Show TOC

Deleting, Adding, and Enhancing HTTP Header FieldsLocate this document in the navigation structure

Use

HTTP header fields of inbound HTTP requests and outbound HTTP responses can be modified. You can delete, add, or enhance (with additional values) HTTP header fields of inbound HTTP requests. HTTP responses can be modified too. A line in the action file describes precisely one modification action. The sequence in the action file defines the sequence of execution too. You can execute multiple HTTP header field modifications consecutively.

Features

Use the following syntax to define HTTP header field modifications in the action file: 

<headerop> <name> [<value>]

Use the following syntax for RegRewriteHeader and RegIRewriteHeader. 

<headerop> <name> <Wert vor der Modifikation> <Wert nach der Modifikation>

Use the following syntax for RegRewriteResponseHeader and RegIRewriteResponseHeader. 

<headerop> <name> <pattern> <value>

Only RegRewriteHeader or RegIRewriteHeader and RegRewriteResponseHeader or RegIRewriteResponseHeader are case-sensitive. All other HTTP header field modifications are case-insensitive.

Explanation of the Syntax

<headerop>

Describes an HTTP header field modification. The following HTTP header field modifications are possible:

HTTP Requests:

  • AppendHeader: If HTTP header field <name> is set in the HTTP request, the value specified in <value> is appended to the value already set in the HTTP request. If HTTP header field <name> is not set in the HTTP request, it is created with the value specified in <value>.

  • RegRewriteHeader/RegIRewriteHeader: The value <value before the modification> of HTTP header field <name> is set to the newly defined value <value after the modification>. You can use RegRewriteHeader for case-sensitive replacements, and RegIRewriteHeader for case-insensitive replacements.
  • RemoveCookie: Removes all cookie pairs that contain the specified cookie name from the HTTP header field of the HTTP request. The wildcard symbol * can be used here. A cookie pair consists of the cookie name and the cookie value (cookie name = cookie value). No value is specified for RemoveCookie

  • RemoveHeader: If the header field <name> is contained in the HTTP response, it is deleted before the response is forwarded to the application server. No value is specified for RemoveHeader.

    (syntax: RemoveHeader <name>)

  • SetHeader: Sets the HTTP header field <name> to value <value>. If the header field is already set in the HTTP request, this value is overwritten by the value defined in SetHeader.

  • SetHeaderIfEmpty: HTTP header field <name> is set to value <value>; but only if the HTTP header field is not set in the HTTP request.

HTTP Responses:

  • AppendRespondHeader: If HTTP header field <name> is set in the HTTP response, the value specified in <value> is appended to the value already set in the HTTP response. If HTTP header field <name> is not set in the HTTP response, it is created with the value specified in <value>.
  • RegRewriteResponseHeader/RegIRewriteResponseHeader: If the value <name> of the HTTP header field of the HTTP response matches the standard pattern, the HTTP header field is set to the specified <value>. You can use RegRewriteResponseHeader for case-sensitive replacements, and RegIRewriteResponseHeader for case-insensitive replacements.
  • RemoveRespondHeader: If the header field <name> is contained in the HTTP response, it is deleted before the response is forwarded to the application server. No value is specified for RemoveRespondHeader.
  • SetResponseHeader: The HTTP header field <name> of the HTTP response is set to the value in <value>.
  • SetResponseHeaderIfEmpty: HTTP header field <name> is set to value <value>; but only if the HTTP header field is not set in the HTTP response.

<name>

Name of the HTTP header field.

<value>

With HTTP header field modifications AppendHeader, AppendRespondHeader, RegRewriteResponseHeader, RegIRewriteResponseHeader, SetHeader, SetHeaderIfEmpty, SetResponseHeader, and SetResponseHeaderIfEmpty, you specify the value <value> that is to be set or appended depending on the <headerop> defined.

Example

The matrix below shows the various HTTP header field modifications:

Example A:

headerop

Header not set

Header set a = 5

SetHeader location 100

location = 100

location = 100

SetHeaderIfEmpty location 100

location = 100

location = 5

AppendHeader location 100

location = 100

location = 5, 100

Below are examples of HTTP header field modifications in the action file:

Example B: 

SetHeader clientProtocol %{SERVER_PROTOCOL}

HTTP header field <name> clientProtocol is set to value <value> of variable SERVER_PROTOCOL.

Example C: 

SetHeader X-SAP-WEBDISP-AP %{SERVER_ACCESS_POINTS}

HTTP header field <name> X-SAP-WEBDISP-AP is set to the value of variable <value> SERVER_ACCESS_POINTS.

Example D: 

RemoveHeader Referer

HTTP header field <Referer> is removed.

Example E:
RemoveCookie MeinCookieName

Before the rewrite: 

cookie: $Version=1; MeinCookieName=Wert

After the rewrite: 

cookie: $Version=1
Example F:
RemoveCookie Mein*Name

Before the rewrite: 

cookie: $Version=1; MeinErsterCookieName=MeinErsterWert; MeinZweiterCookieName=MeinZweiterWert

After the rewrite: 

cookie: $Version=1
Example G:
RemoveCookie *SAP*

Before the rewrite: 

cookie: $Version=1; sap-login-XSRF_ABC=123456789; sap-userkontext=(...); MeinBevorzugtesUnternehmen=SAP

After the rewrite: 

cookie: $Version=1; MeinBevorzugtesUnternehmen=SAP
Example H:
RegRewriteHeader my_header abc 123

Before the rewrite: 

my_header: abc

After the rewrite: 

my_header: 123
Example I:
RegIRewriteHeader Accept (.*)text/html;q=\.[0-9](.*) $1text/html;q=0.1$2

Before the rewrite: 

Accept: text/html;q=0.8

After the rewrite: 

Accept: text/html;q=0.1