Where to type RequestHeader in apache?

Question

I need to add to prevent attack:

# a2enmod headers
 RequestHeader unset Range
 RequestHeader unset Request-Range

Where I can add it? This is my htttp.conf, maybe another file?

<VirtualHost *>
ServerName www.example.com
DocumentRoot /path/
<Location "/">
  SetHandler python-program
  PythonHandler django.core.handlers.modpython
  SetEnv DJANGO_SETTINGS_MODULE projectname.settings
  PythonDebug Off
  PythonAutoReload Off
  PythonPath "['/usr/local/lib/python2.7/dist-packages/django','/usr/local/lib/python2.7/sidt-packages/django/bin/projectname'] + sys.path"
</Location>

<Location "/media/">
  SetHandler None
</Location>

<Location "/static/">
  SetHandler None
</Location>
</VirtualHost>

Sorry, maybe I'm asking question without preparations, but I need to prevent attacks.

score 2 · Accepted Answer · answered Aug 29 '11 at 14:10

2

According to:

http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader

You can set this anywhere. If you are doing it to prevent attacks you probably want to make it global, so put it above your first:

<VirtualHost>

declaration.

answered Aug 29 '11 at 14:10

polynomial

4,106

score 0 · Answer 2 · answered Aug 18 '21 at 14:04

0

according to Apache documentation context have to be: Context: server config, virtual host, directory, .htaccess

so, not "anywhere". e.g. not in location context.

answered Aug 18 '21 at 14:04

Jakob Berlin

1

Where to type RequestHeader in apache?

2 Answers2