Module mod_headers
Module mod_headers supports directives for the IBM® HTTP Server for i Web server.
Summary
The headers module allows for the customization of HTTP request and response headers. The module allows headers to be merged, replaced or removed.
Directives
Header
Module: mod_headers | |
Syntax: Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] | |
Default: none | |
Context: server config, virtual host, directory, .htaccess | |
Override: FileInfo | |
Origin: Apache | |
Example: Header append Author "John P. Doe" | |
Example: Header unset Author | |
Example: Header echo ^TS* | |
Example: Header echo Host | |
Example: Header merge Cache-Control no-cache env=CGI |
The Header directive can replace, merge or remove HTTP response headers. The header is modified just after the content handler and output filters are run, allowing outgoing headers to be modified. The action performed by this module is determined by the action parameter. This parameter is followed by a header name, which can include the final colon, but it is not required. Case is also ignored for set, append, merge, add, unset and edit. The header name for echo is case sensitive and may be a regular expression. For add, append, merge and set, a value is given as the next parameter. If this value contains spaces, it should be surrounded by double quotes. For "echo" and "unset", no value should be given.
Order of Processing
The Header directive can occur almost anywhere within the server configuration. It is valid in the main server config and virtual host contexts, inside <Directory>, <Location>, and <Files> contexts and within .htaccess files.
The Header directives are processed in the following order:
- main server
- virtual host
- <Directory> sections and .htaccess
- <Location>
- <Files>
Order is important. These two headers have a different effect if reversed. For example:
Header append Author "John P. Doe"
Header unset Author
This way the Author header is not set. If reversed, the Author header is set to "John P. Doe". The Header directives are processed just before the response is sent by its handler. This means that some headers, that are added just before the response is sent, cannot be changed or overridden. This includes headers such as Date and Server.
- Parameter One: condition
- The condition parameter is an optional parameter which can be
one of the following values:
Condition Description onsuccess The Header directive will only effect responses with a status code of 2xx. always The Header directive will effect all responses, including 2xx.
- The condition parameter is an optional parameter which can be
one of the following values:
- Parameter Two: action
- The action parameter can be one of the following values:
Action Description set The response header is set, replacing any previous header with this name. The value may be a format string. setifempty The request header is set, but only if there is no previous header with this name. The Content-Type header is a special use case since there might be the chance that its value have been determined but the header is not part of the response when setifempty is evaluated. It is safer to use set for this use case like in the following example:
Header set Content-Type "text/plain" "expr=-z %{CONTENT_TYPE}"
append The response header is appended to any existing header of the same name. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values. add The response header is added to the existing set of headers, even if this header already exists. This can result in two (or more) headers having the same name. This can lead to unforeseen consequence, and in general, "set", "append" or "merge" should be used instead. unset The response header of this name is removed, if it exists. If there are multiple headers of the same name, all will be removed. echo Request headers with this name are echoed back in the response headers. Header may be a regular expression. Echo without any parameters echoes back all the request headers in the response. note The value of the named response header is copied into an internal note whose name is given by value. This is useful if a header sent by a CGI or proxied resource is configured to be unset but should also be logged. edit
edit *
If this response header exists, its value is transformed according to a regular expression search-and-replace. The value argument is a regular expression, and the replacement is a replacement string, which may contain back references or format specifiers. The edit form will match and replace exactly once in a header value, whereas the edit* form will replace every instance of the search pattern if it appears more than once. merge The response header is appended to any existing header of the same name, unless the value to be appended already appears in the header's comma-delimited list of values. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values. Values are compared in a case sensitive manner, and after all format specifiers have been processed. Values in double quotes are considered different from otherwise identical unquoted values.
- The action parameter can be one of the following values:
- Parameter Three: header
- The HTTP Response header parameter to be set, appended, or unset with this directive. There is no validity checking of the header, which allows the use of experimental headers. Case is ignored for set, append, merge, add, unset and edit. The header name for echo is case sensitive and may be a regular expression.
- Parameter Four: value
- The value parameter may be a character string, a string
containing format specifiers or a combination of both and specifies
the value of the header to be set. It is only valid for set or an ap_expr expression
prefixed with expr=. There is no validity checking of the value specified,
which allows the use of experimental headers values. All characters
and escaped characters, such as '\n', are allowed in the value string.
If value contains spaces, it should be surrounded by double quotes.
The following format specifiers are supported in value:
Format Description %% The percent sign %t The time the request was received in Universal Coordinated Time since the epoch (Jan. 1, 1970) measured in microseconds. The value is preceded by "t=". The time the request was received in Universal Coordinated Time since the epoch (Jan. 1, 1970) measured in microseconds. The value is preceded by "t=". %D The time from when the request was received to the time the headers are sent on the wire. This is a measure of the duration of the request. The value is preceded by D=. The value is measured in microseconds. %l The current load averages of the actual server itself. It is designed to expose the values obtained by getloadavg() and this represents the current load average, the 5 minute average, and the 15 minute average. The value is preceded by l= with each average separated by /. %i The current idle percentage of httpd (0 to 100) based on available processes and threads. The value is preceded by i=. %b The current busy percentage of httpd (0 to 100) based on available processes and threads. The value is preceded by b=. %{ENVVAR}e The contents of the environment variable ENVVAR. Note: Other format strings, such as %s, will receive an error and the server will not start. For edit there is both a value argument which is a regular expression, and an additional replacement string.
- The value parameter may be a character string, a string
containing format specifiers or a combination of both and specifies
the value of the header to be set. It is only valid for set or an ap_expr expression
prefixed with expr=. There is no validity checking of the value specified,
which allows the use of experimental headers values. All characters
and escaped characters, such as '\n', are allowed in the value string.
If value contains spaces, it should be surrounded by double quotes.
The following format specifiers are supported in value:
- Parameter Five: early|env=[!]variable] | expr=expression
- Optional: It may be any of:
- early
Specifies early processing.
- env=[!]varname
The directive is applied if and only if the environment variable varname exists. A ! in front of varname reverses the test, so the directive applies only if varname is unset.
- expr=expression
The directive is applied if and only if expression evaluates to true. Details of expression syntax and evaluation are documented in the ap_expr documentation.
Except in early mode, the Header directives are processed just before the response is sent to the network. These means that it is possible to set and/or override most headers, except for those headers added by the HTTP header filter, such as Content-Type.
RequestHeader
Module: mod_headers | |
Syntax: RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] | |
Default: none | |
Context: server config, virtual host, directory, .htaccess | |
Override: FileInfo | |
Origin: Apache | |
Example: RequestHeader set Accept-Encoding "gzip | |
Example: RequestHeader unset Referer | |
Example: RequestHeader edit Destination ^https: http: early |
This argument is followed by a header name, which can include the final colon, but it is not required. Case is ignored. For set, append, merge and add, a value is given as the third argument. If this value contains spaces, it should be surrounded by double quotes. For unset, no value should be given.
- Parameter one: action
- The action parameter can be one of the following values:
Action Description set The request header is set, replacing any previous header with this name. setifempty The request header is set, but only if there is no previous header with this name. append The request header is appended to any existing header of the same name. When a new value is merged into an existing header, it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values. add The request header is added to the existing set of headers, even if this header already exists. This can result in two (or more) headers having the same name. This can lead to unforeseen consequences, and in general set, append or merge should be used instead. unset The request header of this name is removed, if it exists. If there are multiple headers of the same name, all will be removed. echo Request headers with this name are echoed back in the response headers. Header may be a regular expression. Echo without any parameters echoes back all the request headers in the response. edit
edit *
If this request header exists, its value is transformed according to a regular expression search-and-replace. The value argument is a regular expression, and the replacement is a replacement string, which may contain backreferences or format specifiers. The edit form will match and replace exactly once in a header value, whereas the edit* form will replace every instance of the search pattern if it appears more than once. merge The request header is appended to any existing header of the same name, unless the value to be appended already appears in the existing header's comma-delimited list of values. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values. Values are compared in a case sensitive manner, and after all format specifiers have been processed. Values in double quotes are considered different from otherwise identical unquoted values.
- The action parameter can be one of the following values:
- Parameter Two: header
- The HTTP Request header parameter to be set, appended, or unset with this directive. There is no validity checking of the header, which allows the use of experimental headers.
- Parameter Three: value
- The value parameter may be a character string, a string
containing format specifiers or a combination of both and specifies
the value of the header to be set. It is only valid for set, add,
append and merge. There is no validity checking of the value specified,
which allows the use of experimental headers values. All characters
and escaped characters, such as '\n', are allowed in the value string.
If value contains spaces, it should be surrounded by double quotes.
The following format specifiers are supported in value:
Format Description %% The percent sign %t The time the request was received in Universal Coordinated Time since the epoch (Jan. 1, 1970) measured in microseconds. The value is preceded by "t=". The time the request was received in Universal Coordinated Time since the epoch (Jan. 1, 1970) measured in microseconds. The value is preceded by "t=". %D The time from when the request was received to the time the headers are sent on the wire. This is a measure of the duration of the request. The value is preceded by D=. The value is measured in microseconds. %l The current load averages of the actual server itself. It is designed to expose the values obtained by getloadavg() and this represents the current load average, the 5 minute average, and the 15 minute average. The value is preceded by l= with each average separated by /. %i The current idle percentage of httpd (0 to 100) based on available processes and threads. The value is preceded by i=. %b The current busy percentage of httpd (0 to 100) based on available processes and threads. The value is preceded by b=. %{ENVVAR}e The contents of the environment variable ENVVAR. Note: Other format strings, such as %s, will receive an error and the server will not start. For edit both a value and a replacement are required, and are a regular expression and a replacement string respectively.
- The value parameter may be a character string, a string
containing format specifiers or a combination of both and specifies
the value of the header to be set. It is only valid for set, add,
append and merge. There is no validity checking of the value specified,
which allows the use of experimental headers values. All characters
and escaped characters, such as '\n', are allowed in the value string.
If value contains spaces, it should be surrounded by double quotes.
The following format specifiers are supported in value:
- Parameter Four: early|env=[!]variable] | expr=expression
- Optional: It may be any of:
- early
Specifies early processing.
- env=[!]varname
The directive is applied if and only if the environment variable varname exists. A ! in front of varname reverses the test, so the directive applies only if varname is unset.
- expr=expression
The directive is applied if and only if expression evaluates to true. Details of expression syntax and evaluation are documented in the ap_expr documentation.
Except in early mode, the RequestHeader directive is processed just before the request is run by its handler in the fixup phase. This should allow headers generated by the browser, or by HTTP server input filters to be overridden or modified.