| <?xml version="1.0" encoding="UTF-8" ?> |
| <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> |
| <?xml-stylesheet type="text/xsl" href="./style/manual.en.xsl"?> |
| <!-- $LastChangedRevision$ --> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <manualpage metafile="expr.xml.meta"> |
| |
| <title>Expressions in Apache HTTP Server</title> |
| |
| <summary> |
| <p>Historically, there are several syntax variants for expressions |
| used to express a condition in the different modules of the Apache |
| HTTP Server. There is some ongoing effort to only use a single |
| variant, called <em>ap_expr</em>, for all configuration directives. |
| This document describes the <em>ap_expr</em> expression parser. |
| </p> |
| <p>The <em>ap_expr</em> expression is intended to replace most other |
| expression variants in HTTPD. For example, the deprecated <directive |
| module="mod_ssl">SSLRequire</directive> expressions can be replaced |
| by <a href="mod/mod_authz_core.html#reqexpr">Require expr</a>. </p> |
| </summary> |
| |
| <seealso><directive module="core" type="section">If</directive></seealso> |
| <seealso><directive module="core" type="section">ElseIf</directive></seealso> |
| <seealso><directive module="core" type="section">Else</directive></seealso> |
| <seealso><directive module="core">ErrorDocument</directive></seealso> |
| <seealso><directive module="mod_alias">Alias</directive></seealso> |
| <seealso><directive module="mod_alias">ScriptAlias</directive></seealso> |
| <seealso><directive module="mod_alias">Redirect</directive></seealso> |
| <seealso><directive module="mod_auth_basic">AuthBasicFake</directive></seealso> |
| <seealso><directive module="mod_auth_form">AuthFormLoginRequiredLocation</directive></seealso> |
| <seealso><directive module="mod_auth_form">AuthFormLoginSuccessLocation</directive></seealso> |
| <seealso><directive module="mod_auth_form">AuthFormLogoutLocation</directive></seealso> |
| <seealso><directive module="mod_rewrite">RewriteCond</directive></seealso> |
| <seealso><directive module="mod_setenvif">SetEnvIfExpr</directive></seealso> |
| <seealso><directive module="mod_headers">Header</directive></seealso> |
| <seealso><directive module="mod_headers">RequestHeader</directive></seealso> |
| <seealso><directive module="mod_filter">FilterProvider</directive></seealso> |
| <seealso><a href="mod/mod_authz_core.html#reqexpr">Require expr</a></seealso> |
| <seealso><a href="mod/mod_authnz_ldap.html#requser">Require ldap-user</a></seealso> |
| <seealso><a href="mod/mod_authnz_ldap.html#reqgroup">Require ldap-group</a></seealso> |
| <seealso><a href="mod/mod_authnz_ldap.html#reqdn">Require ldap-dn</a></seealso> |
| <seealso><a href="mod/mod_authnz_ldap.html#reqattribute">Require ldap-attribute</a></seealso> |
| <seealso><a href="mod/mod_authnz_ldap.html#reqfilter">Require ldap-filter</a></seealso> |
| <seealso><a href="mod/mod_authz_dbd.html#reqgroup">Require dbd-group</a></seealso> |
| <seealso><a href="mod/mod_authz_dbm.html#reqgroup">Require dbm-group</a></seealso> |
| <seealso><a href="mod/mod_authz_groupfile.html#reqgroup">Require group</a></seealso> |
| <seealso><a href="mod/mod_authz_host.html#reqhost">Require host</a></seealso> |
| <seealso><directive module="mod_ssl">SSLRequire</directive></seealso> |
| <seealso><directive module="mod_log_debug">LogMessage</directive></seealso> |
| <seealso><module>mod_include</module></seealso> |
| |
| <section id="grammar"> |
| <title>Grammar in Backus-Naur Form notation</title> |
| <p><a |
| href="http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_Form">Backus-Naur |
