HTTPHeader

Why Is This Important?

HTTPHeader allows EZproxy administrators to configure EZproxy to pass through custom HTTP headers created by browser applications to pass information to EZproxy. Without the HTTPheader directive, EZproxy will ignore these custom headers, and allow only those headers it has been explicitly configured to handle.

HTTPHeader was enhanced with EZproxy V6.1.3. This page is divided to provide details for users with EZproxy V6.0.8 or earlier installed and for users with EZproxy V6.1 or later.

EZproxy V6.0.8 and Before

HTTPHeader is a position-independent directive that specifies additional HTTP headers that should be allowed to pass through EZproxy to remote web servers. When a web browser makes a request to a web server, it provides additional information using headers. For example, if the browser is configured to specify that English is the preferred language of its user, the browser will add:

Accept-Language: en-us

where Accept-Language is the header, and en-us is the value for the header.

To avoid conflicts, EZproxy is configured to only pass through headers that is has been explicitly configured to handle. Information on how to handle the majority of headers required by most browsers is already built in to EZproxy.

With the advent of AJAX technology, applications running in browsers may now create and use their own custom headers to pass information to web applications. Since these custom headers are unknown to EZproxy, it blocks them, which can prevent the application from working properly. The HTTPHeader directive can be used to authorize the passing of custom headers. When determining if a header in the request matches a wildheader specified with HTTPHeader, EZproxy performs a case-insensitive comparison. 

Syntax

The HTTPHeader directive takes the following form:

HTTPHeader wildheader

Qualifiers

The following qualifier can be used with the HTTPHeader directive to customize your EZproxy configuration.

Qualifier Description
wildheader The header to authorize, which may include the * wildcard to match zero or more characters and the ? wildcard to match any one character.

EZproxy V6.1 and Later

HTTPHeader still works to specify additional HTTP headers for EZproxy to allow to pass through, but this directive can now be configured to allow arbitrary processing of both the headers sent from the user to the content provider and from the content provider back to the user. This directive only applies when proxying content and not when the user is interacting with internal EZproxy services such as the login page or administration pages.

Syntax

The HTTPHeader directive takes the following form:

HTTPHeader [-global] [-ignoreGlobal] -direction -method header [expression]

Any entries using the previous standard form of HTTPHeader wildheader will be read in V6.1 and later as: 

HTTPHeader -request -global CustomHeader

Qualifiers

The following qualifiers can be used with the HTTPHeader directive to customize how EZproxy processes headers.

Qualifier Description
-global Apply this directive to all database stanzas except those that contain HTTPHeader -ignoreGlobal.
-ignoreGlobal Within the current database stanza, ignore all HTTPHeader -global directives defined in config.txt. The HTTPHeader directive with this qualifier must be placed AFTER the Title directive to apply to this stanza.
-direction: Use these options to designate the direction from which the request is being sent.

-request

Designates the header is in the request from the user's browser to the content provider.

-response

Designates the header is in response from the content provider to the user's browser.
-method: Use these options to designate how EZproxy should process the header.

-process

Process the header by allowing EZproxy to perform standard processing on the header's value or allow a header that EZproxy would normally block to pass through.

-block

Block the header and its value.

-rewrite

Treat the value of the header as a URL and rewrite it into EZproxy form (this is typically used with -response).

-unrewrite

Treat the value of the header as a URL that is rewritten in EZproxy form that needs to be unrewritten into its original form (typically used with -request).

-edit

Provide the header as hh:header and its value as hh:value to the user-specified expression; if the returned value is non-empty, send the header with that value; if the returned value is empty, suppress the header.

-inject

Provide the header as hh:header to the user-specified expression; if the returned value is non-empty, send the header with that value; if the returned value is empty, suppress the header.
header HTTP header to be affected.
expression Required by -edit and -inject.
 

EZproxy V6.0.8 and Before

If a database provider created a custom header that must be allowed to pass through as part of a database configuration, you might need to add the following to you stanza:

HTTPHeader ResearchHeader
Title Research Database
URL http://www.researchdb.com
HJ https://www.researchdb.com
DJ researchdb.com

Because this directive is position-independent, it does not need to be placed within the database stanza to work. Even when placed within a stanza, it will apply to the entire config.txt file. This should not cause any problems as these headers are usually specific to certain resources and will not impact the proxying behavior of other resources.

Most of the time, these HTTPHeader directives will be in the default stanza suggested by the content provider. If an HTTPHeader directive with the specified custom header already exists in config.txt, you do not need to add it again to the database stanza for the given resource.

EZproxy V6.1 and Later

The HTTPHeader syntax in this version of EZproxy allows you to apply the HTTPHeader directive selectively to database stanzas. For example, the header specified in the following stanza will only be applied to this single resource since it is placed after the Title directive and does not contain the -global qualifier:

Title First Database
HTTPHeader -request CustomHeader
URL http://www.firstdb.com
HJ firstdb.com
DJ firstdb.com

The following configuration will apply the first HTTPHeader directive to the first and third database stanzas as well as any others in config.txt, but not the middle stanza because it includes the HTTPHeader -ignoreGlobal directive after the Title directive. Using the -ignoreGlobal qualifier with this directive will cause this stanza to ignore ALL global HTTPHeader directives that are located anywhere in config.txt.

HTTPHeader -global SpecialHeader

Title Science Database
URL http://www.sciencedb.com
DJ sciencedb.com

Title History Database
HTTPHeader -ignoreGlobal SpecialHeader
URL http://www.historydb.com
DJ historydb.com

Title Literature Database
URL http://www.litdb.com
DJ litdb.com

 

See the following functions related to this directive on the Common Conditions and Actions page.

CompareIP(str1,str2)
RewriteURL(str)
RequestURL(str)
UnwriteURL(str)
 

This page last revised: September 23, 2015.