Set Apache HTTP header except for specified URL
I'm using Apache 2.2 and want to set the X-Frame-Options header to "deny" across most of the site. I can turn it on unconditionally using mod_headers. However, there is one CGI scripts that returns content that has to be framed, so I need to turn it off for that script. Is there a way to do this?
I'm using Debian's Apache 2.2.9.
Try using the SetEnvIf directive, coupled with env
in your Header
directive:
SetEnvIf Request_URI "/MyCGI" is_cgi
Header set X-Frame-Options some-value env=!is_cgi
(or something close to that :-))
You can use the Location
directive.
<Location /url/fragment/to/my/cgi/script>
Header unset X-Frame-Options
</Location>