sambecker
sambecker

Reputation: 1139

All caps HTTP headers with underscores dropped in Apache 2.4

I have an app that relies on sending all-caps-with-underscores HTTP headers along with a request.

Starting with Apache 2.4,

Headers containing invalid characters (including underscores) are now silently dropped

This page suggests there are settings you can change that would allow legacy HTTP headers that aren't stripped (i.e., if they're set in CURL, then they would show up in the $_SERVER array in PHP) but it doesn't say how. I tried adding the following to my HTACCESS file,

SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1 RequestHeader set Accept-Encoding %{fix_accept_encoding}e env=fix_accept_encoding

but it didn't seem to help. Has anyone else experienced this when moving from Apache 2.2 to 2.4?

Upvotes: 3

Views: 4580

Answers (3)

Xavier Héroult
Xavier Héroult

Reputation: 11

The two lines quoted replace an header named Accept(.*)Encoding to Accept-Encoding. You have to modify this example to meet your headers names.

Upvotes: 1

gordon
gordon

Reputation: 61

I had the same problem, my REST api required two custom headers for authentication, CCS_USERNAME and CCS_AUTHENTICATION. After upgrading to Apache 2.4 neither header was found in the $_SERVER array.

I had to amend my htaccess file in the following way to resolve the issue.

SetEnvIfNoCase ^CCS.USERNAME$ ^(.*)$ fix_ccs_username=$1
RequestHeader set CCS-USERNAME %{fix_ccs_username}e env=fix_ccs_username

SetEnvIfNoCase ^CCS.AUTHENTICATION$ ^(.*)$ fix_ccs_authentication=$1
RequestHeader set CCS-AUTHENTICATION %{fix_ccs_authentication}e env=fix_ccs_authentication

Both custom headers now appear in the $_SERVER array. Note that each individual custom header has to have it's own entry and you have to use different names for each.

Upvotes: 6

tlenss
tlenss

Reputation: 2609

Not sure how much access you have to the machine. But you could use PHP to check for the modules

print_r(apache_get_modules());

If you have mod_setenvif and mod_headers your .htaccess rules should be fine

Upvotes: 1

Related Questions