"> +<li><img alt="" src="../images/down.gif" /> <a href="#order">Order of Processing</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#early">Early and Late Processing</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li> +</ul><h3 class="directives">Directives</h3> +<ul id="toc"> +<li><img alt="" src="../images/down.gif" /> <a href="#header">Header</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#requestheader">RequestHeader</a></li> +</ul> +<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_headers">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_headers">Report a bug</a></li></ul><h3>See also</h3> +<ul class="seealso"> +<li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="order" id="order">Order of Processing</a></h2> + + <p>The directives provided by <code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> can + occur almost anywhere within the server configuration, and can be + limited in scope by enclosing them in <a href="../sections.html">configuration sections</a>.</p> + + <p>Order of processing is important and is affected both by the + order in the configuration file and by placement in <a href="../sections.html#mergin">configuration sections</a>. These + two directives have a different effect if reversed:</p> + + <pre class="prettyprint lang-config">RequestHeader append MirrorID "mirror 12" +RequestHeader unset MirrorID</pre> + + + <p>This way round, the <code>MirrorID</code> header is not set. If + reversed, the MirrorID header is set to "mirror 12".</p> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="early" id="early">Early and Late Processing</a></h2> + <p><code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> can be applied either early or late + in the request. The normal mode is late, when <em>Request</em> Headers are + set immediately before running the content generator and <em>Response</em> + Headers just as the response is sent down the wire. Always use + Late mode in an operational server.</p> + + <p>Early mode is designed as a test/debugging aid for developers. + Directives defined using the <code>early</code> keyword are set + right at the beginning of processing the request. This means + they can be used to simulate different requests and set up test + cases, but it also means that headers may be changed at any time + by other modules before generating a Response.</p> + + <p>Because early directives are processed before the request path's + configuration is traversed, early headers can only be set in a + main server or virtual host context. Early directives cannot depend + on a request path, so they will fail in contexts such as + <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> or + <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="examples" id="examples">Examples</a></h2> + + <ol> + <li> + Copy all request headers that begin with "TS" to the + response headers: + + <pre class="prettyprint lang-config">Header echo ^TS</pre> + + </li> + + <li> + Add a header, <code>MyHeader</code>, to the response including a + timestamp for when the request was received and how long it + took to begin serving the request. This header can be used by + the client to intuit load on the server or in isolating + bottlenecks between the client and the server. + + <pre class="prettyprint lang-config">Header set MyHeader "%D %t"</pre> + + + <p>results in this header being added to the response:</p> + + <div class="example"><p><code> + MyHeader: D=3775428 t=991424704447256 + </code></p></div> + </li> + + <li> + Say hello to Joe + + <pre class="prettyprint lang-config">Header set MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."</pre> + + + <p>results in this header being added to the response:</p> + + <div class="example"><p><code> + MyHeader: Hello Joe. It took D=3775428 microseconds for Apache + to serve this request. + </code></p></div> + </li> + + <li> + Conditionally send <code>MyHeader</code> on the response if and + only if header <code>MyRequestHeader</code> is present on the request. + This is useful for constructing headers in response to some client + stimulus. Note that this example requires the services of the + <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> module. + + <pre class="prettyprint lang-config">SetEnvIf MyRequestHeader myvalue HAVE_MyRequestHeader +Header set MyHeader "%D %t mytext" env=HAVE_MyRequestHeader</pre> + + + <p>If the header <code>MyRequestHeader: myvalue</code> is present on + the HTTP request, the response will contain the following header:</p> + + <div class="example"><p><code> + MyHeader: D=3775428 t=991424704447256 mytext + </code></p></div> + </li> + + <li> + Enable DAV to work with Apache running HTTP through SSL hardware + (<a href="http://svn.haxx.se/users/archive-2006-03/0549.shtml">problem + description</a>) by replacing <var>https:</var> with + <var>http:</var> in the <var>Destination</var> header: + + <pre class="prettyprint lang-config">RequestHeader edit Destination ^https: http: early</pre> + + </li> + + <li> + Set the same header value under multiple nonexclusive conditions, + but do not duplicate