Show TOC

Background documentationLinking Modification Actions to Conditions Locate this document in the navigation structure

 

You can specify HTTP request modifications by using conditions. In Releases before 7.40 conditions had a simple form. With the simple form a condition can be linked to one single modification action.

Structure

Use the following syntax in the action file to link one modification action to a condition.

Syntax of a Single Request Modification

Syntax Syntax

  1. if <string> <compop> <pattern> [op]
          <rule>
End of the code.

Two further options are available with Release 7.40. Conditions can be linked to a processing block and can contain branches.

Syntax Processing Block

Multiple modification actions can be specified in one processing block. If the condition is true, all the modification actions defined there are executed when the action file is read. If the condition does not apply, the complete processing block is skipped. Use the following syntax in the action file to define a processing block:

Syntax Syntax

  1. if <string> <compop> <pattern> [op]
    begin
        <rules>
    end
End of the code.
Syntax Branch

Two modification actions are combined in one branch. If the condition applies, modification actions defined before else are executed. If the condition does not apply, all modification actions defined after else are executed. You also have the option not to define any entries for <rule/rules>, or to comment out modification actions by including a preceding "#" character.

To branch precisely two modification actions, use the following syntax in the action file:

Syntax Syntax

  1. if <string> <compop> <pattern> [op]
        <rule>
    else
        <rule>
End of the code.

If you want to specify more than two modification actions, use the following syntax in the action file:

Syntax Syntax

  1. if <string> <compop> <pattern> [op]
    begin
        <rules>
    else
        <rules>
    end
End of the code.
Explanation of the Syntax

<string>

A fixed character string or element of the HTTP request (header field, form field, system-defined values). Access with variables.

<compop>

Comparison operation; the following comparison operations are valid:

  • regmatch: case-sensitive pattern match

  • regimatch: case-insensitive pattern match

  • strcmp: case-sensitive character string comparison

  • stricmp: case-insensitive character string comparison

  • ipmatch: match IP address to another IP address or address mask.

    Use the following syntax to define an IP address or address mask:

    ipmatch <addr> <mask>

    The IP address must be an IPv4 or IPv6 address in the following form:

    IPv4: 4 byte, decimal, separated by points, e.g. 10.11.12.13

    IPv6: 6 byte, hexadecimal. : stands for separated; :: stands for supported

    If a mask is specified, it must be a subnetwork prefix mask: IPv4: 0-32 IPv6: 0-128

  • Lexical comparison operations:

    =, <, >, <=, >=,

    Explanation (from left to right):

    lexically equal to, lexically less than, lexically greater than, lexically less than or equal to, lexically greater than or equal to.

    The operators are compared with each other lexically, for example, 123 < 4 is TRUE because only the first numerals are compared.

  • Numerical comparison operations:

    int=, int!=, int<, int<=, int<, int>=,

    Explanation (from left to right):

    integer equal to, integer less than, integer greater than, integer less than or equal to, integer greater than or equal to.

    If you want to compare numbers, use the numerical comparison operators.

    With the numerical comparison operation, the whole number is compared, e.g. 123 < 4 is FALSE, because unlike with a lexical comparison of 123, here the whole number is interpreted.

All comparison operations can be negated by using a preceding "!".

The comparison operators are not case sensitive.

All names of comparison operations are not case sensitive.

<pattern>

comparison value used for the comparison. A comparison value can be, for example, a regular expression or an IP address.

[op]

You can use operators to link conditions together. Possible operators are "and" and "or". Operators are not case sensitive (e.g. OR = Or = or = oR).

Unlike programming languages the operators here have equal precedence. Operators are processed from left to right. The use of operators is optional.

Example

Examples of the use of conditions:

Example A:

Syntax Syntax

  1. if %{HTTP_HOST} regimatch *.wdf.sap.com [and]
    if %{SERVER_PORT} = 80
    SetHeader clientProtocol http
    
End of the code.

If the host name (value of the HTTP host header HTTP_HOST) in the HTTP request ends with .wdf.sap.com and the HTTP port of port 80 is (http://xxx.wdf.sap.com:80/...), the header field clientProtocol is set to the value http.

Example B:

Syntax Syntax

  1. If %{REQUEST_METHOD} !stricmp "GET" [and]
    If %{REQUEST_METHOD} !stricmp "POST"
    RegForbiddenUrl ^/(.*) –
    
End of the code.

Only requests with GET and POST are permitted as methods. All other requests are rejected.

Example C:

Syntax Syntax

  1. # Rewrite Rules for ICM
    If %{REQUEST_METHOD} stricmp "TRACE"
    RegForbiddenUrl ^/(.*) -
    
End of the code.

HTTP requests with the TRACE method are rejected.

Example D:

Syntax Syntax

  1. if %{HEADER:USER-AGENT} !regimatch Mozilla/4.0*
    RegForbiddenUrl (.*) -
    
End of the code.

Only requests containing the character string Mozilla/4.0 (not case sensitive) are permitted.

Example E:

Syntax Syntax

  1. If %{SERVER_PROTOCOL} !stricmp "https"
    RegIRedirectUrl /sap/ (.*) https://%{HTTP_HOST}/sap/ $1 [code=permanent]
    
End of the code.

If the protocol used is not HTTPS, the request is reformulated for HTTPS.

Example F:

Syntax Syntax

  1. If %{REMOTE_ADDR} ipmatch 10.18.0.0/16
    SetHeader test matched
    
End of the code.

Comparison of the remote IP address with Ipv4 mask "10.18.0.0/16" (the first 16 bits are relevant)

Example G:

Syntax Syntax

  1. If %{REMOTE_ADDR} !ipmatch 2001:db8::1428:57ab/32
    Set Header “test matched”
    
End of the code.

Comparison of the remote IP address with Ipv6 mask "2001:db8::1428:57ab/32" (the first 32 bits are relevant)