| <?xml version="1.0"?> |
| <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> |
| <!-- $LastChangedRevision$ --> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <modulesynopsis metafile="mod_headers.xml.meta"> |
| |
| <name>mod_headers</name> |
| <description>Customization of HTTP request and response |
| headers</description> |
| <status>Extension</status> |
| <sourcefile>mod_headers.c</sourcefile> |
| <identifier>headers_module</identifier> |
| |
| <summary> |
| <p>This module provides directives to control and modify HTTP |
| request and response headers. Headers can be merged, replaced |
| or removed.</p> |
| </summary> |
| |
| <section id="order"><title>Order of Processing</title> |
| |
| <p>The directives provided by <module>mod_headers</module> can |
| occur almost anywhere within the server configuration, and can be |
| limited in scope by enclosing them in <a |
| href="../sections.html">configuration sections</a>.</p> |
| |
| <p>Order of processing is important and is affected both by the |
| order in the configuration file and by placement in <a |
| href="../sections.html#mergin">configuration sections</a>. These |
| two directives have a different effect if reversed:</p> |
| |
| <highlight language="config"> |
| RequestHeader append MirrorID "mirror 12" |
| RequestHeader unset MirrorID |
| </highlight> |
| |
| <p>This way round, the <code>MirrorID</code> header is not set. If |
| reversed, the MirrorID header is set to "mirror 12".</p> |
| </section> |
| |
| <section id="early"><title>Early and Late Processing</title> |
| <p><module>mod_headers</module> can be applied either early or late |
| in the request. The normal mode is late, when <em>Request</em> Headers are |
| set immediately before running the content generator and <em>Response</em> |
| Headers just as the response is sent down the wire. Always use |
| Late mode in an operational server.</p> |
| |
| <p>Early mode is designed as a test/debugging aid for developers. |
| Directives defined using the <code>early</code> keyword are set |
| right at the beginning of processing the request. This means |
| they can be used to simulate different requests and set up test |
| cases, but it also means that headers may be changed at any time |
| by other modules before generating a Response.</p> |
| |
| <p>Because early directives are processed before the request path's |
| configuration is traversed, early headers can only be set in a |
| main server or virtual host context. Early directives cannot depend |
| on a request path, so they will fail in contexts such as |
| <directive type="section" module="core">Directory</directive> or |
| <directive type="section" module="core">Location</directive>.</p> |
| </section> |
| |
| <section id="examples"><title>Examples</title> |
| |
| <ol> |
| <li> |
| Copy all request headers that begin with "TS" to the |
| response headers: |
| |
| <highlight language="config"> |
| Header echo ^TS |
| </highlight> |
| </li> |
| |
| <li> |
| Add a header, <code>MyHeader</code>, to the response including a |
| timestamp for when the request was received and how long it |
| took to begin serving the request. This header can be used by |
| the client to intuit load on the server or in isolating |
| bottlenecks between the client and the server. |
| |
| <highlight language="config"> |
| Header set MyHeader "%D %t" |
| </highlight> |
| |
| <p>results in this header being added to the response:</p> |
| |
| <example> |
| MyHeader: D=3775428 t=991424704447256 |
| </example> |
| </li> |
| |
| <li> |
| Say hello to Joe |
| |
| <highlight language="config"> |
| Header set MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request." |
| </highlight> |
| |
| <p>results in this header being added to the response:</p> |
| |
| <example> |
| MyHeader: Hello Joe. It took D=3775428 microseconds for Apache |
| to serve this request. |
| </example> |
| </li> |
| |
| <li> |
| Conditionally send <code>MyHeader</code> on the response if and |
| only if header <code>MyRequestHeader</code> is present on the request. |
| This is useful for constructing headers in response to some client |
| stimulus. Note that this example requires the services of the |
| <module>mod_setenvif</module> module. |
| |
| <highlight language="config"> |
| SetEnvIf MyRequestHeader myvalue HAVE_MyRequestHeader |
| Header set MyHeader "%D %t mytext" env=HAVE_MyRequestHeader |
| </highlight> |
| |
| <p>If the header <code>MyRequestHeader: myvalue</code> is present on |
| the HTTP request, the response will contain the following header:</p> |
| |
| <example> |
| MyHeader: D=3775428 t=991424704447256 mytext |
| </example> |
| </li> |
| |
| <li> |
| Enable DAV to work with Apache running HTTP through SSL hardware |
| (<a href="http://svn.haxx.se/users/archive-2006-03/0549.shtml">problem |
| description</a>) by replacing <var>https:</var> with |