| Form</a> (BNF) is a notation technique for context-free grammars, |
| often used to describe the syntax of languages used in computing. |
| In most cases, expressions are used to express boolean values. |
| For these, the starting point in the BNF is <code>expr</code>. |
| However, a few directives like <directive |
| module="mod_log_debug">LogMessage</directive> accept expressions |
| that evaluate to a string value. For those, the starting point in |
| the BNF is <code>string</code>. |
| </p> |
| <blockquote> |
| <pre> |
| expr ::= "<strong>true</strong>" | "<strong>false</strong>" |
| | "<strong>!</strong>" expr |
| | expr "<strong>&&</strong>" expr |
| | expr "<strong>||</strong>" expr |
| | "<strong>(</strong>" expr "<strong>)</strong>" |
| | comp |
| |
| comp ::= stringcomp |
| | integercomp |
| | unaryop word |
| | word binaryop word |
| | word "<strong>in</strong>" "<strong>{</strong>" wordlist "<strong>}</strong>" |
| | word "<strong>in</strong>" listfunction |
| | word "<strong>=~</strong>" regex |
| | word "<strong>!~</strong>" regex |
| |
| |
| stringcomp ::= word "<strong>==</strong>" word |
| | word "<strong>!=</strong>" word |
| | word "<strong><</strong>" word |
| | word "<strong><=</strong>" word |
| | word "<strong>></strong>" word |
| | word "<strong>>=</strong>" word |
| |
| integercomp ::= word "<strong>-eq</strong>" word | word "<strong>eq</strong>" word |
| | word "<strong>-ne</strong>" word | word "<strong>ne</strong>" word |
| | word "<strong>-lt</strong>" word | word "<strong>lt</strong>" word |
| | word "<strong>-le</strong>" word | word "<strong>le</strong>" word |
| | word "<strong>-gt</strong>" word | word "<strong>gt</strong>" word |
| | word "<strong>-ge</strong>" word | word "<strong>ge</strong>" word |
| |
| wordlist ::= word |
| | wordlist "<strong>,</strong>" word |
| |
| word ::= word "<strong>.</strong>" word |
| | digit |
| | "<strong>'</strong>" string "<strong>'</strong>" |
| | "<strong>"</strong>" string "<strong>"</strong>" |
| | variable |
| | rebackref |
| | function |
| |
| string ::= stringpart |
| | string stringpart |
| |
| stringpart ::= cstring |
| | variable |
| | rebackref |
| |
| cstring ::= ... |
| digit ::= [0-9]+ |
| |
| variable ::= "<strong>%{</strong>" varname "<strong>}</strong>" |
| | "<strong>%{</strong>" funcname "<strong>:</strong>" funcargs "<strong>}</strong>" |
| |
| rebackref ::= "<strong>$</strong>" [0-9] |
| |
| function ::= funcname "<strong>(</strong>" word "<strong>)</strong>" |
| |
| listfunction ::= listfuncname "<strong>(</strong>" word "<strong>)</strong>" |
| </pre> |
| </blockquote> |
| |
| </section> |
| |
| <section id="vars"> |
| <title>Variables</title> |
| |
| <p>The expression parser provides a number of variables of the form |
| <code>%{HTTP_HOST}</code>. Note that the value of a variable may depend |
| on the phase of the request processing in which it is evaluated. For |
| example, an expression used in an <directive><If ></directive> |
| directive is evaluated before authentication is done. Therefore, |
| <code>%{REMOTE_USER}</code> will not be set in this case.</p> |
| |
| <p>The following variables provide the values of the named HTTP request |
| headers. The values of other headers can be obtained with the |
| <code>req</code> <a href="#functions">function</a>. Using these |
| variables may cause the header name to be added to the Vary |
| header of the HTTP response, except where otherwise noted for the |
| directive accepting the expression. The <code>req_novary</code> |
| <a href="#functions">function</a> may be used to circumvent this |
| behavior.</p> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width="1"/></columnspec> |
| |
| <tr><th>Name</th></tr> |
| <tr><td><code>HTTP_ACCEPT</code></td></tr> |
| <tr><td><code>HTTP_COOKIE</code></td></tr> |
| <tr><td><code>HTTP_FORWARDED</code></td></tr> |
| <tr><td><code>HTTP_HOST</code></td></tr> |
| <tr><td><code>HTTP_PROXY_CONNECTION</code></td></tr> |
| <tr><td><code>HTTP_REFERER</code></td></tr> |
| <tr><td><code>HTTP_USER_AGENT</code></td></tr> |
| |
| </table> |
| |
| <p>Other request related variables</p> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".4"/><column width=".6"/></columnspec> |
| |
| <tr><th>Name</th><th>Description</th></tr> |
| <tr><td><code>REQUEST_METHOD</code></td> |
| <td>The HTTP method of the incoming request (e.g. |
| <code>GET</code>)</td></tr> |
| <tr><td><code>REQUEST_SCHEME</code></td> |
| <td>The scheme part of the request's URI</td></tr> |
| <tr><td><code>REQUEST_URI</code></td> |
| <td>The path part of the request's URI</td></tr> |
| <tr><td><code>DOCUMENT_URI</code></td> |
| <td>Same as <code>REQUEST_URI</code></td></tr> |
| <tr><td><code>REQUEST_FILENAME</code></td> |
| <td>The full local filesystem path to the file or script matching the |
| request, if this has already been determined by the server at the |
| time <code>REQUEST_FILENAME</code> is referenced. Otherwise, such |
| as when used in virtual host context, the same value as |
| <code>REQUEST_URI</code> </td></tr> |
| <tr><td><code>SCRIPT_FILENAME</code></td> |
| <td>Same as <code>REQUEST_FILENAME</code></td></tr> |
| <tr><td><code>LAST_MODIFIED</code></td> |
| <td>The date and time of last modification of the file in the format |
| <code>20101231235959</code>, if this has already been determined by |
| the server at the time <code>LAST_MODIFIED</code> is referenced. |
| </td></tr> |
| <tr><td><code>SCRIPT_USER</code></td> |
| <td>The user name of the owner of the script.</td></tr> |
| <tr><td><code>SCRIPT_GROUP</code></td> |
| <td>The group name of the group of the script.</td></tr> |
| <tr><td><code>PATH_INFO</code></td> |
| <td>The trailing path name information, see |
| <directive module="core">AcceptPathInfo</directive></td></tr> |
| <tr><td><code>QUERY_STRING</code></td> |
| <td>The query string of the current request</td></tr> |
| <tr><td><code>IS_SUBREQ</code></td> |
| <td>"<code>true</code>" if the current request is a subrequest, |
| "<code>false</code>" otherwise</td></tr> |
| <tr><td><code>THE_REQUEST</code></td> |
| <td>The complete request line (e.g., |
| "<code>GET /index.html HTTP/1.1</code>")</td></tr> |
| <tr><td><code>REMOTE_ADDR</code></td> |
| <td>The IP address of the remote host</td></tr> |
| <tr><td><code>REMOTE_PORT</code></td> |
| <td>The port of the remote host (2.4.26 and later)</td></tr> |
| <tr><td><code>REMOTE_HOST</code></td> |
| <td>The host name of the remote host</td></tr> |
| <tr><td><code>REMOTE_USER</code></td> |
| <td>The name of the authenticated user, if any (not available during <directive><If></directive>)</td></tr> |
| <tr><td><code>REMOTE_IDENT</code></td> |
| <td>The user name set by <module>mod_ident</module></td></tr> |
| <tr><td><code>SERVER_NAME</code></td> |
| <td>The <directive module="core">ServerName</directive> of |
| the current vhost</td></tr> |
| <tr><td><code>SERVER_PORT</code></td> |
| <td>The server port of the current vhost, see |
| <directive module="core">ServerName</directive></td></tr> |
| <tr><td><code>SERVER_ADMIN</code></td> |
| <td>The <directive module="core">ServerAdmin</directive> of |