the value in the final header. + If all of the following conditions applied to a request (i.e., + if the <code>CGI</code>, <code>NO_CACHE</code> and + <code>NO_STORE</code> environment variables all existed for the + request): + + <pre class="prettyprint lang-config">Header merge Cache-Control no-cache env=CGI +Header merge Cache-Control no-cache env=NO_CACHE +Header merge Cache-Control no-store env=NO_STORE</pre> + + + <p>then the response would contain the following header:</p> + + <div class="example"><p><code> + Cache-Control: no-cache, no-store + </code></p></div> + + <p>If <code>append</code> was used instead of <code>merge</code>, + then the response would contain the following header:</p> + + <div class="example"><p><code> + Cache-Control: no-cache, no-cache, no-store + </code></p></div> + </li> + <li> + Set a test cookie if and only if the client didn't send us a cookie + <pre class="prettyprint lang-config">Header set Set-Cookie testcookie "expr=-z %{req:Cookie}"</pre> + + </li> + <li> + Append a Caching header for responses with a HTTP status code of 200 + <pre class="prettyprint lang-config">Header append Cache-Control s-maxage=600 "expr=%{REQUEST_STATUS} == 200"</pre> + + </li> + + </ol> +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="Header" id="Header">Header</a> <a name="header" id="header">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure HTTP response headers</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Header [<var>condition</var>] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +<var>header</var> [[expr=]<var>value</var> [<var>replacement</var>] +[early|env=[!]<var>varname</var>|expr=<var>expression</var>]] +</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_headers</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>SetIfEmpty available in 2.4.7 and later, expr=value +available in 2.4.10 and later</td></tr> +</table> + <p>This directive can replace, merge or remove HTTP response + headers. The header is modified just after the content handler + and output filters are run, allowing outgoing headers to be + modified.</p> + + <p> The optional <var>condition</var> argument determines which internal + table of responses headers this directive will operate against: + <code>onsuccess</code> (default, can be omitted) or <code>always</code>. + The difference between the two lists is that the headers contained in the + latter are added to the response even on error, and persisted across + internal redirects (for example, ErrorDocument handlers). + + Note also that repeating this directive with both conditions makes sense in + some scenarios because <code>always</code> is not a superset of + <code>onsuccess</code> with respect to existing headers:</p> + + <ul> + <li> You're adding a header to a locally generated non-success (non-2xx) response, such + as a redirect, in which case only the table corresponding to + <code>always</code> is used in the ultimate response.</li> + <li> You're modifying or removing a header generated by a CGI script + or by <code class="module"><a href="../mod/mod_proxy_fcgi.html">mod_proxy_fcgi</a></code>, + in which case the CGI scripts' headers are in the table corresponding to + <code>always</code> and not in the default table.</li> + <li> You're modifying or removing a header generated by some piece of + the server but that header is not being found by the default + <code>onsuccess</code> condition.</li> + </ul> + + <p>This difference between <code>onsuccess</code> and <code>always</code> is + a feature that resulted as a consequence of how httpd internally stores + headers for a HTTP response, since it does not offer any "normalized" single + list of headers. The main problem that can arise if the following concept + is not kept in mind while writing the configuration is that some HTTP responses + might end up with the same header duplicated (confusing users or sometimes even + HTTP clients). For example, suppose that you have a simple PHP proxy setup with + <code class="module"><a href="../mod/mod_proxy_fcgi.html">mod_proxy_fcgi</a></code> and your backend PHP scripts adds the + <code>X-Foo: bar</code> header to each HTTP response. As described above, + <code class="module"><a href="../mod/mod_proxy_fcgi.html">mod_proxy_fcgi</a></code> uses the <code>always</code> table to store + headers, so a configuration like the following ends up in the wrong result, namely + having the header duplicated with both values:</p> + + <pre class="prettyprint lang-config"># X-Foo's value is set in the 'onsuccess' headers table +Header set X-Foo: baz</pre> + + + <p>To circumvent this limitation, there are some known configuration + patterns that can help, like the following:</p> + + <pre class="prettyprint lang-config"># 'onsuccess' can be omitted since it is the default +Header onsuccess unset X-Foo +Header always set X-Foo "baz"</pre> + + + <p>Separately from the <var>condition</var> parameter described above, you + can limit an action based on HTTP status codes for e.g. proxied or CGI + requests. See the example that uses %{REQUEST_STATUS} in the section above.