问题
I would like to have a rewritecond that gets true if two variables HTTP_ORIGIN and HTTP_HOST are equals. I tried
RewriteCond %{HTTP:Origin} ^http://%{HTTP_HOST}(/|$)
But despite Netbeans syntactic color, it appears that Apache is not replacing %{HTTP_HOST} by its value. I guessed it because
RewriteCond %{HTTP:Origin} ^http://cnfr005554(/|$)
RewriteCond %{HTTP_HOST} =cnfr005554
Works.
So how can I test that the two variables %{HTTP:Origin} and %{HTTP_HOST} are equals? (and yes, it's for applying OWASP's guidelines to mitigate XSRF)
回答1:
In RewriteCond you cannot use a variable on right hand side.
You have to use it like this:
RewriteCond %{HTTP_HOST}##%{HTTP:Origin} ^(.+)##http://\1(/|$)
Here are are joining 2 variables using a delimiter ## (it can be anything). Then on RHS we match and capture value before ## that represents HTTP_HOST. After ## using a back-reference \1 we do our matching.
来源:https://stackoverflow.com/questions/40871983/rewritecond-comparing-two-variables-in-apache-htaccess