使用重写规则有条件地设置多个标头[apache httpd.conf]

时间:2017-12-17 18:13:35

标签: php apache .htaccess mod-rewrite webserver

我一直试图用少量RewriteCond有条件地设置标题。似乎没有用。

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteLog "/tmp/rewrite.log"
  RewriteLogLevel 9

  RewriteCond %{HTTP_REFERER} "/id\:no\:"
  RewriteCond %{REQUEST_URI} "/live-stream/"

  RewriteRule ^.*$ - [ENV=stream:true]
  Header unset X-Frame-Options env=stream
  Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream
</IfModule>

两个条件都匹配,但重写规则似乎没有显示卷曲时的结果。它采用了为其他uri设置的常用设置。

UPDATE1: 我有未设置的字符串标题可以工作。

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteLog "/tmp/rewrite.log"
  RewriteLogLevel 9

  RewriteCond %{HTTP_REFERER} "/id\:no\:"
  RewriteCond %{REQUEST_URI} "/live-stream/"
  RewriteRule ^ - [ENV=stream1:true]

  RewriteCond %{HTTP_REFERER} "/id\:no\:"
  RewriteCond %{REQUEST_URI} "/live-stream/"
  RewriteRule ^ - [ENV=stream2:true]

  Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream2
</IfModule>

我设法通过在重写规则中使用Env变量取消设置标头,并在设置它的级别取消。

现在唯一不起作用的是内容 - 安全 - 政策更改。

这是我得到的输出: $ curl -H&#39; Referer:https://www.example.net/buy/id:no:1234567&#39; &#39; www.example.net/applications/buy/live-stream/list/en-us/ind ex.html&#39; -sS -o / dev / null -D - 

HTTP/1.1 200 OK
Date: Tue, 19 Dec 2017 00:31:14 GMT
Content-Security-Policy: frame-ancestors 'self' *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream2

2 个答案:

答案 0 :(得分:1)

试试这段代码,因为这对我有用:

RewriteCond %{HTTP_REFERER} "/id:no:" [NC]
RewriteCond %{REQUEST_URI} "/live-stream/" [NC]
RewriteRule ^ - [E=stream1:1,E=stream2:1]

Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;" env=stream2

确保在运行curl命令时没有获得任何404。

尝试使用此curl命令:

curl -IkL -H 'Referer: http://localhost/buy/id:no:1234567' 'localhost/applications/buy/live-stream/list/en-us/index.html'

答案 1 :(得分:0)

我已设法通过

进行更改 
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteLog "/tmp/rewrite.log"
 RewriteLogLevel 9

 RewriteCond %{HTTP_REFERER} "/id\:no\:"
 RewriteCond %{REQUEST_URI} "/live-stream/"
 RewriteRule ^ - [ENV=stream1:true]

 RewriteCond %{HTTP_REFERER} "/id\:no\:"
 RewriteCond %{REQUEST_URI} "/live-stream/"
 RewriteRule ^ - [ENV=stream2:true]
</IfModule>

我已将标头条件与之前为正常请求存在的其他条件添加。

Header set X-Frame-Options "SAMEORIGIN" env=!stream1
Header set Content-Security-Policy "frame-ancestors *.mydomain.com:443;" env=!stream2
Header set Content-Security-Policy "frame-ancestors ‘self’ *.google.com:443 *.mydomain.com:443 mydomain2.com:443;” env=stream2
相关问题
最新问题