6. HTTP header manipulation
- - these keywords are not always convenient to allow/deny based on header
- contents. It is strongly recommended to use ACLs with the "" keyword
- instead, resulting in far more flexible and manageable rules.
-
- - lines are always considered as a whole. It is not possible to reference
- a header name only or a value only. This is important because of the way
- headers are written (notably the number of spaces after the colon).
-
- rewrite or filter HTTP requests URIs or response codes, but in turn makes
- it harder to distinguish between headers and request line. The regex prefix
- ^[^\ \t]*[\ \t] matches any HTTP method followed by a space, and the prefix
- ^[^ \t:]*: matches any header name followed by a colon.
-
- - for performances reasons, the number of characters added to a request or to
- a response is limited at build time to values between 1 and 4 kB. This
- should normally be far more than enough for most usages. If it is too short
- on occasional usages, it is possible to gain some space by removing some
-
- - keywords beginning with "reqi" and "rspi" are the same as their counterpart
- without the 'i' letter except that they ignore case when matching patterns.
-
- - when a request passes through a frontend then a backend, all req* rules
- from the frontend will be evaluated, then all req* rules from the backend
- will be evaluated. The reverse path is applied to responses.
-
- - req* statements are applied after "block" statements, so that "" is
- before switching.