| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| This file is generated from xml source: DO NOT EDIT |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| --> |
| <title>Environment Variables in Apache - Apache HTTP Server</title> |
| <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> |
| <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> |
| <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> |
| <link href="./images/favicon.ico" rel="shortcut icon" /></head> |
| <body id="manual-page"><div id="page-header"> |
| <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="./faq/">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p> |
| <p class="apache">Apache HTTP Server Version 2.0</p> |
| <img alt="" src="./images/feather.gif" /></div> |
| <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> |
| <div id="path"> |
| <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="./">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Environment Variables in Apache</h1> |
| <p>The Apache HTTP Server provides a mechanism for storing |
| information in named variables that are called <em>environment |
| variables</em>. This information can be used to control various |
| operations such as logging or access control. The variables are |
| also used as a mechanism to communicate with external programs |
| such as CGI scripts. This document discusses different ways to |
| manipulate and use these variables.</p> |
| |
| <p>Although these variables are referred to as <em>environment |
| variables</em>, they are not the same as the environment |
| variables controlled by the underlying operating system. |
| Instead, these variables are stored and manipulated in an |
| internal Apache structure. They only become actual operating |
| system environment variables when they are provided to CGI |
| scripts and Server Side Include scripts. If you wish to |
| manipulate the operating system environment under which the |
| server itself runs, you must use the standard environment |
| manipulation mechanisms provided by your operating system |
| shell.</p> |
| </div> |
| <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#setting">Setting Environment Variables</a></li> |
| <li><img alt="" src="./images/down.gif" /> <a href="#using">Using Environment Variables</a></li> |
| <li><img alt="" src="./images/down.gif" /> <a href="#special">Special Purpose Environment Variables</a></li> |
| <li><img alt="" src="./images/down.gif" /> <a href="#examples">Examples</a></li> |
| </ul></div> |
| <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="setting" id="setting">Setting Environment Variables</a></h2> |
| |
| <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_env.html">mod_env</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li><li><code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code></li><li><code class="module"><a href="./mod/mod_unique_id.html">mod_unique_id</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#unsetenv">UnsetEnv</a></code></li></ul></td></tr></table> |
| |
| <h3><a name="basic-manipulation" id="basic-manipulation">Basic Environment Manipulation</a></h3> |
| |
| |
| <p>The most basic way to set an environment variable in Apache |
| is using the unconditional <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> directive. Variables may also be passed from |
| the environment of the shell which started the server using the |
| <code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code> directive.</p> |
| |
| |
| <h3><a name="conditional" id="conditional">Conditional Per-Request Settings</a></h3> |
| |
| |
| <p>For additional flexibility, the directives provided by |
| mod_setenvif allow environment variables to be set on a |
| per-request basis, conditional on characteristics of particular |
| requests. For example, a variable could be set only when a |
| specific browser (User-Agent) is making a request, or only when |
| a specific Referer [sic] header is found. Even more flexibility |
| is available through the mod_rewrite's <code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> which uses the |
| <code>[E=...]</code> option to set environment variables.</p> |
| |
| |
| <h3><a name="unique-identifiers" id="unique-identifiers">Unique Identifiers</a></h3> |
| |
| |
| <p>Finally, mod_unique_id sets the environment variable |
| <code>UNIQUE_ID</code> for each request to a value which is |
| guaranteed to be unique across "all" requests under very |
| specific conditions.</p> |
| |
| |
| <h3><a name="standard-cgi" id="standard-cgi">Standard CGI Variables</a></h3> |
| |
| |
| <p>In addition to all environment variables set within the |
| Apache configuration and passed from the shell, CGI scripts and |
| SSI pages are provided with a set of environment variables |
| containing meta-information about the request as required by |
| the <a href="http://cgi-spec.golux.com/">CGI |
| specification</a>.</p> |
| |
| |
| <h3><a name="caveats" id="caveats">Some Caveats</a></h3> |
| |
| |
| <ul> |
| <li>It is not possible to override or change the standard CGI |
| variables using the environment manipulation directives.</li> |
| |
| <li>When <a href="suexec.html">suexec</a> is used to launch |
| CGI scripts, the environment will be cleaned down to a set of |
| <em>safe</em> variables before CGI scripts are launched. The |
| list of <em>safe</em> variables is defined at compile-time in |
| <code>suexec.c</code>.</li> |
| |
| <li>For portability reasons, the names of environment |
| variables may contain only letters, numbers, and the |
| underscore character. In addition, the first character may |
| not be a number. Characters which do not match this |
| restriction will be replaced by an underscore when passed to |
| CGI scripts and SSI pages.</li> |
| </ul> |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="using" id="using">Using Environment Variables</a></h2> |
