GCS Amplitude
GCS Amplitude

Apache Module mod_headers

This module provides directives to control and modify HTTP request and response headers. Headers can be merged, replaced or removed.

Order of processing is important and is affected both by the order in the configuration file and by placement in configuration sections. These two directives have a different effect if reversed:

RequestHeader append MirrorID "mirror 12" RequestHeader unset MirrorID

This way round, the MirrorID

Early mode is designed as a test/debugging aid for developers. Directives defined using the early

keyword are set right at the beginning of processing the request. This means they can be used to simulate different requests and set up test cases, but it also means that headers may be changed at any time by other modules before generating a Response.

Because early directives are processed before the request path's configuration is traversed, early headers can only be set in a main server or virtual host context. Early directives cannot depend on a request path, so they will fail in contexts such as

, to the response including a timestamp for when the request was received and how long it took to begin serving the request. This header can be used by the client to intuit load on the server or in isolating bottlenecks between the client and the server. Header set MyHeader "%D %t"

MyHeader: D=3775428 t=991424704447256

Header set MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."

is present on the request. This is useful for constructing headers in response to some client stimulus. Note that this example requires the services of the mod_setenvif

module. SetEnvIf MyRequestHeader myvalue HAVEMyRequestHeader Header set MyHeader "%D %t mytext" env=HAVEMyRequestHeader

RequestHeader edit Destination ^https: http: early

environment variables all existed for the request): Header merge Cache-Control no-cache env=CGI Header merge Cache-Control no-cache env=NOCACHE Header merge Cache-Control no-store env=NOSTORE

then the response would contain the following header:

Header set Set-Cookie testcookie "expr=-z %{req:Cookie}"

Header append Cache-Control s-maxage=600 "expr=%{REQUEST_STATUS} == 200"

Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]]

The optional condition argument determines which internal table of responses headers this directive will operate against. Despite the name, the default value of onsuccess

does not limit an action to responses with a 2xx status code. Headers set under this condition are still used when, for example, a request is successfully proxied or generated by CGI, even when they have generated a failing status code.

When your action is a function of an existing header, you may need to specify a condition of always

, depending on which internal table the original header was set in. The table that corresponds to always

is used for locally generated error responses as well as successful responses. Note also that repeating this directive with both conditions makes sense in some scenarios because always

condition.Separately from the condition parameter described above, you can limit an action based on HTTP status codes for e.g. proxied or CGI requests. See the example that uses %{REQUEST_STATUS} in the section above.

The action it performs is determined by the first argument (second argument if a condition is specified). This can be one of the following values:

should be used instead.append

form will match and replace exactly once in a header value, whereas the edit*

This argument is followed by a header name, which can include the final colon, but it is not required. Case is ignored for set

is case sensitive and may be a regular expression.

a value is specified as the next argument. If value contains spaces, it should be surrounded by double quotes. value may be a character string, a string containing

specific format specifiers (and character literals), or an modheadersapexpr expression prefixed with expr=

| Format | Description | |---|---| %% | The percent sign | %t | The time the request was received in Universal Coordinated Time since the epoch (Jan. 1, 1970) measured in microseconds. The value is preceded by t= . | %D | The time from when the request was received to the time the headers are sent on the wire. This is a measure of the duration of the request. The value is preceded by D= . The value is measured in microseconds. | %l | The current load averages of the actual server itself. It is designed to expose the values obtained by getloadavg() and this represents the current load average, the 5 minute average, and the 15 minute average. The value is preceded by l= with each average separated by / .Available in 2.4.4 and later. | %i | The current idle percentage of httpd (0 to 100) based on available processes and threads. The value is preceded by i= .Available in 2.4.4 and later. | %b | The current busy percentage of httpd (0 to 100) based on available processes and threads. The value is preceded by b= .Available in 2.4.4 and later. | %{VARNAME}e | The contents of the VARNAME . |

to avoid the overhead of enabling SSLOptions +StdEnvVars

must be enabled anyway for some other reason, %e

will be more efficient than %s

there is both a value argument which is a regular expression, and an additional replacement string. As of version 2.4.7 the replacement string may also contain format specifiers.

reverses the test, so the directive applies only if varname

directives are processed just before the response is sent to the network. This means that it is possible to set and/or override most headers, except for some headers added by the HTTP header filter. Prior to 2.2.12, it was not possible to change the Content-Type header with this directive.

a value is given as the third argument. If a value contains spaces, it should be surrounded by double quotes. For unset

, no value should be given. value may be a character string, a string containing format specifiers or a combination of both. The supported format specifiers are the same as for the

, please have a look there for details. For Headeredit

directive is processed just before the request is run by its handler in the fixup phase. This should allow headers generated by the browser, or by Apache input filters to be overridden or modified.

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.4

Apache Module mod_headers

Available Languages: en | fr | ja | ko

Order of Processing

The directives provided by mod_headers can occur almost anywhere within the server configuration, and can be limited in scope by enclosing them in configuration sections.

Early and Late Processing

mod_headers can be applied either early or late in the request. The normal mode is late, when Request Headers are set immediately before running the content generator and Response Headers just as the response is sent down the wire. Always use Late mode in an operational server.

Examples

results in this header being added to the response:

Header Directive

This directive can replace, merge or remove HTTP response headers. The header is modified just after the content handler and output filters are run, allowing outgoing headers to be modified.

RequestHeader Directive

This directive can replace, merge, change or remove HTTP request headers. The header is modified just before the content handler is run, allowing incoming headers to be modified. The action it performs is determined by the first argument. This can be one of the following values: