验证根据Apache HTTP服务器请求头传入的请求 [英] Validate incoming request based on Request Header in apache http server

问题描述

我们有一个Web应用程序（jQuery和春季）的WebLogic应用服务器上运行。有一个在应用服务器的前面有一个Apache HTTP服务器。
所有传入的请求会通过Web服务器并到达应用服务器。

We have a web application (JQuery and Spring) running on weblogic app server. There is a apache http server in front of the app server. All incoming requests will come through the web server and reaches the app server.

现在，我们有我们要验证传入的HTTP请求头中的值，如果present一个要求，请求发送到应用服务器。如果不是，我们有阻塞请求并依次显示静态错误页面给最终用户。

Now we have a requirement that we have to verify for a value in the incoming http request header and if present, the request has to sent to the app server. If not we have block the request and in turn display a static error page to the end user.

我想知道我们是否可以实现在Apache HTTP服务器这个逻辑。请指点。

I want to know whether we can implement this logic in the apache http server. Please advice.

推荐答案

您可以用mod_rewrite的做到这一点。你不包括您的确切设立是什么，但如果你有一个mod_proxy的类型配置你只是想确保该重写不正常的交通通行造成干扰。在一般意义上，在你的Apache配置，您可以：

You can do this with mod_rewrite. You didn't include what your exact set up is, but if you have a mod_proxy type config you just want to make sure that the rewrites don't interfere with the passage of normal traffic. In a general sense, in your Apache config, you would:

• 打开重写


• 检查条件


• 应用基于条件的重写规则

要给出一个非常简单的例子，如果你正在寻找在查询字符串中的一个关键，禁止访问（403），如果不是present，你会做这样的事情：

To give a really simple example, if you were looking for a key in the query string, and forbidding access (403) if it was not present, you would do something like this:

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !somekey
RewriteRule ^.*$ - [F,L]

这可以如你所愿真如复杂，您可以链接在一起的条件（隐含AND或明确或witht他[OR]标志），你可以成为一个实际的网页，而不是禁止的消息。

This can be as complicated as you wish really, you can chain conditions together (implicit AND or an explicit or witht he [OR] flag) and you can serve an actual page rather than a forbidden message.

与往常一样，备份你的配置修修补补之前，它可能与htaccess来测试这一点是一个好主意（虽然由于性能原因，最好将其移动到生产负荷的实际配置）。

As always, back up your config before tinkering, and it might be a good idea to test this out with .htaccess (though for performance reasons it's better to move it to the actual config for production loads).

重写文件是一个很好的资源太多：

The rewrite documentation is a great resource too:

http://httpd.apache.org/docs/current/mod/ mod_rewrite.html

这真的是相当不错的文档。对于一些三分球 - 你会想查找标志（[L] =最后; [P] =当作一个代理的请求; [F] =禁止等），您将需要一个普遍熟悉规则前pression语法

It really is quite good documentation. For some pointers - you will want to look up the flags ([L] = last; [P] = treat as a proxied request; [F] = forbidden etc.) and you will need someone generally familiar with regular expression syntax

这篇关于验证根据Apache HTTP服务器请求头传入的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！