Xenos Xenos - 3 days ago 5
Apache Configuration Question

RewriteCond comparing two variables in Apache htaccess

I would like to have a

rewritecond
that gets
true
if two variables
HTTP_ORIGIN
and
HTTP_HOST
are equals. I tried

RewriteCond %{HTTP:Origin} ^http://%{HTTP_HOST}(/|$)


But despite Netbeans syntactic color, it appears that Apache is not replacing
%{HTTP_HOST}
by its value. I guessed it because

RewriteCond %{HTTP:Origin} ^http://cnfr005554(/|$)
RewriteCond %{HTTP_HOST} =cnfr005554


Works.

So how can I test that the two variables
%{HTTP:Origin}
and
%{HTTP_HOST}
are equals? (and yes, it's for applying OWASP's guidelines to mitigate XSRF)

Answer

In RewriteCond you cannot use a variable on right hand side.

You have to use it like this:

RewriteCond %{HTTP_HOST}##%{HTTP:Origin} ^(.+)##http://\1(/|$)

Here are are joining 2 variables using a delimiter ## (it can be anything). Then on RHS we match and capture value before ## that represents HTTP_HOST. After ## using a back-reference \1 we do our matching.

Comments