I want to use this rule:
<IfModule mod_headers.c>
Header always set X-FRAME-OPTIONS "DENY"
</IfModule>
But only for the front pages of my website.
Ie I have a backoffice: example.com/gestion
for which I don't want the rule to apply and I want to have the rule applied only for example.com
(so all URLs without gestion
)
Any idea?
Try something like this using an Apache <If>
expression to match all URLs, except for any URL that starts /gestion
or contains multiple path segments or contains dots (ie. actual files).
For example:
<If "%{REQUEST_URI} =~ m#^/(?!gestion)[\w-]*$#">
Header always set X-FRAME-OPTIONS "DENY"
</If>
This uses a negative lookahead to avoid matching any URL that starts /gestion
.
I'm assuming that your "front page" URLs only consist of single path segments containing characters in the range [0-9a-zA-Z_-]
.
The <IfModule>
wrapper is not required (unless this is optional and you are using the same config on multiple server's where mod_headers may not be enabled - unlikely).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.