| the current vhost</td></tr> |
| <tr><td><code>SERVER_PROTOCOL</code></td> |
| <td>The protocol used by the request</td></tr> |
| <tr><td><code>DOCUMENT_ROOT</code></td> |
| <td>The <directive module="core">DocumentRoot</directive> of |
| the current vhost</td></tr> |
| <tr><td><code>AUTH_TYPE</code></td> |
| <td>The configured <directive |
| module="mod_authn_core">AuthType</directive> (e.g. |
| "<code>basic</code>")</td></tr> |
| <tr><td><code>CONTENT_TYPE</code></td> |
| <td>The content type of the response (not available during <directive><If></directive>)</td></tr> |
| <tr><td><code>HANDLER</code></td> |
| <td>The name of the <a href="handler.html">handler</a> creating |
| the response</td></tr> |
| <tr><td><code>HTTP2</code></td> |
| <td>"<code>on</code>" if the request uses http/2, |
| "<code>off</code>" otherwise</td></tr> |
| <tr><td><code>HTTPS</code></td> |
| <td>"<code>on</code>" if the request uses https, |
| "<code>off</code>" otherwise</td></tr> |
| <tr><td><code>IPV6</code></td> |
| <td>"<code>on</code>" if the connection uses IPv6, |
| "<code>off</code>" otherwise</td></tr> |
| <tr><td><code>REQUEST_STATUS</code></td> |
| <td>The HTTP error status of the request (not available during <directive><If></directive>)</td></tr> |
| <tr><td><code>REQUEST_LOG_ID</code></td> |
| <td>The error log id of the request (see |
| <directive module="core">ErrorLogFormat</directive>)</td></tr> |
| <tr><td><code>CONN_LOG_ID</code></td> |
| <td>The error log id of the connection (see |
| <directive module="core">ErrorLogFormat</directive>)</td></tr> |
| <tr><td><code>CONN_REMOTE_ADDR</code></td> |
| <td>The peer IP address of the connection (see the |
| <module>mod_remoteip</module> module)</td></tr> |
| <tr><td><code>CONTEXT_PREFIX</code></td> |
| <td></td></tr> |
| <tr><td><code>CONTEXT_DOCUMENT_ROOT</code></td> |
| <td></td></tr> |
| |
| </table> |
| |
| <p>Misc variables</p> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".4"/><column width=".6"/></columnspec> |
| |
| <tr><th>Name</th><th>Description</th></tr> |
| <tr><td><code>TIME_YEAR</code></td> |
| <td>The current year (e.g. <code>2010</code>)</td></tr> |
| <tr><td><code>TIME_MON</code></td> |
| <td>The current month (<code>01</code>, ..., <code>12</code>)</td></tr> |
| <tr><td><code>TIME_DAY</code></td> |
| <td>The current day of the month (<code>01</code>, ...)</td></tr> |
| <tr><td><code>TIME_HOUR</code></td> |
| <td>The hour part of the current time |
| (<code>00</code>, ..., <code>23</code>)</td></tr> |
| <tr><td><code>TIME_MIN</code></td> |
| <td>The minute part of the current time </td></tr> |
| <tr><td><code>TIME_SEC</code></td> |
| <td>The second part of the current time </td></tr> |
| <tr><td><code>TIME_WDAY</code></td> |
| <td>The day of the week (starting with <code>0</code> |
| for Sunday)</td></tr> |
| <tr><td><code>TIME</code></td> |
| <td>The date and time in the format |
| <code>20101231235959</code></td></tr> |
| <tr><td><code>SERVER_SOFTWARE</code></td> |
| <td>The server version string</td></tr> |
| <tr><td><code>API_VERSION</code></td> |
| <td>The date of the API version (module magic number)</td></tr> |
| </table> |
| |
| <p>Some modules register additional variables, see e.g. |
| <module>mod_ssl</module>.</p> |
| |
| </section> |
| |
| <section id="binop"> |
| <title>Binary operators</title> |
| |
| <p>With the exception of some built-in comparison operators, binary |
| operators have the form "<code>-[a-zA-Z][a-zA-Z0-9_]+</code>", i.e. a |
| minus and at least two characters. The name is not case sensitive. |
| Modules may register additional binary operators.</p> |
| |
| <section id="comp"> |
| <title>Comparison operators</title> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec> |
| |
| <tr><th>Name</th><th>Alternative</th> <th>Description</th></tr> |
| <tr><td><code>==</code></td> |
| <td><code>=</code></td> |
| <td>String equality</td></tr> |
| <tr><td><code>!=</code></td> |
| <td></td> |
| <td>String inequality</td></tr> |
| <tr><td><code><</code></td> |
| <td></td> |
| <td>String less than</td></tr> |
| <tr><td><code><=</code></td> |
| <td></td> |
| <td>String less than or equal</td></tr> |
| <tr><td><code>></code></td> |
| <td></td> |
| <td>String greater than</td></tr> |
| <tr><td><code>>=</code></td> |
| <td></td> |
| <td>String greater than or equal</td></tr> |
| <tr><td><code>=~</code></td> |
| <td></td> |
| <td>String matches the regular expression</td></tr> |
| <tr><td><code>!~</code></td> |
| <td></td> |
| <td>String does not match the regular expression</td></tr> |
| <tr><td><code>-eq</code></td> |
| <td><code>eq</code></td> |
| <td>Integer equality</td></tr> |
| <tr><td><code>-ne</code></td> |
| <td><code>ne</code></td> |
| <td>Integer inequality</td></tr> |
| <tr><td><code>-lt</code></td> |
| <td><code>lt</code></td> |
| <td>Integer less than</td></tr> |
| <tr><td><code>-le</code></td> |
| <td><code>le</code></td> |
| <td>Integer less than or equal</td></tr> |
| <tr><td><code>-gt</code></td> |
| <td><code>gt</code></td> |
| <td>Integer greater than</td></tr> |
| <tr><td><code>-ge</code></td> |
| <td><code>ge</code></td> |
| <td>Integer greater than or equal</td></tr> |
| </table> |
| </section> |
| |
| <section id="binaryother"> |
| <title>Other binary operators</title> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".2"/><column width=".8"/></columnspec> |
| |
| <tr><th>Name</th><th>Description</th></tr> |
| <tr><td><code>-ipmatch</code></td> |
| <td>IP address matches address/netmask</td></tr> |
| <tr><td><code>-strmatch</code></td> |
| <td>left string matches pattern given by right string (containing |
| wildcards *, ?, [])</td></tr> |
| <tr><td><code>-strcmatch</code></td> |
| <td>same as <code>-strmatch</code>, but case insensitive</td></tr> |
| <tr><td><code>-fnmatch</code></td> |
| <td>same as <code>-strmatch</code>, but slashes are not matched by |
| wildcards</td></tr> |
| </table> |
| </section> |
| |
| </section> |
| |
| <section id="unnop"> |
| <title>Unary operators</title> |
| |
| <p>Unary operators take one argument and have the form |
| "<code>-[a-zA-Z]</code>", i.e. a minus and one character. |
| The name <em>is</em> case sensitive. |
| Modules may register additional unary operators.</p> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec> |
| |
| <tr><th>Name</th><th>Description</th><th>Restricted</th></tr> |
| <tr><td><code>-d</code></td> |
| <td>The argument is treated as a filename. |
| True if the file exists and is a directory</td><td>yes</td></tr> |
| <tr><td><code>-e</code></td> |
| <td>The argument is treated as a filename. |
| True if the file (or dir or special) exists</td><td>yes</td></tr> |
| <tr><td><code>-f</code></td> |
| <td>The argument is treated as a filename. |
| True if the file exists and is regular file</td><td>yes</td></tr> |
| <tr><td><code>-s</code></td> |
| <td>The argument is treated as a filename. |
| True if the file exists and is not empty</td><td>yes</td></tr> |
| <tr><td><code>-L</code></td> |
| <td>The argument is treated as a filename. |
| True if the file exists and is symlink</td><td>yes</td></tr> |
| <tr><td><code>-h</code></td> |