| |
| |
| <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_access.html">mod_access</a></code></li><li><code class="module"><a href="./mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code></li><li><code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code></li><li><code class="module"><a href="./mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_access.html#allow">Allow</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="./mod/mod_access.html#deny">Deny</a></code></li><li><code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code></li><li><code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li></ul></td></tr></table> |
| |
| <h3><a name="cgi-scripts" id="cgi-scripts">CGI Scripts</a></h3> |
| |
| |
| <p>One of the primary uses of environment variables is to |
| communicate information to CGI scripts. As discussed above, the |
| environment passed to CGI scripts includes standard |
| meta-information about the request in addition to any variables |
| set within the Apache configuration. For more details, see the |
| <a href="howto/cgi.html">CGI tutorial</a>.</p> |
| |
| |
| <h3><a name="ssi-pages" id="ssi-pages">SSI Pages</a></h3> |
| |
| |
| <p>Server-parsed (SSI) documents processed by mod_include's |
| <code>INCLUDES</code> filter can print environment variables |
| using the <code>echo</code> element, and can use environment |
| variables in flow control elements to makes parts of a page |
| conditional on characteristics of a request. Apache also |
| provides SSI pages with the standard CGI environment variables |
| as discussed above. For more details, see the <a href="howto/ssi.html">SSI tutorial</a>.</p> |
| |
| |
| <h3><a name="access-control" id="access-control">Access Control</a></h3> |
| |
| |
| <p>Access to the server can be controlled based on the value of |
| environment variables using the <code>allow from env=</code> |
| and <code>deny from env=</code> directives. In combination with |
| <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>, this |
| allows for flexible control of access to the server based on |
| characteristics of the client. For example, you can use these |
| directives to deny access to a particular browser (User-Agent). |
| </p> |
| |
| |
| <h3><a name="logging" id="logging">Conditional Logging</a></h3> |
| |
| |
| <p>Environment variables can be logged in the access log using |
| the <code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code> |
| option <code>%e</code>. In addition, the decision on whether |
| or not to log requests can be made based on the status of |
| environment variables using the conditional form of the |
| <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code> |
| directive. In combination with <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> this allows for flexible control of which |
| requests are logged. For example, you can choose not to log |
| requests for filenames ending in <code>gif</code>, or you can |
| choose to only log requests from clients which are outside your |
| subnet.</p> |
| |
| |
| <h3><a name="response-headers" id="response-headers">Conditional Response Headers</a></h3> |
| |
| |
| <p>The <code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code> |
| directive can use the presence or |
| absence of an environment variable to determine whether or not |
| a certain HTTP header will be placed in the response to the |
| client. This allows, for example, a certain response header to |
| be sent only if a corresponding header is received in the |
| request from the client.</p> |
| |
| |
| |
| <h3><a name="external-filter" id="external-filter">External Filter Activation</a></h3> |
| |
| |
| <p>External filters configured by <code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code> |
| using the <code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code> directive can |
| by activated conditional on an environment variable using the |
| <code>disableenv=</code> and <code>enableenv=</code> options.</p> |
| |
| |
| <h3><a name="url-rewriting" id="url-rewriting">URL Rewriting</a></h3> |
| |
| |
| <p>The <code>%{ENV:...}</code> form of <em>TestString</em> in |
| the <code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> |
| allows mod_rewrite's rewrite |
| engine to make decisions conditional on environment variables. |
| Note that the variables accessible in mod_rewrite without the |
| <code>ENV:</code> prefix are not actually environment |
| variables. Rather, they are variables special to mod_rewrite |
| which cannot be accessed from other modules.</p> |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="special" id="special">Special Purpose Environment Variables</a></h2> |
| |
| |
| <p>Interoperability problems have led to the introduction of |
| mechanisms to modify the way Apache behaves when talking to |
| particular clients. To make these mechanisms as flexible as |
| possible, they are invoked by defining environment variables, |
| typically with <code class="directive"><a href="./mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code>, |
| though <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> and |
| <code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code> could also be used, |
| for example.</p> |
| |
| <h3><a name="downgrade" id="downgrade">downgrade-1.0</a></h3> |
| |
| |
| <p>This forces the request to be treated as a HTTP/1.0 request |
| even if it was in a later dialect.</p> |
| |
| |
| <h3><a name="force-no-vary" id="force-no-vary">force-no-vary</a></h3> |
| |
| |
| <p>This causes any <code>Vary</code> fields to be removed from |
| the response header before it is sent back to the client. Some |
| clients don't interpret this field correctly (see the <a href="misc/known_client_problems.html">known client |
| problems</a> page); setting this variable can work around this |
| problem. Setting this variable also implies |
| <strong>force-response-1.0</strong>.</p> |
| |
| |
| <h3><a name="force-response" id="force-response">force-response-1.0</a></h3> |
| |
| |
| <p>This forces an HTTP/1.0 response to clients making an HTTP/1.0 |
| request. It was originally |
| implemented as a result of a problem with AOL's proxies. Some |
| HTTP/1.0 clients may not behave correctly when given an HTTP/1.1 |
| response, and this can be used to interoperate with them.</p> |
| |
| |
| |
| <h3><a name="gzip-only-text-html" id="gzip-only-text-html">gzip-only-text/html</a></h3> |
| |
| |
| <p>When set to a value of "1", this variable disables the DEFLATE |
| output filter provided by <code class="module"><a href="./mod/mod_deflate.html">mod_deflate</a></code> for |
| content-types other than <code>text/html</code>.</p> |
| |
| |
| <h3><a name="no-gzip" id="no-gzip">no-gzip</a></h3> |
| |
| <p>When set, the <code>DEFLATE</code> filter of |
| <code class="module"><a href="./mod/mod_deflate.html">mod_deflate</a></code> will be turned off.</p> |
| |
| |
| |
| <h3><a name="nokeepalive" id="nokeepalive">nokeepalive</a></h3> |
| |
| |
| <p>This disables <code class="directive"><a href="./mod/core.html#keepalive">KeepAlive</a></code> when set.</p> |
| |
| |
| <h3><a name="redirect-carefully" id="redirect-carefully">redirect-carefully</a></h3> |
| |
| |
| <p>This forces the server to be more careful when sending a redirect |
| to the client. This is typically used when a client has a known |
| problem handling redirects. This was originally implemented as a |
| result of a problem with Microsoft's WebFolders software which has |
| a problem handling redirects on directory resources via DAV |
| methods.</p> |
| |
| |
| |
| <h3><a name="suppress-error-charset" id="suppress-error-charset">suppress-error-charset</a></h3> |
| |
| |
| <p><em>Available in versions after 2.0.40</em></p> |
| |
| <p>When Apache issues a redirect in response to a client request, |
| the response includes some actual text to be displayed in case |
| the client can't (or doesn't) automatically follow the redirection. |
| Apache ordinarily labels this text according to the character set |
| which it uses, which is ISO-8859-1.</p> |
| <p> However, if the redirection is to a page that uses a different |
| character set, some broken browser versions will try to use the |
| character set from the redirection text rather than the actual page. |
| This can result in Greek, for instance, being incorrectly rendered.</p> |
| <p>Setting this environment variable causes Apache to omit the character |
| set for the redirection text, and these broken browsers will then correctly |
| use that of the destination page.</p> |
| |
| |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> |
| <div class="section"> |
| <h2><a name="examples" id="examples">Examples</a></h2> |
| |
| |
| <h3><a name="misbehaving" id="misbehaving">Changing protocol behavior with misbehaving clients</a></h3> |
| |
| |
| <p>We recommend that the following lines be included in |
| httpd.conf to deal with known client problems.</p> |
| <div class="example"><pre> |
| # |
| # The following directives modify normal HTTP response behavior. |
| # The first directive disables keepalive for Netscape 2.x and browsers that |
| # spoof it. There are known problems with these browser implementations. |
| # The second directive is for Microsoft Internet Explorer 4.0b2 |
| # which has a broken HTTP/1.1 implementation and does not properly |
| # support keepalive when it is used on 301 or 302 (redirect) responses. |
| # |
| BrowserMatch "Mozilla/2" nokeepalive |
| BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 |
| |
| # |
| # The following directive disables HTTP/1.1 responses to browsers which |
| # are in violation of the HTTP/1.0 spec by not being able to grok a |
| # basic 1.1 response. |
| # |
| BrowserMatch "RealPlayer 4\.0" force-response-1.0 |
| BrowserMatch "Java/1\.0" force-response-1.0 |
| BrowserMatch "JDK/1\.0" force-response-1.0</pre></div> |
| |
| |
| <h3><a name="no-img-log" id="no-img-log">Do not log requests for images in the access log</a></h3> |
| |
| |
| <p>This example keeps requests for images from appearing in the |
| access log. It can be easily modified to prevent logging of |
| particular directories, or to prevent logging of requests |
| coming from particular hosts.</p> |
| <div class="example"><pre> |
| SetEnvIf Request_URI \.gif image-request |
| SetEnvIf Request_URI \.jpg image-request |
| SetEnvIf Request_URI \.png image-request |
| CustomLog logs/access_log common env=!image-request</pre></div> |
| |
| |
| <h3><a name="image-theft" id="image-theft">Prevent "Image Theft"</a></h3> |
| |
| |
| <p>This example shows how to keep people not on your server |
| from using images on your server as inline-images on their |
| pages. This is not a recommended configuration, but it can work |
| in limited circumstances. We assume that all your images are in |
| a directory called /web/images.</p> |
| <div class="example"><pre> |
| SetEnvIf Referer "^http://www.example.com/" local_referal |
| # Allow browsers that do not send Referer info |
| SetEnvIf Referer "^$" local_referal |
| <Directory /web/images> |
| Order Deny,Allow |
| Deny from all |
| Allow from env=local_referal |
| </Directory></pre></div> |
| |
| <p>For more information about this technique, see the |
| ApacheToday tutorial " <a href="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS"> |
| Keeping Your Images from Adorning Other Sites</a>".</p> |
| |
| </div></div> |
| <div id="footer"> |
| <p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p> |
| <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="./faq/">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div> |
| </body></html> |