| <var>http:</var> in the <var>Destination</var> header: |
| |
| <highlight language="config"> |
| RequestHeader edit Destination ^https: http: early |
| </highlight> |
| </li> |
| |
| <li> |
| Set the same header value under multiple nonexclusive conditions, |
| but do not duplicate the value in the final header. |
| If all of the following conditions applied to a request (i.e., |
| if the <code>CGI</code>, <code>NO_CACHE</code> and |
| <code>NO_STORE</code> environment variables all existed for the |
| request): |
| |
| <highlight language="config"> |
| Header merge Cache-Control no-cache env=CGI |
| Header merge Cache-Control no-cache env=NO_CACHE |
| Header merge Cache-Control no-store env=NO_STORE |
| </highlight> |
| |
| <p>then the response would contain the following header:</p> |
| |
| <example> |
| Cache-Control: no-cache, no-store |
| </example> |
| |
| <p>If <code>append</code> was used instead of <code>merge</code>, |
| then the response would contain the following header:</p> |
| |
| <example> |
| Cache-Control: no-cache, no-cache, no-store |
| </example> |
| </li> |
| <li> |
| Set a test cookie if and only if the client didn't send us a cookie |
| <highlight language="config"> |
| Header set Set-Cookie testcookie "expr=-z %{req:Cookie}" |
| </highlight> |
| </li> |
| <li> |
| Append a Caching header for responses with a HTTP status code of 200 |
| <highlight language="config"> |
| Header append Cache-Control s-maxage=600 "expr=%{REQUEST_STATUS} == 200" |
| </highlight> |
| </li> |
| |
| </ol> |
| </section> |
| |
| <directivesynopsis> |
| <name>RequestHeader</name> |
| <description>Configure HTTP request headers</description> |
| <syntax>RequestHeader add|append|edit|edit*|merge|set|setifempty|unset |
| <var>header</var> [[expr=]<var>value</var> [<var>replacement</var>] |
| [early|env=[!]<var>varname</var>|expr=<var>expression</var>]] |
| </syntax> |
| <contextlist><context>server config</context><context>virtual host</context> |
| <context>directory</context><context>.htaccess</context></contextlist> |
| <override>FileInfo</override> |
| <compatibility>SetIfEmpty available in 2.4.7 and later, expr=value |
| available in 2.4.10 and later</compatibility> |
| |
| <usage> |
| <p>This directive can replace, merge, change or remove HTTP request |
| headers. The header is modified just before the content handler |
| is run, allowing incoming headers to be modified. The action it |
| performs is determined by the first argument. This can be one |
| of the following values:</p> |
| |
| <dl> |
| |
| <dt><code>add</code></dt> |
| <dd>The request header is added to the existing set of headers, |
| even if this header already exists. This can result in two |
| (or more) headers having the same name. This can lead to |
| unforeseen consequences, and in general <code>set</code>, |
| <code>append</code> or <code>merge</code> should be used instead.</dd> |
| |
| <dt><code>append</code></dt> |
| <dd>The request header is appended to any existing header of the |
| same name. When a new value is merged onto an existing header |
| it is separated from the existing header with a comma. This |
| is the HTTP standard way of giving a header multiple |
| values.</dd> |
| |
| <dt><code>edit</code></dt> |
| <dt><code>edit*</code></dt> |
| <dd>If this request header exists, its value is transformed according |
| to a <glossary ref="regex">regular expression</glossary> |
| search-and-replace. The <var>value</var> argument is a <glossary |
| ref="regex">regular expression</glossary>, and the <var>replacement</var> |
| is a replacement string, which may contain backreferences or format specifiers. |
| The <code>edit</code> form will match and replace exactly once |
| in a header value, whereas the <code>edit*</code> form will replace |
| <em>every</em> instance of the search pattern if it appears more |
| than once.</dd> |
| |
| <dt><code>merge</code></dt> |
| <dd>The request header is appended to any existing header of |
| the same name, unless the value to be appended already appears in the |
| existing header's comma-delimited list of values. When a new value is |
| merged onto an existing header it is separated from the existing header |
| with a comma. This is the HTTP standard way of giving a header multiple |
| values. Values are compared in a case sensitive manner, and after |
| all format specifiers have been processed. Values in double quotes |
| are considered different from otherwise identical unquoted values.</dd> |
| |
| <dt><code>set</code></dt> |
| <dd>The request header is set, replacing any previous header |
| with this name</dd> |
| |
| <dt><code>setifempty</code></dt> |
| <dd>The request header is set, but only if there is no previous header |
| with this name.<br /> |
| Available in 2.4.7 and later.</dd> |
| |
| <dt><code>unset</code></dt> |
| <dd>The request header of this name is removed, if it exists. If |
| there are multiple headers of the same name, all will be removed. |
| <var>value</var> must be omitted.</dd> |
| </dl> |
| |
| <p>This argument is followed by a header name, which can |
| include the final colon, but it is not required. Case is |
| ignored. For <code>set</code>, <code>append</code>, <code>merge</code> and |
| <code>add</code> a <var>value</var> is given as the third argument. If a |
| <var>value</var> contains spaces, it should be surrounded by double |
| quotes. For <code>unset</code>, no <var>value</var> should be given. |
| <var>value</var> may be a character string, a string containing format |
| specifiers or a combination of both. The supported format specifiers |
| are the same as for the <directive module="mod_headers">Header</directive>, |
| please have a look there for details. For <code>edit</code> both |
| a <var>value</var> and a <var>replacement</var> are required, and are |
| a <glossary ref="regex">regular expression</glossary> and a |
| replacement string respectively.</p> |
| |
| <p>The <directive>RequestHeader</directive> directive may be followed by |
| an additional argument, which may be any of:</p> |
| <dl> |
| <dt><code>early</code></dt> |
| <dd>Specifies <a href="#early">early processing</a>.</dd> |
| <dt><code>env=[!]<var>varname</var></code></dt> |
| <dd>The directive is applied if and only if the <a href="../env.html" |
| >environment variable</a> <code>varname</code> exists. |
| A <code>!</code> in front of <code>varname</code> reverses the test, |
| so the directive applies only if <code>varname</code> is unset.</dd> |
| <dt><code>expr=<var>expression</var></code></dt> |
| <dd>The directive is applied if and only if <var>expression</var> |
| evaluates to true. Details of expression syntax and evaluation are |
| documented in the <a href="../expr.html">ap_expr</a> documentation.</dd> |
| </dl> |
| |
| <p>Except in <a href="#early">early</a> mode, the |
| <directive>RequestHeader</directive> directive is processed |
| just before the request is run by its handler in the fixup phase. |
| This should allow headers generated by the browser, or by Apache |
| input filters to be overridden or modified.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>Header</name> |
| <description>Configure HTTP response headers</description> |
| <syntax>Header [<var>condition</var>] add|append|echo|edit|edit*|merge|set|setifempty|unset|note |
| <var>header</var> [[expr=]<var>value</var> [<var>replacement</var>] |
| [early|env=[!]<var>varname</var>|expr=<var>expression</var>]] |
| </syntax> |
| <contextlist><context>server config</context><context>virtual host</context> |
| <context>directory</context><context>.htaccess</context></contextlist> |
| <override>FileInfo</override> |
| <compatibility>SetIfEmpty available in 2.4.7 and later, expr=value |
| available in 2.4.10 and later</compatibility> |
| |
| <usage> |
| <p>This directive can replace, merge or remove HTTP response |
| headers. The header is modified just after the content handler |
| and output filters are run, allowing outgoing headers to be |
| modified.</p> |
| |
| <p> The optional <var>condition</var> argument determines which internal |
| table of responses headers this directive will operate against. Despite the |
| name, the default value of <code>onsuccess</code> does <em>not</em> limit |
| an <var>action</var> to responses with a 2xx status code. Headers set under |
| this condition are still used when, for example, a request is <em>successfully</em> |
| proxied or generated by CGI, even when they have generated a failing status code.</p> |
| |
| <p>When your action is a function of an existing header, you may need to specify |
| a condition of <code>always</code>, depending on which internal table the |
| original header was set in. The table that corresponds to <code>always</code> is |
| used for locally generated error responses as well as successful responses. |
| Note also that repeating this directive with both conditions makes sense in |
| some scenarios because <code>always</code> is not a superset of |
| <code>onsuccess</code> with respect to existing headers:</p> |
| |
| <ul> |
| <li> You're adding a header to a locally generated non-success (non-2xx) response, such |
| as a redirect, in which case only the table corresponding to |
| <code>always</code> is used in the ultimate response.</li> |
| <li> You're modifying or removing a header generated by a CGI script, |
| in which case the CGI scripts are in the table corresponding to |
| <code>always</code> and not in the default table.</li> |
| <li> You're modifying or removing a header generated by some piece of |
| the server but that header is not being found by the default |
| <code>onsuccess</code> condition.</li> |
| </ul> |
| |
| <p>Separately from the <var>condition</var> parameter described above, you |