| <td>The argument is treated as a filename. |
| True if the file exists and is symlink |
| (same as <code>-L</code>)</td><td>yes</td></tr> |
| <tr><td><code>-F</code></td> |
| <td>True if string is a valid file, accessible via all the server's |
| currently-configured access controls for that path. This uses an |
| internal subrequest to do the check, so use it with care - it can |
| impact your server's performance!</td><td></td></tr> |
| <tr><td><code>-U</code></td> |
| <td>True if string is a valid URL, accessible via all the server's |
| currently-configured access controls for that path. This uses an |
| internal subrequest to do the check, so use it with care - it can |
| impact your server's performance!</td><td></td></tr> |
| <tr><td><code>-A</code></td> |
| <td>Alias for <code>-U</code></td><td></td></tr> |
| <tr><td><code>-n</code></td> |
| <td>True if string is not empty</td><td></td></tr> |
| <tr><td><code>-z</code></td> |
| <td>True if string is empty</td><td></td></tr> |
| <tr><td><code>-T</code></td> |
| <td>False if string is empty, "<code>0</code>", "<code>off</code>", |
| "<code>false</code>", or "<code>no</code>" (case insensitive). |
| True otherwise.</td><td></td></tr> |
| <tr><td><code>-R</code></td> |
| <td>Same as "<code>%{REMOTE_ADDR} -ipmatch ...</code>", but more |
| efficient |
| </td><td></td></tr> |
| </table> |
| |
| <p>The operators marked as "restricted" are not available in some modules |
| like <module>mod_include</module>.</p> |
| </section> |
| |
| <section id="functions"> |
| <title>Functions</title> |
| |
| <p>Normal string-valued functions take one string as argument and return |
| a string. Functions names are not case sensitive. |
| Modules may register additional functions.</p> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".2"/><column width=".4"/><column width=".4"/></columnspec> |
| |
| <tr><th>Name</th><th>Description</th><th>Special notes</th></tr> |
| <tr><td><code>req</code>, <code>http</code></td> |
| <td>Get HTTP request header; header names may be added to the Vary |
| header, see below</td><td></td></tr> |
| <tr><td><code>req_novary</code></td> |
| <td>Same as <code>req</code>, but header names will not be added to the |
| Vary header</td><td></td></tr> |
| <tr><td><code>resp</code></td> |
| <td>Get HTTP response header (most response headers will not yet be set |
| during <directive><If></directive>)</td><td></td></tr> |
| <tr><td><code>reqenv</code></td> |
| <td>Lookup request environment variable (as a shortcut, |
| <code>v</code> can also be used to access variables). |
| </td> |
| <td>ordering</td></tr> |
| <tr><td><code>osenv</code></td> |
| <td>Lookup operating system environment variable</td><td></td></tr> |
| <tr><td><code>note</code></td> |
| <td>Lookup request note</td><td>ordering</td></tr> |
| <tr><td><code>env</code></td> |
| <td>Return first match of <code>note</code>, <code>reqenv</code>, |
| <code>osenv</code></td><td>ordering</td></tr> |
| <tr><td><code>tolower</code></td> |
| <td>Convert string to lower case</td><td></td></tr> |
| <tr><td><code>toupper</code></td> |
| <td>Convert string to upper case</td><td></td></tr> |
| <tr><td><code>escape</code></td> |
| <td>Escape special characters in %hex encoding</td><td></td></tr> |
| <tr><td><code>unescape</code></td> |
| <td>Unescape %hex encoded string, leaving encoded slashes alone; |
| return empty string if %00 is found</td><td></td></tr> |
| <tr><td><code>base64</code></td> |
| <td>Encode the string using base64 encoding</td><td></td></tr> |
| <tr><td><code>unbase64</code></td> |
