--- title: Adding HTTP request header rules description: Add an HTTP request header rule to examine a request and determine whether to grant access to a requested resource based on a match found in one of the specified headers in the HTTP request. component: pingaccess version: 9.0 page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_adding_http_request_header_rules canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_adding_http_request_header_rules.html revdate: February 13, 2023 section_ids: about-this-task: About this task steps: Steps choose-from: Choose from: --- # Adding HTTP request header rules Add an HTTP request header rule to examine a request and determine whether to grant access to a requested resource based on a match found in one of the specified headers in the HTTP request. ## About this task If more than one **Field** and **Value** pair is listed, then all conditions must match in order for the rule to succeed. ## Steps 1. Click **Access**, then go to **Rules > Rules**. 2. Click **[icon: plus, set=fa]Add Rule**. 3. In the **Name** field, enter a unique name, up to 64 characters long. Special characters and spaces are allowed. 4. From the **Type** list, select **HTTP Request Header**. 5. In the **Field** column, in the **Header** field, enter a header name you want to match to grant or not grant the client access. 6. In the **Value** field, enter a value for the header you want to match in order to grant or not grant the client access. The wildcard (`*`) character is supported. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you want to match on the `Host` header, include both the host and port in the **Value** field, or add a wildcard after the hostname (`host*` or `host:*`) to match the HTTP request. | 7. If additional header pairs are needed, click **Add Row** to add an additional row, then repeat steps 5-6. 8. If the values should be an exact match to the value case, select the **Case Sensitive** check box. 9. If access is not allowed when a match is found, select the **Negate** check box. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Ensure that the attribute name entered in the **Field** field is spelled correctly and exists. If you enter an attribute that does not exist and you select **Negate**, the rule will always succeed. The **Negate** control applies to the entire set of conditions specified, and passes the rule if any condition is not met. | 10. To configure rejection handling, click **Show Advanced Settings**, then select a rejection handling method. ### Choose from: * If you select **Default**, use the **Rejection Handler** list to select an existing [rejection handler](pa_rejection_handlers.html) that defines whether to display an error template or redirect to a URL. * If you select **Basic**, you can customize an error message to display as part of the default error page rendered in the end user's browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select **Basic**, provide the following: 1. In the **Error Response Code** field, enter the HTTP status response code to send if rule evaluation fails. The default is `403`. 2. In the **Error Response Status Message** field, enter the HTTP status response message to send if rule evaluation fails. The default is `Forbidden`. 3. In the **Error Response Template File** field, enter the HTML template page for customizing the error message that displays if rule evaluation fails. This template file is located in the `/conf/template/` directory. 4. From the **Error Response Content Type** list, select the type of content for the error response. This lets the client properly display the response. 11. Click **Save**.