How can I unset single/multiple HTTP headers when my website is accessed by a particular IP address? Because my CSP config blocks some local pages from loading properly. For example, if I have phpMyAdmin, but I cannot use it locally because CSP is set.
Asked
Active
Viewed 4,355 times
0
-
Note: I have answered my own question because I did not find anything related to this on the internet, so I wanted to have this question up on the internet, so that anyone who requires help on this, can take a look at this post. Feel free to answer! – Dec 27 '20 at 07:15
2 Answers
3
You can unset headers depending upon IP addresses by using this config:
# For single ip address. Change the IP address to your needs
<Directory "/path/to/the/folder/which/needs/to/have/this/feature">
<If "%{REMOTE_ADDR} == '127.0.0.1'">
Header always unset HeaderName
</If>
</Directory>
# For multiple IP addresses, remove the top one, and use this one, and change the IP addresses
# to your needs, and add more '||' to use more IP addresses.
<Directory "/path/to/the/folder/which/needs/to/have/this/feature">
<If "%{REMOTE_ADDR} == '127.0.0.1' || %{REMOTE_ADDR} == '1.2.3.4'">
Header always unset HeaderName
</If>
</Directory>
Make sure mod_headers is enabled. For more details check https://httpd.apache.org/docs/2.4/mod/core.html#if and https://httpd.apache.org/docs/2.4/expr.html.
You can configure it to your needs but be careful, and make sure you are not disabling headers like CSP for everyone except yourself.
0
When the Header directive does not work, use the RequestHeader directive instead. Here's an example how to prevent spoofing of the X-Forwarded-For header when Apache is used as a reverse proxy where Header would have no effect:
RequestHeader unset X-Forwarded-For
RemoteIPHeader X-Forwarded-For
mrts
- 131
- 3