| <td>Decode base64 encoded string, return truncated string if 0x00 is |
| found</td><td></td></tr> |
| <tr><td><code>md5</code></td> |
| <td>Hash the string using MD5, then encode the hash with hexadecimal |
| encoding</td><td></td></tr> |
| <tr><td><code>sha1</code></td> |
| <td>Hash the string using SHA1, then encode the hash with hexadecimal |
| encoding</td><td></td></tr> |
| <tr><td><code>file</code></td> |
| <td>Read contents from a file (including line endings, when present) |
| </td><td>restricted</td></tr> |
| <tr><td><code>filemod</code></td> |
| <td>Return last modification time of a file (or 0 if file does not exist |
| or is not regular file)</td><td>restricted</td></tr> |
| <tr><td><code>filesize</code></td> |
| <td>Return size of a file (or 0 if file does not exist or is not |
| regular file)</td><td>restricted</td></tr> |
| |
| </table> |
| |
| <p>The functions marked as "restricted" in the final column are not |
| available in some modules like <module>mod_include</module>.</p> |
| |
| <p>The functions marked as "ordering" in the final column require some |
| consideration for the ordering of different components of the server, |
| especially when the function is used within the |
| <<directive module="core">If</directive>> directive which is |
| evaluated relatively early.</p> |
| <note> |
| <title>Environment variable ordering</title> |
| When environment variables are looked up within an |
| <<directive module="core">If</directive>> condition, it's important |
| to consider how extremely early in request processing that this |
| resolution occurs. As a guideline, any directive defined outside of virtual host |
| context (directory, location, htaccess) is not likely to have yet had a |
| chance to execute. <directive module="mod_setenvif">SetEnvIf</directive> |
| in virtual host scope is one directive that runs prior to this resolution |
| <br/> |
| <br/> |
| When <code>reqenv</code> is used outside of <<directive module="core" |
| >If</directive>>, the resolution will generally occur later, but the |
| exact timing depends on the directive the expression has been used within. |
| </note> |
| |
| <p>When the functions <code>req</code> or <code>http</code> are used, |
| the header name will automatically be added to the Vary header of the |
| HTTP response, except where otherwise noted for the directive accepting |
| the expression. The <code>req_novary</code> function can be used to |
| prevent names from being added to the Vary header.</p> |
| |
| <p>In addition to string-valued functions, there are also |
| list-valued functions which take one string as argument and return a |
| wordlist, i.e. a list of strings. The wordlist can be used with the |
| special <code>-in</code> operator. Functions names are not case |
| sensitive. Modules may register additional functions.</p> |
| |
| <p>There are no built-in list-valued functions. <module>mod_ssl</module> |
| provides <code>PeerExtList</code>. See the description of |
| <directive module="mod_ssl">SSLRequire</directive> for details |
| (but <code>PeerExtList</code> is also usable outside |
| of <directive module="mod_ssl">SSLRequire</directive>).</p> |
| |
| </section> |
| |
| <section id="examples"> |
| |
| <title>Example expressions</title> |
| <p>The following examples show how expressions might be used to |
| evaluate requests:</p> |
| |
| <!-- This section should probably be extended with more, useful examples --> |
| <highlight language="config"> |
| # Compare the host name to example.com and redirect to www.example.com if it matches |
