Validate incoming request based on Request Header in apache http server

Question

We have a web application (JQuery and Spring) running on weblogic app server. There is a apache http server in front of the app server. All incoming requests will come through the web server and reaches the app server.

Now we have a requirement that we have to verify for a value in the incoming http request header and if present, the request has to sent to the app server. If not we have block the request and in turn display a static error page to the end user.

I want to know whether we can implement this logic in the apache http server. Please advice.

Answer 1

You can do this with mod_rewrite. You didn't include what your exact set up is, but if you have a mod_proxy type config you just want to make sure that the rewrites don't interfere with the passage of normal traffic. In a general sense, in your Apache config, you would:

• Turn on rewrite
• Check for the condition
• Apply the rewrite rule based on the conditions

To give a really simple example, if you were looking for a key in the query string, and forbidding access (403) if it was not present, you would do something like this:

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !somekey
RewriteRule ^.*$ - [F,L]

This can be as complicated as you wish really, you can chain conditions together (implicit AND or an explicit or witht he [OR] flag) and you can serve an actual page rather than a forbidden message.

As always, back up your config before tinkering, and it might be a good idea to test this out with .htaccess (though for performance reasons it's better to move it to the actual config for production loads).

The rewrite documentation is a great resource too:

http://httpd.apache.org/docs/current/mod/mod_rewrite.html

It really is quite good documentation. For some pointers - you will want to look up the flags ([L] = last; [P] = treat as a proxied request; [F] = forbidden etc.) and you will need someone generally familiar with regular expression syntax