I am trying to set X-Frame-Options using IBM HTTP Server (IHS) 8.5.5.12 that is based on apache HTTP Server 2.2.32.
I have tried with SetEnvIf but don't have idea about how to compare environment variable in httpd.conf file.
I have tried same in IHS 9 with If condition and it works, but don't have idea about how to implement same in IHS 8.5.5.12
<IfModule mod_headers.c>
<If "%{HTTP:X-Requested-From} == 'mobileapp'">
Header unset X-Frame-Options
</If>
<Else>
Header set X-Frame-Options SAMEORIGIN
</Else>
</IfModule>
Above code works fine in IHS 9, Can some one help here?
Regards
Mohammad Ashfaq
The trick here is that the Header directive can be conditional in Apache 2.2 but only on an environment variable. But SetEnvIf runs first and can set an environment variable based on a request header:
SetEnvIf X-Requested-From mobileapp is_mobile=1
Header set X-Frame-Options SAMEORIGIN
Header unset X-Frame-Options env=is_mobile
$ wget -qS http://localhost 2>&1 |grep X-F X-Frame-Options:
SAMEORIGIN
$ wget -qS --header="X-Requested-From: mobileapp"
http://localhost 2>&1 |grep X-F
$