Cross-origin directives in httpd.conf?

2

I am a part time Apache administrator (not by choice). We have an animated gif hit counter. I want to add a CSP to disable active content, but include a CORS policy to allow the gif for the hit counter.

I found an example of adding the CORS policy to .htaccess, but its not the httpd.conf file. How do I take the following .htaccess:

<IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
        <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS
        </FilesMatch>
    </IfModule>
</IfModule>

And add it to .httpd.conf?

jww

Posted 2015-11-27T01:44:00.773

Reputation: 1

Answers

2

The file format is exactly the same, except as httpd.conf is global, you should put these settings within the apropriate <VirtualHost…> block (and possibly even within a <Path> or <Directory> block to improve performance, as FilesMatch is comparatively slow). For example:

<VirtualHost *:443>
    ServerName …
    OtherSettings …

    <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">
        SetEnvIf Origin ":" IS_CORS
        Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
</VirtualHost>

user1686

Posted 2015-11-27T01:44:00.773

Reputation: 283 655

Asked: 2015-11-27T01:44:00.773

Viewed: 2 168 times

Active: 2015-11-27T06:47:30.720