Reputation: 1139
I have an app that relies on sending all-caps-with-underscores HTTP headers along with a request.
Starting with Apache 2.4,
Headers containing invalid characters (including underscores) are now silently dropped
This page suggests there are settings you can change that would allow legacy HTTP headers that aren't stripped (i.e., if they're set in CURL, then they would show up in the $_SERVER array in PHP) but it doesn't say how. I tried adding the following to my HTACCESS file,
SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1 RequestHeader set Accept-Encoding %{fix_accept_encoding}e env=fix_accept_encoding
but it didn't seem to help. Has anyone else experienced this when moving from Apache 2.2 to 2.4?
Upvotes: 3
Views: 4580
Reputation: 11
The two lines quoted replace an header named Accept(.*)Encoding
to Accept-Encoding
. You have to modify this example to meet your headers names.
Upvotes: 1
Reputation: 61
I had the same problem, my REST api required two custom headers for authentication, CCS_USERNAME and CCS_AUTHENTICATION. After upgrading to Apache 2.4 neither header was found in the $_SERVER array.
I had to amend my htaccess file in the following way to resolve the issue.
SetEnvIfNoCase ^CCS.USERNAME$ ^(.*)$ fix_ccs_username=$1
RequestHeader set CCS-USERNAME %{fix_ccs_username}e env=fix_ccs_username
SetEnvIfNoCase ^CCS.AUTHENTICATION$ ^(.*)$ fix_ccs_authentication=$1
RequestHeader set CCS-AUTHENTICATION %{fix_ccs_authentication}e env=fix_ccs_authentication
Both custom headers now appear in the $_SERVER array. Note that each individual custom header has to have it's own entry and you have to use different names for each.
Upvotes: 6
Reputation: 2609
Not sure how much access you have to the machine. But you could use PHP to check for the modules
print_r(apache_get_modules());
If you have mod_setenvif and mod_headers your .htaccess rules should be fine
Upvotes: 1