Expand my Community achievements bar.

SOLVED

Additional headers on dispatcher vhost

Avatar

Level 2

Hi All , 

We are planning to add below  additional header in vhost of the application. Can you please suggest ways to implement it.

Header name: endpointRequested

 

Thanks.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@Sriga311 

 

I don't see it has any value. Can you try the below?

 

Header set X-endPointRequested "www.google.com"

 You need to read the ednPoint dynamically and apply here as variable. Before that ensure it is working by hardcoding some value like I did for google.com

 

Thanks!

View solution in original post

15 Replies

Avatar

Community Advisor

Hi @Sriga311 

 

You can add additional request headers in the v-host file like below:

 

<VirtualHost *:443>
ServerName ${SERVER_IP}
ServerAlias ${NO_SUBDOMAIN_ALIAS}
Header always append X-Frame-Options SAMEORIGIN
Header set Keep-Alive 'timeout=10, max=98'
Header set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
Header set X-Content-Type-Options nosniff
</VirtualHost>

Avatar

Community Advisor

Hi - Can we also add the header "endpointRequested" in the clientheader section in farm file ?

Avatar

Level 2

Hi @Asutosh_Jena_ ,

W e have added the additional header as below in the vhost .But on restarting the  dispatcher , it got failed .So ,could you please let me know whether this is a wrong approach.

 

<IfModule mod_headers.c>
Header set endpointRequested
</IfModule>

 

Thanks.

Avatar

Correct answer by
Community Advisor

@Sriga311 

 

I don't see it has any value. Can you try the below?

 

Header set X-endPointRequested "www.google.com"

 You need to read the ednPoint dynamically and apply here as variable. Before that ensure it is working by hardcoding some value like I did for google.com

 

Thanks!

Avatar

Level 2

This works but can you please suggest how to dynamically read the domain name.

 

Thanks

Sriga

Avatar

Community Advisor

Can you tell me where the endPoint URL will come? and based on what parameter it will be updated? Is it based on each individual or how it is defined?

 

Thanks!

Avatar

Level 2

It is based on individual vhost where we define the server name as below .

ServerName www.xyz.com
ServerAlias www.xyz.com preview.xyz.com

 

Thanks

 

Avatar

Community Advisor

I mean what value are you expecting here. Let's say your website URL is www.mywebsite.com

so when I access anypage with this domain what is the expected value for endPointURL header? Also does this value changes anytime or it remains constant always irrespective of any user accessing the page?

Avatar

Level 2

Header endPointURL should remain as the domain name  www.mywebsite.com irrespective of any user accessing the page.

Avatar

Community Advisor

Then it's going to be static always so you do not have to make it dynamic.

 

Header set X-endPointRequested "www.mywebsite.com"

Or

 

Header set X-endPointRequested ${SERVER_NAME}

 

Here the ${SERVER_NAME} should be defined as a variable in the environment configuration file.

 

Define SERVER_NAME "www.mydomain.com"

 

This is overkill if we do not re use this variable at other places. So directly adding the domain should be good here.

 

Thanks!

Avatar

Level 2

Hi @Asutosh_Jena_ ,

Alternatively, could you please let me know how to allow the additional header in vhost file without setting any value to the header.

 

Thanks.

Avatar

Community Advisor

I think this is another wy of adding client headers through farm file along with Virtual host.

 

I think this also another way of setting client headers through farm file.

 

Below are the allowed client headers. h

 

/clientheaders
{
"CSRF-Token"
"X-Forwarded-Proto"
"referer"
"user-agent"
"authorization"
"from"
"content-type"
"content-length"
"accept-charset"
"accept-encoding"
"accept-language"
"accept"
"host"
"if-match"
"if-none-match"
"if-range"
"if-unmodified-since"
"max-forwards"
"proxy-authorization"
"proxy-connection"
"range"
"cookie"
"cq-action"
"cq-handle"
"handle"
"action"
"cqstats"
"depth"
"translate"
"expires"
"date"
"dav"
"ms-author-via"
"if"
"lock-token"
"x-expected-entity-length"
"destination"
"PATH"
}

Thanks,

Aruna