| can limit an action based on HTTP status codes for e.g. proxied or CGI |
| requests. See the example that uses %{REQUEST_STATUS} in the section above.</p> |
| |
| <p>The action it performs is determined by the first |
| argument (second argument if a <var>condition</var> is specified). |
| This can be one of the following values:</p> |
| |
| <dl> |
| <dt><code>add</code></dt> |
| <dd>The response header is added to the existing set of headers, |
| even if this header already exists. This can result in two |
| (or more) headers having the same name. This can lead to |
| unforeseen consequences, and in general <code>set</code>, |
| <code>append</code> or <code>merge</code> should be used instead.</dd> |
| |
| <dt><code>append</code></dt> |
| <dd>The response header is appended to any existing header of |
| the same name. When a new value is merged onto an existing |
| header it is separated from the existing header with a comma. |
| This is the HTTP standard way of giving a header multiple values.</dd> |
| |
| <dt><code>echo</code></dt> |
| <dd>Request headers with this name are echoed back in the |
| response headers. <var>header</var> may be a |
| <glossary ref="regex">regular expression</glossary>. |
| <var>value</var> must be omitted.</dd> |
| |
| <dt><code>edit</code></dt> |
| <dt><code>edit*</code></dt> |
| <dd>If this response header exists, its value is transformed according |
| to a <glossary ref="regex">regular expression</glossary> |
| search-and-replace. The <var>value</var> argument is a <glossary |
| ref="regex">regular expression</glossary>, and the <var>replacement</var> |
| is a replacement string, which may contain backreferences or format specifiers. |
| The <code>edit</code> form will match and replace exactly once |
| in a header value, whereas the <code>edit*</code> form will replace |
| <em>every</em> instance of the search pattern if it appears more |
| than once.</dd> |
| |
| <dt><code>merge</code></dt> |
| <dd>The response header is appended to any existing header of |
| the same name, unless the value to be appended already appears in the |
| header's comma-delimited list of values. When a new value is merged onto |
| an existing header it is separated from the existing header with a comma. |
| This is the HTTP standard way of giving a header multiple values. |
| Values are compared in a case sensitive manner, and after |
| all format specifiers have been processed. Values in double quotes |
| are considered different from otherwise identical unquoted values.</dd> |
| |
| <dt><code>set</code></dt> |
| <dd>The response header is set, replacing any previous header |
| with this name. The <var>value</var> may be a format string.</dd> |
| |
| <dt><code>setifempty</code></dt> |
| <dd>The request header is set, but only if there is no previous header |
| with this name. |
| <note> |
| The Content-Type header is a special use case since there might be |
| the chance that its value have been determined but the header is not part |
| of the response when <code>setifempty</code> is evaluated. |
| It is safer to use <code>set</code> for this use case like in the |
| following example: |
| <highlight language="config"> |
| Header set Content-Type "text/plain" "expr=-z %{CONTENT_TYPE}" |
| </highlight> |
| </note></dd> |
| |
| <dt><code>unset</code></dt> |
| <dd>The response header of this name is removed, if it exists. |
| If there are multiple headers of the same name, all will be |
| removed. <var>value</var> must be omitted.</dd> |
| |
| <dt><code>note</code></dt> |
| <dd>The value of the named response <var>header</var> is copied into an |
| internal note whose name is given by <var>value</var>. This is useful |
| if a header sent by a CGI or proxied resource is configured to be unset |
| but should also be logged.<br /> |
| Available in 2.4.7 and later.</dd> |
| |
| </dl> |
| |
| <p>This argument is followed by a <var>header</var> name, which |
| can include the final colon, but it is not required. Case is |
| ignored for <code>set</code>, <code>append</code>, <code>merge</code>, |
| <code>add</code>, <code>unset</code> and <code>edit</code>. |
| The <var>header</var> name for <code>echo</code> |
| is case sensitive and may be a <glossary ref="regex">regular |
| expression</glossary>.</p> |
| |
| <p>For <code>set</code>, <code>append</code>, <code>merge</code> and |
| <code>add</code> a <var>value</var> is specified as the next argument. |
| If <var>value</var> |
| contains spaces, it should be surrounded by double quotes. |
| <var>value</var> may be a character string, a string containing |
| <module>mod_headers</module> specific format specifiers (and character |
| literals), or an <a href="../expr.html">ap_expr</a> expression prefixed |
| with <em>expr=</em></p> |
| |
| <p> The following format specifiers are supported in <var>value</var>:</p> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".25"/><column width=".75"/></columnspec> |
