0

I'm trying to send a custom header for pages that start with /test-live/

The code I tried:

<If "%{REQUEST_URI} =~ m#^/test-live/#">
    Header always set X-Frame-Options "SAMEORIGIN"
</If>

As well as m#^/test-live/.*# m#/test-live/.*# m#^\/test-live\/.*# Even simple %{REQUEST_URI} == '/test-live/' doesn't work when I open /test-live/ page.

Apache is 2.4. And I passed %{REQUEST_URI} to the browser, it seems correct. And the header is sent correctly outside of IF.

5
  • You likely have a conflict with other directives. What else do you have in your .htaccess file - do you have a front-controller pattern? "I passed %{REQUEST_URI} to the browser" - how?
    – MrWhite
    Commented Nov 12, 2023 at 13:14
  • I have rewrite rules after that. I passed it in some header like %{REQUEST_URI}e No other header manipulation exists in .htaccess
    – Eugene
    Commented Nov 12, 2023 at 13:22
  • You need to edit your question to include your complete .htaccess file with these directives in place. <If> containers are merged late, despite the apparent order of directives in the config file, and if you have a front-controller pattern (as I suspect you might have) then the above <If> expression will fail to match (since mod_rewrite is processed early). However, without seeing your complete config, I'm only guessing.
    – MrWhite
    Commented Nov 12, 2023 at 14:22
  • "I passed it in some header like %{REQUEST_URI}e" - Header directives and <If> expressions are not executed at the same time - you are probably not testing like for like.
    – MrWhite
    Commented Nov 12, 2023 at 14:23
  • Is /test-live a physical filesystem directory?
    – MrWhite
    Commented Nov 12, 2023 at 22:47

2 Answers 2

2

I've tested your .htaccess on my dev server (Apache/2.4.58) and it's working just fine. I'd suggest to use If / Else blocks to debug:

<If "%{REQUEST_URI} =~ m#^/test-live/#">
    Header always set X-Frame-Options "SAMEORIGIN"
</If>
<Else>
    Header always set X-Frame-Debug %{REQUEST_URI}e
</Else>

Also try to remove anything else in the .htaccess. You should be getting the header for 404 responses as well, so you can debug without the rewrites.

3
  • I see, thank you for the response, I gave up thou, opening "/" sents both headers as if IF and Else are completely ignored.
    – Eugene
    Commented Nov 13, 2023 at 13:13
  • @Eugene Even when you request /something-else/ entirely? That could happen if you are on a LiteSpeed server (not Apache). Many shared hosting platforms have started to use LiteSpeed instead of Apache, but still report "Apache 2.4" in the hosting control panel (since it marketed as a drop-in replacement, but it's not... quite).
    – MrWhite
    Commented Nov 13, 2023 at 16:11
  • @MrWhite That is not the case, I have Apache on my local machine, and this code doesn't work on both, maybe because of rewrite rules after that code, like RewriteRule ^([._A-Za-z0-9-]+)(/?)$ index.php [QSA]
    – Eugene
    Commented Nov 14, 2023 at 8:20
1

Firstly, in per-directory context such as .htaccess "^/" never matches, you would have to use "^test-live/".

Although as MrWhite clarifies the variable %{REQUEST_URI} includes it, and I was not paying attention to that, thanks to MrWhite for the clarification.

Also if you can't avoid having to use .htaccess (you are not the admin of the server), I would just head to /test-live/ directory and place the .htaccess with the directive there to avoid complications.

But if you are the admin of the HTTPD server and can avoid .htaccess usage altogether (which you mostly should), in virtualhost context define:

<Directory /path/to/test-live>
   Header always set X-Frame-Options "SAMEORIGIN"
</Directory>

If /test-live/ does not really exists in static content, then you should use <Location /test-live/> in virtualhost context instead of Directory.

2
  • 1
    "in per-directory context such as .htaccess "^/" never matches, you would have to use "^test-live/"" - The OP is testing against the REQUEST_URI server variable, which always contains a slash prefix, regardless of context.
    – MrWhite
    Commented Nov 12, 2023 at 22:45
  • @MrWhite thanks for the clarification, a pleasure to read you here as always. Commented Nov 13, 2023 at 9:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .