I have the following url -
http://ip:8080/dashboard/db/testdash?id=add&t1=abc
I want to strip off t1 from the url and add that as a header to my proxy request. I have working reverse proxy conf and I want to intercept this url strip the t1 parameter and add that as header which will be sent to the destination
I have the following configuration for my virtual host listening on 8080
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)t1=(.*)
>>>Need to add the rewrite logic here
>>>Add rewrite conf here change url to /dashboard/db/testdash?id=add
//Add the request header
>>>RequestHeader set X-T1 "value of the query parameter"
//Proxy
ProxyRequests Off
ProxyPass "/" http://localhost:3000/
ProxyPassReverse "/" http://localhost:3000/
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "*"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
I am completely new to httpd so don't how to do this!
remove ProxyPass since we want to use the variable
add RewriteRule (^/.*) http://localhost:3000/$1?%1
Note, this matching is not sufficient if the URL can ever have more keys at the end! A more robust regex would only gobble up the t1 value by capturing up to &. e.g. ^(.*)t1=([^&].*)(.*) then substitute %1%3
Add a quirky empty section to make up for the removed ProxyPass
<Proxy http://localhost:3000/ >
</Proxy>
Related
I am using apache httpd 2.4.34 and below are the httpd.conf configuration.
Header always unset X-Powered-By
Header unset X-Powered-By
## Header to set Server
Header always set Server "Server"
RewriteEngine On
RewriteRule ^/$ /login.do [R,L]
ProxyPass / ajp://x.x.x.x:8109/ connectiontimeout=300 timeout=300
ProxyPassReverse / ajp://x.x.x.x:8109/
Here I am removing the server token details from the response header and setting value as Server. On root request, if I will hit https://example.com/ then the server will be going to redirect the request to https://example.com/login.do using the RewriteRule.
In the above-provided scenario, original server details are received back like below.
Server: Apache/2.4.34 (Red Hat) OpenSSL/1.0.1e-fips mod_auth_kerb/5.4
For all other requests, it is returning below value as expected
Server: Server
How to remove or set response header value on redirected requests using RewriteRule?
So I think what you are looking for is
Ref: http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For}i !^xxx\.xxx\.xxx\.xxx
RewriteRule "^/$" "/do.html" [L]
ServerSignature Off
ProxyPass / ajp://x.x.x.x:8109/ connectiontimeout=300 timeout=300
ProxyPassReverse / ajp://x.x.x.x:8109/
skipping the server signature is less secure, but it sounds like you are handling things with security in depth. I hope this helps.
Enjoy
Use ProxyAddHeaders Directive https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyaddheaders
This question already has answers here:
Set Apache headers conditionally
(2 answers)
Closed 4 years ago.
I'm new in Apache server configuration, now I try to enable CORS.
With follow setting in httpd.conf, CORS can work properly.
<VirtualHost *:80>
DocumentRoot /var/www/html/
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
Header always set Access-Control-Allow-Origin "http://example.com"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers: "Content-Type"
</VirtualHost>
But current server always set Access-Control-Allow-xxx header to all coming request (Both Pre-flight OPTIONS request and actual request).
I only want to add Access-Control-Allow-xxx header for Pre-light request from setting origin (http://example.com), have any way to config for it?
I've read this question, and setenvif manual, but I can't find any option that I can extract Origin info from the request.
I will be grateful for any help you can provide.
As SetEnvIf document, attribute in SetEnvIf attribute regex [!]env-variable syntax, can be An HTTP request header field (see RFC2616 for more information about these); for example: Host, User-Agent, Referer, and Accept-Language.
So I can resolve with below config.
<VirtualHost *:80>
DocumentRoot /var/www/html/
SetEnvIf Origin "^http://fiddle.jshell.net$" ORIGIN_COND
Header always set Access-Control-Allow-Origin "http://example.com" env=ORIGIN_COND
...
</VirtualHost>
Thanks #CRroe and #arco444 make me clearly.
I have a client request that cannot contains custom headers, but server-side I need a hearder (let's call him foo).
So I have this url path/to/bar?foo=value
I want that my apache conf that the foo value and put it in a header.
I haven't so far find a solution :(.
Finaly I find a solution
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(?:.*&)?foo=(.*)$
RewriteRule ^ - [env=foo:%1]
<IfDefine !foo>
RequestHeader set Foo %{foo}e env=foo
</IfDefine>
Having issues setting up a generic Allow Origin for any subdomain in my .htaccess file. The following works for a singular subdomain:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin http://subdomain.website.com
</IfModule>
But what I am looking for is something similar to this:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin {ANY SUBDOMAIN}.website.com
</IfModule>
I have tried using a simple *.website.com wildcard, but that does not seem to work. Do you have to specify exactly what is coming in?
If you're looking to do it for whatever subdomain was being requested, try the following:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin %{HTTP_HOST}
</IfModule>
If you need something more advanced, use mod_rewrite to set an environment variable and then refer to it using %{variable_name}e
I am trying to add an Access-Control-Origin header in .htaccess for all URIs ending with .json. I cannot use <FilesMatch> as my paths are rewritten by mod_rewrite. (Or if I can it doesn't work.)
I found on Stack that it should be possible to do it with an env variable:
<IfModule mod_headers.c>
SetEnvIf Request_URI "\.json$" IS_JSON=TRUE
# ".json$" yields the same result
Header set Access-Control-Allow-Origin "*" env=IS_JSON
# "Header add" yields the same result
</IfModule>
But it does never add the header.
I tried using a snipper from another stack answer to check if the env variable is there using:
RewriteCond %{REQUEST_URI} !echo.php
RewriteRule .* echo.php?uri=%{REQUEST_URI}&json=%{ENV:IS_JSON} [L]
And it really was true.
When I remove the condition and leave it as:
Header set Access-Control-Allow-Origin "*"
the header is added, so the mod is loaded, but I would like to limit it for ".json$" only.
What am I doing wrong?
Instead of Header you probably meant to use RequestHeader to send custom headers to your code
SetEnvIf Request_URI \.json$ IS_JSON
RequestHeader set Access-Control-Allow-Origin "*" env=IS_JSON