| <tr><th>Format</th><th>Description</th></tr> |
| <tr><td><code>%%</code></td> |
| <td>The percent sign</td></tr> |
| |
| <tr><td><code>%t</code></td> |
| <td>The time the request was received in Universal Coordinated Time |
| since the epoch (Jan. 1, 1970) measured in microseconds. The value |
| is preceded by <code>t=</code>.</td></tr> |
| |
| <tr><td><code>%D</code></td> |
| <td>The time from when the request was received to the time the |
| headers are sent on the wire. This is a measure of the duration |
| of the request. The value is preceded by <code>D=</code>. |
| The value is measured in microseconds.</td></tr> |
| |
| <tr><td><code>%l</code></td> |
| <td>The current load averages of the actual server itself. It is |
| designed to expose the values obtained by <code>getloadavg()</code> |
| and this represents the current load average, the 5 minute average, and |
| the 15 minute average. The value is preceded by <code>l=</code> with each |
| average separated by <code>/</code>.<br /> |
| Available in 2.4.4 and later. |
| </td></tr> |
| |
| <tr><td><code>%i</code></td> |
| <td>The current idle percentage of httpd (0 to 100) based on available |
| processes and threads. The value is preceded by <code>i=</code>.<br /> |
| Available in 2.4.4 and later. |
| </td></tr> |
| |
| <tr><td><code>%b</code></td> |
| <td>The current busy percentage of httpd (0 to 100) based on available |
| processes and threads. The value is preceded by <code>b=</code>.<br /> |
| Available in 2.4.4 and later. |
| </td></tr> |
| |
| <tr><td><code>%{VARNAME}e</code></td> |
| <td>The contents of the <a href="../env.html">environment |
| variable</a> <code>VARNAME</code>.</td></tr> |
| |
| <tr><td><code>%{VARNAME}s</code></td> |
| <td>The contents of the <a href="mod_ssl.html#envvars">SSL environment |
| variable</a> <code>VARNAME</code>, if <module>mod_ssl</module> is enabled.</td></tr> |
| |
| </table> |
| |
| <note><title>Note</title> |
| <p>The <code>%s</code> format specifier is only available in |
| Apache 2.1 and later; it can be used instead of <code>%e</code> |
| to avoid the overhead of enabling <code>SSLOptions |
| +StdEnvVars</code>. If <code>SSLOptions +StdEnvVars</code> must |
| be enabled anyway for some other reason, <code>%e</code> will be |
| more efficient than <code>%s</code>.</p> |
| </note> |
| |
| <note><title>Note on expression values</title> |
| <p> When the value parameter uses the <a href="../expr.html">ap_expr</a> |
| parser, some expression syntax will differ from examples that evaluate |
| <em>boolean</em> expressions such as <If>:</p> |
| <ul> |
| <li>The starting point of the grammar is 'string' rather than 'expr'.</li> |
| <li>Function calls use the %{funcname:arg} syntax rather than |
| funcname(arg).</li> |
| <li>Multi-argument functions are not currently accessible from this |
| starting point</li> |
| <li>Quote the entire parameter, such as |
| <highlight language="config"> |
| Header set foo-checksum "expr=%{md5:foo}" |
| </highlight> |
| </li> |
| |
| </ul> |
| </note> |
| |
| <p>For <code>edit</code> there is both a <var>value</var> argument |
| which is a <glossary ref="regex">regular expression</glossary>, |
| and an additional <var>replacement</var> string. As of version 2.4.7 |
| the replacement string may also contain format specifiers.</p> |
| |
| <p>The <directive>Header</directive> directive may be followed by |
| an additional argument, which may be any of:</p> |
| <dl> |
| <dt><code>early</code></dt> |
| <dd>Specifies <a href="#early">early processing</a>.</dd> |
| <dt><code>env=[!]<var>varname</var></code></dt> |
| <dd>The directive is applied if and only if the <a href="../env.html" |
| >environment variable</a> <code>varname</code> exists. |
| A <code>!</code> in front of <code>varname</code> reverses the test, |
| so the directive applies only if <code>varname</code> is unset.</dd> |
| <dt><code>expr=<var>expression</var></code></dt> |
| <dd>The directive is applied if and only if <var>expression</var> |
| evaluates to true. Details of expression syntax and evaluation are |
| documented in the <a href="../expr.html">ap_expr</a> documentation. |
| <highlight language="config"> |
| # This delays the evaluation of the condition clause compared to <If> |
| Header always set CustomHeader my-value "expr=%{REQUEST_URI} =~ m#^/special_path.php$#" |
| </highlight> |
| </dd> |
| </dl> |
| |
| <p>Except in <a href="#early">early</a> mode, the |
| <directive>Header</directive> directives are processed just |
| before the response is sent to the network. This means that it is |
| possible to set and/or override most headers, except for some headers |
| added by the HTTP header filter. Prior to 2.2.12, it was not possible |
| to change the Content-Type header with this directive.</p> |
| |
| </usage> |
| </directivesynopsis> |
| |
| </modulesynopsis> |
| |