6

In the global config section for Apache 2.2.15, I have the following (per recommendation)

<IfModule mod_headers.c>
Header add Strict-Transport-Security "max-age=15768000;includeSubDomains" env=HTTPS
</IfModule>

I would like to add this header only when the request is NOT for a specific host (dev.host.com). Which directive do I use to make header add occur only when not for a specific host?

PS: The second part of this question has been moved.

Community
  • 1
Gaia
  • 1,855
  • 5
  • 34
  • 60

2 Answers2

5

  1. If you only include the IfModule directive in a VirtualHost Directive for x.x.x.x:443, then it will only apply to that VirtualHost, and there only apply to the https protocol.

  2. You could try the directive

    <If "%{HTTP_HOST} = 'www.dev.domain.com'">
    <IfModule mod_headers.c>
        Header unset Strict-Transport-Security
        Header always set Strict-Transport-Security "max-age=0;includeSubDomains"
    </IfModule>
</If>
masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
1

In Apache 2.2 you can probably play with something like bellow.

  • Set an env to identify general case and exclude specific case:

    SetEnvIf HTTPS do_work_on_headers    
SetEnvIf Host "^www.myexcludedhostname.tld$" !do_work_on_headers

  • then conditionnally set headers:

    <IfModule mod_headers.c>
    Header add Strict-Transport-Security "max-age=15768000;includeSubDomains" env=do_work_on_headers
</IfModule>
masegaloeh
  • 18,236
  • 10
  • 57
  • 106
alxgomz
  • 1,630
  • 1
  • 11
  • 14