Is it possible to forward custom http header when using redirect or rewrite on apache?
My use case is:
I am receiving a request from some.domain.com with custom http header custom-param.
I need to resend the request to another.domain.com and I need the custom header to be preserved.
How can I achieve this in Apache 2.2?
This is not possible with an arbitrary header, it would only be possible if you could settle for a cookie set against *.domain.com. Only a cookie would be re-sent after the redirect.
Related
Have a single entry service which is acting like a facade/proxy service for downstream services. The service will need able to detect if the request is a "page request" or "api/xhr" request to perform error handling (302 redirection or 401).
So far have considered:
To use Accept header and detect text/html follow the following reference, can't tell if this is a good indicator to detect a page request
To introduce a custom header for all "api/xhr" request
To enforce all the "api/xhr" requests to follow a "/api" pattern (troublesome as for certain application the xhr is not a restful api)
Any good suggestions are welcome
Ended up using Option 1
Detect page request using Accept header with value "text/html"
As we do not use ajax for partial view
Usually the non-standard HTTP header X-Requested-With is used. Just the presence of the header should be enough. It has at least one advantage over Accept: It cannot be set on a cross-site request, which helps preventing CSRF.
I need to set a cookie based on a response header (as opposed to a request header). The response header is set by a SOAP call to a backend - and is out of apaches control.
I've looked into SetEnvIf, but it states that it investigate request headers only. mod_rewrite's {HTTP:parm} construct also seems to apply to request headers only.
Request coming in
Response header is generated by backend
Apache investigates respond header FooBar
Apache add Set-Cookie if the respond header FooBar value matches "string"
Any ideas out there?
It looks like this can be done with mod_headers, but unfortunately only with Apache 2.4, since expressions were only added in 2.4. You would do something like:
Header set Set-Cookie "cookie-contents-here" "expr=%{resp:Content-Type} =~ m|application/pdf|"
If you can't upgrade to 2.4, you might consider putting Varnish Cache in front of your Apache install. It's a powerful HTTP processor and can easily handle modifying the response for you. You could also implement caching with it and increase the performance of your site, but it can just be used as a pass-through HTTP processor if you don't want to do that. Perhaps there's a simpler solution but that would work.
Another option could be to put a layer in between Apache and your back-end, such as a PHP script, that handles passing the call to the back-end and modifying the headers on the way back out. Probably not great for performance though; upgrading Apache or implementing Varnish Cache would be better.
If you're using a separate back-end out of Apache's control, then you might take Apache out of the loop completely and go straight from Varnish Cache to your back-end.
Hope the ideas help.
I'm using Apache as a reverse proxy with forms authentication.
Using SessionMaxAge I can set the cookie to expire after 24 hours.
This renders the 'max-age' attribute into the cookie.
Unfortunately Internet Explorer only accepts the 'expires' attribute.
Is there a way to, for example, rewrite the cookie before sending it the client?
Thanks in advance.
Kind regards,
Kevin
Yes, it is possible to edit both request and response headers using the header directive in mod_headers
The best approach would probably be to use Header edit Set-Cookie ^(.*)$ $1;Expires..... However, mod_headers can't do the actual Expires sting itself (it doesn't know how to produce that date format), so you will have to actually put that inside the original cookie or another header, then grab it from there and put it into the Header directive. It's quite complicated, but it is possible.
I'm working with an API which provides a HTTP header called token with value 12abc3 and my url is https://example.com/view/quote. Is there a way by which I can add the header as a parameter in the url so that I can type it directly on my browser's address bar instead of using cURL orHurl.it??
The only way I can imagine being able to do this would be to write a small HTTP proxy that takes a specially formatted URL and extracts header values out of the URL and re-issues the request for you. I'm not aware of any service to do this automatically for you.
I think it's too late to reply but for those who still finding the solution
you can send your token through url like this
https://yoururl?Authorization=Bearer yourtokenhere
I want to do some conditional Configuration in Apache based on one particular HTTP request header.
For eg.,
Enable HTTP Digest Authentication for a set of Client IP Address and enable HTTP Basic Authentication for another set of Client IP Address.
For dynamically changing the configuration I am using .htaccess but i am not able to find a way to read the Client IP Address in the Configuration (.htaccess) and apply condition based on the IP Address.
I tried using mod header but i couldn't figure out the way. Please provide me some direction in this regards
Would using the tags fix your problem ?
https://blogs.apache.org/httpd/entry/new_in_httpd_2_4