| <If "%{HTTP_HOST} == 'example.com'"> |
| Redirect permanent "/" "http://www.example.com/" |
| </If> |
| |
| # Force text/plain if requesting a file with the query string contains 'forcetext' |
| <If "%{QUERY_STRING} =~ /forcetext/"> |
| ForceType text/plain |
| </If> |
| |
| # Only allow access to this content during business hours |
| <Directory "/foo/bar/business"> |
| Require expr %{TIME_HOUR} -gt 9 && %{TIME_HOUR} -lt 17 |
| </Directory> |
| |
| # Check a HTTP header for a list of values |
| <If "%{HTTP:X-example-header} in { 'foo', 'bar', 'baz' }"> |
| Header set matched true |
| </If> |
| |
| # Check an environment variable for a regular expression, negated. |
| <If "! reqenv('REDIRECT_FOO') =~ /bar/"> |
| Header set matched true |
| </If> |
| |
| # Check result of URI mapping by running in Directory context with -f |
| <Directory "/var/www"> |
| AddEncoding x-gzip gz |
| <If "-f '%{REQUEST_FILENAME}.unzipme' && ! %{HTTP:Accept-Encoding} =~ /gzip/"> |
| SetOutputFilter INFLATE |
| </If> |
| </Directory> |
| |
| # Check against the client IP |
| <If "-R '192.168.1.0/24'"> |
| Header set matched true |
| </If> |
| |
| # Function example in boolean context |
| <If "md5('foo') == 'acbd18db4cc2f85cedef654fccc4a4d8'"> |
| Header set checksum-matched true |
| </If> |
| |
| # Function example in string context |
| Header set foo-checksum "expr=%{md5:foo}" |
| |
| # This delays the evaluation of the condition clause compared to <If> |
| Header always set CustomHeader my-value "expr=%{REQUEST_URI} =~ m#^/special_path\.php$#" |
| |
| # Conditional logging |
| CustomLog logs/access-errors.log common "expr=%{REQUEST_STATUS} >= 400" |
| CustomLog logs/access-errors-specific.log common "expr=%{REQUEST_STATUS} -in {'405','410'}" |
| |
| </highlight> |
| </section> |
| |
| <section id="other"> |
| <title>Other</title> |
| |
| <table border="1" style="zebra"> |
| <columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec> |
| |
| <tr><th>Name</th><th>Alternative</th> <th>Description</th></tr> |
| <tr><td><code>-in</code></td> |
| <td><code>in</code></td> |
| <td>string contained in wordlist</td></tr> |
| <tr><td><code>/regexp/</code></td> |
| <td><code>m#regexp#</code></td> |
| <td>Regular expression (the second form allows different |
| delimiters than /)</td></tr> |
| <tr><td><code>/regexp/i</code></td> |
| <td><code>m#regexp#i</code></td> |
| <td>Case insensitive regular expression</td></tr> |
| <tr><td><code>$0 ... $9</code></td> |
| <td></td> |
| <td>Regular expression backreferences</td></tr> |
| </table> |
| |
| <section id="rebackref"> |
| <title>Regular expression backreferences</title> |
| <p>The strings <code>$0</code> ... <code>$9</code> allow to reference |
| the capture groups from a previously executed, successfully |
| matching regular expressions. They can normally only be used in the |
| same expression as the matching regex, but some modules allow special |
| uses.</p> |
| </section> |
| |
| </section> |
| |
| <section id="sslrequire"> |
| <title>Comparison with SSLRequire</title> |
| <p>The <em>ap_expr</em> syntax is mostly a superset of the syntax of the |
| deprecated <directive module="mod_ssl">SSLRequire</directive> directive. |
| The differences are described in <directive |
| module="mod_ssl">SSLRequire</directive>'s documentation.</p> |
| </section> |
| |
| <section id="compatibility"> |
| <title>Version History</title> |
| <p>The <code>req_novary</code> <a href="#functions">function</a> |
| is available for versions 2.4.4 and later.</p> |
| </section> |
| |
| </manualpage> |