Apache's RequestHeader is ineffective and effect is not seen in .htaccess

Question

This is an apache question. I set a header in my config files with RequestHeader. (local apache install) I can see that works as per the output of a custom php script to dump headers: the header is there.

However a rule based on that header being present is not fulfilled in .htaccess. The same .htaccess file works as expected on another server.

My added request header doesn't seem to be visible in .htaccess. Any idea?

Apache conf:

RequestHeader set X-Forwarded-Proto "https"

.htaccess:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}  [R=301,L,NE]

That loops forever. But it works perfectly on a config behind an AWS load-balancer.

Answer 1

Thanks for helping agent420.

I finally found the solution... It takes either a clear understanding of Apache processing rules or some luck (latter in my case).

The working directive is:

RequestHeader set X-Forwarded-Proto "https" early

High, unsubtle, massive emphasis on the word 'early'. That's all it took... Hope that comes of some use to others. Teebo

Answer 2

Do other rules in .htaccess work on this server? Because if they do not then it may be due to a configuration in Apache Config file (httpd.conf or apache2.conf depending on your distro)

Edit this file. Look for your website's directory...something like:

    <Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>

Change None toAll for the AllowOverride option. Restart the Apache service.

AllowOverride directive is used to allow the use of .htaccess within the web server to allow overriding of the Apache config on a per directory basis. See this doc for details