On 27/01/2012 3:58 p.m., Ralph Lawrence wrote:
Hi Amos,
Thanks for the quick reply.
On Thu, Jan 26, 2012 at 9:48 PM, Amos Jeffries wrote:
To drop the whole header its simply:
request_header_access Cookie deny all
reply_header_access Set-Cookie deny all
How can I conditionally apply these rules on certain URLs? Is there a
Regex part I can attach to your rules above?
These are access control lists same as you are used to configuring the
http_access one. You can use any of the ACL tests which are based on
HTTP protocol request and/or reply details.
E.g. Only apply on "*.png" or on "*.css"?
E.g. Or apply on URLs ending with "*.png" except when they also
contain "/wp-admin/"?
eg:
acl noCookieTypes urlpath_regex -i \.(png|css)(\?.*)?$
acl admin urlpath_regex /wp-admin/
request_header_access Cookie deny noCookieTypes !admin
Amos