</p> + + <p>The action it performs is determined by the first + argument (second argument if a <var>condition</var> is specified). + This can be one of the following values:</p> + + <div class="warning"><h3>Warning</h3> + <p>Please read the difference between <code>always</code> + and <code>onsuccess</code> headers list described above + before start reading the actions list, since that important + concept still applies. Each action, in fact, works as described + but only on the target headers list.</p> + </div> + + <dl> + <dt><code>add</code></dt> + <dd>The response header is added to the existing set of headers, + even if this header already exists. This can result in two + (or more) headers having the same name. This can lead to + unforeseen consequences, and in general <code>set</code>, + <code>append</code> or <code>merge</code> should be used instead.</dd> + + <dt><code>append</code></dt> + <dd>The response header is appended to any existing header of + the same name. When a new value is merged onto an existing + header it is separated from the existing header with a comma. + This is the HTTP standard way of giving a header multiple values.</dd> + + <dt><code>echo</code></dt> + <dd>Request headers with this name are echoed back in the + response headers. <var>header</var> may be a + <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>. + <var>value</var> must be omitted.</dd> + + <dt><code>edit</code></dt> + <dt><code>edit*</code></dt> + <dd>If this response header exists, its value is transformed according + to a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a> + search-and-replace. The <var>value</var> argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>, and the <var>replacement</var> + is a replacement string, which may contain backreferences or format specifiers. + The <code>edit</code> form will match and replace exactly once + in a header value, whereas the <code>edit*</code> form will replace + <em>every</em> instance of the search pattern if it appears more + than once.</dd> + + <dt><code>merge</code></dt> + <dd>The response header is appended to any existing header of + the same name, unless the value to be appended already appears in the + header's comma-delimited list of values. When a new value is merged onto + an existing header it is separated from the existing header with a comma. + This is the HTTP standard way of giving a header multiple values. + Values are compared in a case sensitive manner, and after + all format specifiers have been processed. Values in double quotes + are considered different from otherwise identical unquoted values.</dd> + + <dt><code>set</code></dt> + <dd>The response header is set, replacing any previous header + with this name. The <var>value</var> may be a format string.</dd> + + <dt><code>setifempty</code></dt> + <dd>The request header is set, but only if there is no previous header + with this name. + <div class="note"> + The Content-Type header is a special use case since there might be + the chance that its value have been determined but the header is not part + of the response when <code>setifempty</code> is evaluated. + It is safer to use <code>set</code> for this use case like in the + following example: + <pre class="prettyprint lang-config">Header set Content-Type "text/plain" "expr=-z %{CONTENT_TYPE}"</pre> + + </div></dd> + + <dt><code>unset</code></dt> + <dd>The response header of this name is removed, if it exists. + If there are multiple headers of the same name, all will be + removed. <var>value</var> must be omitted.</dd> + + <dt><code>note</code></dt> + <dd>The value of the named response <var>header</var> is copied into an + internal note whose name is given by <var>value</var>. This is useful + if a header sent by a CGI or proxied resource is configured to be unset + but should also be logged.<br /> + Available in 2.4.7 and later.</dd> + + </dl> + + <p>This argument is followed by a <var>header</var> name, which + can include the final colon, but it is not required. Case is + ignored for <code>set</code>, <code>append</code>, <code>merge</code>, + <code>add</code>, <code>unset</code> and <code>edit</code>. + The <var>header</var> name for <code>echo</code> + is case sensitive and may be a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular + expression</a>.</p> + + <p>For <code>set</code>, <code>append</code>, <code>merge</code> and + <code>add</code> a <var>value</var> is specified as the next argument. + If <var>value</var> + contains spaces, it should be surrounded by double quotes. + <var>value</var> may be a character string, a string containing + <code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> specific format specifiers (and character + literals), or an <a href="../expr.html">ap_expr</a> expression prefixed + with <em>expr=</em></p> + + <p> The following format specifiers are supported in <var>value</var>:</p> + + <table class="bordered"><tr class="header"><th>Format</th><th>Description</th></tr> +<tr><td><code>%%</code></td> + <td>The percent sign</td></tr> +<tr class="odd"><td><code>%t</code></td> + <td>The time the request was received in Universal Coordinated Time + since the epoch (Jan. 1, 1970) measured in microseconds. The value + is preceded by <code>t=</code>.