Join Log in
Score:0
avatar Server

Apache HTTP Header - Security and Understanding

cn flag
computernoobs

I have now read through the handbook of Apache and tips in online forums. But unfortunately I don't understand it at all.

https://httpd.apache.org/docs/current/mod/mod_headers.html

The optional argument condition determines which internal table of response headers this directive works with: onsuccess (default, can be omitted) or always. The difference between the two lists is that the headers contained in the latter are added to the response even in case of error, and persist across internal redirections (e.g. ErrorDocument handler). Also note that repeating this directive with both conditions is useful in some scenarios because always is not a superset of onsuccess with respect to existing headers:

You are adding a header to a locally generated non-success response (not 2xx), such as a redirect. In this case, only the table that always corresponds is used in the final response.

You modify or remove a header generated by a CGI script or by mod_proxy_fcgi. In this case, the headers of the CGI script are in the table that corresponds to always, not in the default table.

You are changing or removing a header that was generated by part of the server, but that header is not found by the default onsuccess condition.

Currently I have in my .htaccess among others the following

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload".

Now Apache tells me that "always" refers to other tables. Namely also to erroneous requests or outputs, as it happens with errors in the range Error 5xx.

I just don't understand this at all, the internet is full of chaos. Maybe we can clarify this here and clear up the myths.

Wouldn't it be more intelligent to write the following in the htacces

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

and additionally

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload".

Currently I have for all entries of the header the specification

always

Can someone please explain this to me clearly for a noob? Thanks ☺

PS: Please no hate. The server is maintained by a company (firewall, security, etc.), but I am responsible for setting up the .htaccess file myself.

29
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.