+ Require expr %{TIME_HOUR} -gt 9 && %{TIME_HOUR} -lt 17
+</Directory>
+
+# Check a HTTP header for a list of values
+<If "%{HTTP:X-example-header} in { 'foo', 'bar', 'baz' }">
+ Header set matched true
+</If>
+
+# Check an environment variable for a regular expression, negated.
+<If "! reqenv('REDIRECT_FOO') =~ /bar/">
+ Header set matched true
+</If>
+
+# Check result of URI mapping by running in Directory context with -f
+<Directory "/var/www">
+ AddEncoding x-gzip gz
+<If "-f '%{REQUEST_FILENAME}.unzipme' && ! %{HTTP:Accept-Encoding} =~ /gzip/">
+ SetOutputFilter INFLATE
+</If>
+</Directory>
+
+# Check against the client IP
+<If "-R '192.168.1.0/24'">
+ Header set matched true
+</If>
+
+# Function examples in boolean context
+<If "md5('foo') == 'acbd18db4cc2f85cedef654fccc4a4d8'">
+ Header set checksum-matched true
+</If>
+<If "md5('foo') == replace('md5:XXXd18db4cc2f85cedef654fccc4a4d8', 'md5:XXX', 'acb')">
+ Header set checksum-matched-2 true
+</If>
+
+# Function example in string context
+Header set foo-checksum "expr=%{md5:foo}"
+
+# This delays the evaluation of the condition clause compared to <If>
+Header always set CustomHeader my-value "expr=%{REQUEST_URI} =~ m#^/special_path\.php$#"
+
+# Add a header to forward client's certificate SAN to some backend
+RequestHeader set X-Client-SAN "expr=%{:join PeerExtList('subjectAltName'):}"
+
+# Require that the remote IP be in the client's certificate SAN
+Require expr %{REMOTE_ADDR} -in split s/.*?IP Address:([^,]+)/$1/, PeerExtList('subjectAltName')
+# or alternatively:
+Require expr "IP Address:%{REMOTE_ADDR}" -in split/, /, join PeerExtList('subjectAltName')
+
+# Conditional logging
+CustomLog logs/access-errors.log common "expr=%{REQUEST_STATUS} >= 400"
+CustomLog logs/access-errors-specific.log common "expr=%{REQUEST_STATUS} -in {'405','410'}"
+
+ </highlight>