</td></tr> +<tr><td><code>%D</code></td> + <td>The time from when the request was received to the time the + headers are sent on the wire. This is a measure of the duration + of the request. The value is preceded by <code>D=</code>. + The value is measured in microseconds.</td></tr> +<tr class="odd"><td><code>%l</code></td> + <td>The current load averages of the actual server itself. It is + designed to expose the values obtained by <code>getloadavg()</code> + and this represents the current load average, the 5 minute average, and + the 15 minute average. The value is preceded by <code>l=</code> with each + average separated by <code>/</code>.<br /> + Available in 2.4.4 and later. + </td></tr> +<tr><td><code>%i</code></td> + <td>The current idle percentage of httpd (0 to 100) based on available + processes and threads. The value is preceded by <code>i=</code>.<br /> + Available in 2.4.4 and later. + </td></tr> +<tr class="odd"><td><code>%b</code></td> + <td>The current busy percentage of httpd (0 to 100) based on available + processes and threads. The value is preceded by <code>b=</code>.<br /> + Available in 2.4.4 and later. + </td></tr> +<tr><td><code>%{VARNAME}e</code></td> + <td>The contents of the <a href="../env.html">environment + variable</a> <code>VARNAME</code>.</td></tr> +<tr class="odd"><td><code>%{VARNAME}s</code></td> + <td>The contents of the <a href="mod_ssl.html#envvars">SSL environment + variable</a> <code>VARNAME</code>, if <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> is enabled.</td></tr> +</table> + + <div class="note"><h3>Note</h3> + <p>The <code>%s</code> format specifier is only available in + Apache 2.1 and later; it can be used instead of <code>%e</code> + to avoid the overhead of enabling <code>SSLOptions + +StdEnvVars</code>. If <code>SSLOptions +StdEnvVars</code> must + be enabled anyway for some other reason, <code>%e</code> will be + more efficient than <code>%s</code>.</p> + </div> + + <div class="note"><h3>Note on expression values</h3> + <p> When the value parameter uses the <a href="../expr.html">ap_expr</a> + parser, some expression syntax will differ from examples that evaluate + <em>boolean</em> expressions such as <If>:</p> + <ul> + <li>The starting point of the grammar is 'string' rather than 'expr'.</li> + <li>Function calls use the %{funcname:arg} syntax rather than + funcname(arg).</li> + <li>Multi-argument functions are not currently accessible from this + starting point</li> + <li>Quote the entire parameter, such as + <pre class="prettyprint lang-config">Header set foo-checksum "expr=%{md5:foo}"</pre> + + </li> + + </ul> + </div> + + <p>For <code>edit</code> there is both a <var>value</var> argument + which is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>, + and an additional <var>replacement</var> string. As of version 2.4.7 + the replacement string may also contain format specifiers.</p> + + <p>The <code class="directive">Header</code> directive may be followed by + an additional argument, which may be any of:</p> + <dl> + <dt><code>early</code></dt> + <dd>Specifies <a href="#early">early processing</a>.</dd> + <dt><code>env=[!]<var>varname</var></code></dt> + <dd>The directive is applied if and only if the <a href="../env.html">environment variable</a> <code>varname</code> exists. + A <code>!</code> in front of <code>varname</code> reverses the test, + so the directive applies only if <code>varname</code> is unset.</dd> + <dt><code>expr=<var>expression</var></code></dt> + <dd>The directive is applied if and only if <var>expression</var> + evaluates to true. Details of expression syntax and evaluation are + documented in the <a href="../expr.html">ap_expr</a> documentation. + <pre class="prettyprint lang-config"># This delays the evaluation of the condition clause compared to <If> +Header always set CustomHeader my-value "expr=%{REQUEST_URI} =~ m#^/special_path.php$#"</pre> + + </dd> + </dl> + + <p>Except in <a href="#early">early</a> mode, the + <code class="directive">Header</code> directives are processed just + before the response is sent to the network. This means that it is + possible to set and/or override most headers, except for some headers + added by the HTTP header filter. Prior to 2.2.12, it was not possible + to change the Content-Type header with this directive.</p> + + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="RequestHeader" id="RequestHeader">RequestHeader</a> <a name="requestheader" id="requestheader">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure HTTP request headers</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +<var>header</var> [[expr=]<var>value</var> [<var>replacement</var>] +[early|env=[!]