Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
There are two kinds of environment variables that affect the Apache HTTP Server.
First, there are the environment variables controlled by the underlying operating system. These are set before the server starts. They can be used in expansions in configuration files, and can optionally be passed to CGI scripts and SSI using the PassEnv directive.
Second, the Apache HTTP Server provides a mechanism for storing information in named variables that are also called environment variables. This information can be used to control various operations such as logging or access control. The variables are also used as a mechanism to communicate with external programs such as CGI scripts. This document discusses different ways to manipulate and use these variables.
Although these variables are referred to as environment variables, they are not the same as the environment variables controlled by the underlying operating system. Instead, these variables are stored and manipulated in an internal Apache structure. They only become actual operating system environment variables when they are provided to CGI scripts and Server Side Include scripts. If you wish to manipulate the operating system environment under which the server itself runs, you must use the standard environment manipulation mechanisms provided by your operating system shell.
Setting Environment Variables Using Environment Variables Special Purpose Environment Variables Examples
| Related Modules | Related Directives |
|---|---|
The most basic way to set an environment variable in Apache
is using the unconditional SetEnv directive. Variables may also be passed from
the environment of the shell which started the server using the
PassEnv directive.
For additional flexibility, the directives provided by
mod_setenvif allow environment variables to be set
on a per-request basis, conditional on characteristics of particular
requests. For example, a variable could be set only when a
specific browser (User-Agent) is making a request, or only when
a specific Referer [sic] header is found. Even more flexibility
is available through the mod_rewrite's RewriteRule which uses the
[E=...] option to set environment variables.
Finally, mod_unique_id sets the environment
variable UNIQUE_ID for each request to a value which is
guaranteed to be unique across "all" requests under very
specific conditions.
In addition to all environment variables set within the Apache configuration and passed from the shell, CGI scripts and SSI pages are provided with a set of environment variables containing meta-information about the request as required by the CGI specification.
suexec is used to launch
CGI scripts, the environment will be cleaned down to a set of
safe variables before CGI scripts are launched. The
list of safe variables is defined at compile-time in
suexec.c.SetEnv directive runs
late during request processing meaning that directives such as
SetEnvIf and RewriteCond will not see the
variables set with it.DirectoryIndex
or generating a directory listing with mod_autoindex,
per-request environment variables are not inherited in the
subrequest. Additionally,
SetEnvIf directives
are not separately evaluated in the subrequest due to the API phases
mod_setenvif takes action in.| Related Modules | Related Directives |
|---|---|
One of the primary uses of environment variables is to communicate information to CGI scripts. As discussed above, the environment passed to CGI scripts includes standard meta-information about the request in addition to any variables set within the Apache configuration. For more details, see the CGI tutorial.
Server-parsed (SSI) documents processed by
mod_include's
INCLUDES filter can print environment variables
using the echo element, and can use environment
variables in flow control elements to makes parts of a page
conditional on characteristics of a request. Apache also
provides SSI pages with the standard CGI environment variables
as discussed above. For more details, see the SSI tutorial.
Access to the server can be controlled based on
environment variables using the Require env
and Require not env directives. In combination with
SetEnvIf, this
allows for flexible control of access to the server based on
characteristics of the client. For example, you can use these
directives to deny access to a particular browser (User-Agent).
Environment variables can be logged in the access log using
the LogFormat
option %e. In addition, the decision on whether
or not to log requests can be made based on the status of
environment variables using the conditional form of the
CustomLog
directive. In combination with SetEnvIf this allows for flexible control of which
requests are logged. For example, you can choose not to log
requests for filenames ending in gif, or you can
choose to only log requests from clients which are outside your
subnet.
The Header
directive can use the presence or
absence of an environment variable to determine whether or not
a certain HTTP header will be placed in the response to the
client. This allows, for example, a certain response header to
be sent only if a corresponding header is received in the
request from the client.
External filters configured by mod_ext_filter
using the ExtFilterDefine directive can
by activated conditional on an environment variable using the
disableenv= and enableenv= options.
The %{ENV:variable} form of
TestString in the RewriteCond allows mod_rewrite's rewrite
engine to make decisions conditional on environment variables.
Note that the variables accessible in mod_rewrite
without the ENV: prefix are not actually environment
variables. Rather, they are variables special to
mod_rewrite which cannot be accessed from other
modules.