<var>varname</var>|expr=<var>expression</var>]] +</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_headers</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>SetIfEmpty available in 2.4.7 and later, expr=value +available in 2.4.10 and later</td></tr> +</table> + <p>This directive can replace, merge, change or remove HTTP request + headers. The header is modified just before the content handler + is run, allowing incoming headers to be modified. The action it + performs is determined by the first argument. This can be one + of the following values:</p> + + <dl> + + <dt><code>add</code></dt> + <dd>The request header is added to the existing set of headers, + even if this header already exists. This can result in two + (or more) headers having the same name. This can lead to + unforeseen consequences, and in general <code>set</code>, + <code>append</code> or <code>merge</code> should be used instead.</dd> + + <dt><code>append</code></dt> + <dd>The request header is appended to any existing header of the + same name. When a new value is merged onto an existing header + it is separated from the existing header with a comma. This + is the HTTP standard way of giving a header multiple + values.</dd> + + <dt><code>edit</code></dt> + <dt><code>edit*</code></dt> + <dd>If this request header exists, its value is transformed according + to a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a> + search-and-replace. The <var>value</var> argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>, and the <var>replacement</var> + is a replacement string, which may contain backreferences or format specifiers. + The <code>edit</code> form will match and replace exactly once + in a header value, whereas the <code>edit*</code> form will replace + <em>every</em> instance of the search pattern if it appears more + than once.</dd> + + <dt><code>merge</code></dt> + <dd>The request header is appended to any existing header of + the same name, unless the value to be appended already appears in the + existing header's comma-delimited list of values. When a new value is + merged onto an existing header it is separated from the existing header + with a comma. This is the HTTP standard way of giving a header multiple + values. Values are compared in a case sensitive manner, and after + all format specifiers have been processed. Values in double quotes + are considered different from otherwise identical unquoted values.</dd> + + <dt><code>set</code></dt> + <dd>The request header is set, replacing any previous header + with this name</dd> + + <dt><code>setifempty</code></dt> + <dd>The request header is set, but only if there is no previous header + with this name.<br /> + Available in 2.4.7 and later.</dd> + + <dt><code>unset</code></dt> + <dd>The request header of this name is removed, if it exists. If + there are multiple headers of the same name, all will be removed. + <var>value</var> must be omitted.</dd> + </dl> + + <p>This argument is followed by a header name, which can + include the final colon, but it is not required. Case is + ignored. For <code>set</code>, <code>append</code>, <code>merge</code> and + <code>add</code> a <var>value</var> is given as the third argument. If a + <var>value</var> contains spaces, it should be surrounded by double + quotes. For <code>unset</code>, no <var>value</var> should be given. + <var>value</var> may be a character string, a string containing format + specifiers or a combination of both. The supported format specifiers + are the same as for the <code class="directive"><a href="#header">Header</a></code>, + please have a look there for details. For <code>edit</code> both + a <var>value</var> and a <var>replacement</var> are required, and are + a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a> and a + replacement string respectively.</p> + + <p>The <code class="directive">RequestHeader</code> directive may be followed by + an additional argument, which may be any of:</p> + <dl> + <dt><code>early</code></dt> + <dd>Specifies <a href="#early">early processing</a>.</dd> + <dt><code>env=[!]<var>varname</var></code></dt> + <dd>The directive is applied if and only if the <a href="../env.html">environment variable</a> <code>varname</code> exists. + A <code>!</code> in front of <code>varname</code> reverses the test, + so the directive applies only if <code>varname</code> is unset.</dd> + <dt><code>expr=<var>expression</var></code></dt> + <dd>The directive is applied if and only if <var>expression</var> + evaluates to true. Details of expression syntax and evaluation are + documented in the <a href="../expr.html">ap_expr</a> documentation.</dd> + </dl> + + <p>Except in <a href="#early">early</a> mode, the + <code class="directive">RequestHeader</code> directive is processed + just before the request is run by its handler in the fixup phase. + This should allow headers generated by the browser, or by Apache + input filters to be overridden or modified.</p> + +</div> +</div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/mod/mod_headers.html" title="English"> en </a> | +<a href="../fr/mod/mod_headers.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ja/mod/mod_headers.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="../ko/mod/mod_headers.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_headers.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file |