slive 00/10/11 14:54:53
Modified: htdocs/manual index.html env.html
Log:
Change env.html from a specific discussion of special-purpose environment
variables to a general discussion of environment variables in Apache.
Revision Changes Path
1.37 +1 -1 httpd-docs-1.3/htdocs/manual/index.html
Index: index.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/index.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- index.html 2000/10/09 18:34:20 1.36
+++ index.html 2000/10/11 21:54:51 1.37
@@ -40,7 +40,7 @@
<LI><A HREF="dso.html">Dynamic Shared Object (DSO) support</A>
<LI><A HREF="handler.html">Handlers</A>
<LI><A HREF="content-negotiation.html">Content negotiation</A>
-<LI><A HREF="env.html">Special purpose environment variables</A>
+<LI><A HREF="env.html">Environment Variables</A>
<LI><A HREF="misc/API.html">The Apache API</A>
<LI><A HREF="suexec.html">Using SetUserID Execution for CGI</A>
</UL>
1.10 +201 -7 httpd-docs-1.3/htdocs/manual/env.html
Index: env.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/env.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- env.html 1999/05/04 19:17:37 1.9
+++ env.html 2000/10/11 21:54:52 1.10
@@ -13,7 +13,136 @@
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
-<H1 ALIGN="CENTER">Special Purpose Environment Variables</H1>
+<h1 align="center">Environment Variables in Apache</h1>
+
+<p>Many operating systems provide a facility for storage and
+transmission of information called environment variables. Apache uses
+environment variables in many ways to control operations and to
+communicate with other programs like CGI scripts. This document
+explains some of the ways to use environment variables in Apache.</p>
+
+<ul>
+<li><a href="#setting">Setting Environment Variables</a></li>
+<li><a href="#using">Using Environment Variables</a></li>
+<li><a href="#special">Special Purpose Environment Variables</a></li>
+<li><a href="#examples">Examples</a></li>
+</ul>
+
+<hr>
+
+<h2><a name="setting">Setting Environment Variables</a></h2>
+
+<h3>Related Modules</h3>
+
+<ul>
+<li><a href="mod/mod_env.html">mod_env</a></li>
+<li><a href="mod/mod_rewrite.html">mod_rewrite</a></li>
+<li><a href="mod/mod_setenvif.html">mod_setenvif</a></li>
+<li><a href="mod/mod_unique_id.html">mod_unique_id</a></li>
+</ul>
+
+<h3>Related Directives</h3>
+
+<ul>
+<li><A HREF="mod/mod_setenvif.html#BrowserMatch">BrowserMatch</A></li>
+<li><A HREF="mod/mod_setenvif.html#BrowserMatchNoCase">BrowserMatchNoCase</A></li>
+<li><A HREF="mod/mod_env.html#passenv">PassEnv</A></li>
+<li><A HREF="mod/mod_rewrite.html#RewriteRule">RewriteRule</A></li>
+<li><A HREF="mod/mod_env.html#setenv">SetEnv</A></li>
+<li><A HREF="mod/mod_setenvif.html#SetEnvIf">SetEnvIf</A></li>
+<li><A HREF="mod/mod_setenvif.html#SetEnvIfNoCase">SetEnvIfNoCase</A></li>
+<li><A HREF="mod/mod_env.html#unsetenv">UnsetEnv</A></li>
+</ul>
+
+<p>The most basic way to set an environment variable in Apache is
+using the unconditional <code>SetEnv</code> directive. Variables
+may also be passed from the environment when Apache is started
+using the <code>PassEnv</code> directive.</p>
+
+<p>The directives provided by mod_setenvif allow environment variables
+to be set on a per-request basis based on characteristics of particular
+requests. For example, a variable could be set only when a specific
+browser (User-Agent) is making a request, or only when a specific
+Referer header is found. Even more flexibility is available through the
+mod_rewrite's <code>RewriteRule</code> which uses the
+<code>[E=...]</code> option to set environment variables.</p>
+
+<p>Finally, mod_unique_id sets the environment variable
+<code>UNIQUE_ID</code> for each request to a value which is guaranteed
+to be unique across "all" requests under very specific conditions.</p>
+
+<hr>
+
+<h2><a name="using">Using Environment Variables</a></h2>
+
+<h3>Related Modules</h3>
+
+<ul>
+<li><a href="mod/mod_access.html">mod_access</a></li>
+<li><a href="mod/mod_cgi.html">mod_cgi</a></li>
+<li><a href="mod/mod_include.html">mod_include</a></li>
+<li><a href="mod/mod_log_config.html">mod_log_config</a></li>
+<li><a href="mod/mod_rewrite.html">mod_rewrite</a></li>
+</ul>
+
+<h3>Related Directives</h3>
+
+<ul>
+<LI><A HREF="mod/mod_access.html#allowfromenv">Allow from env=</A></li>
+<li><a href="mod/mod_log_config.html#customlog-conditional">CustomLog
+(conditional)</a></li>
+<LI><A HREF="mod/mod_access.html#denyfromenv">Deny from env=</A></li>
+<li><a href="mod/mod_log_config.html#logformat">LogFormat</a></li>
+<LI><A HREF="mod/mod_rewrite.html#RewriteCond">RewriteCond</A></li>
+<LI><A HREF="mod/mod_rewrite.html#RewriteRule">RewriteRule</A></li>
+</ul>
+
+
+<p>One of the primary uses of environment variables is to communicate
+information to CGI scripts. In addition to all environment variables
+set within Apache, CGI scripts are provided with a set of
+meta-information about the request as provided for in the <a
+href="misc/FAQ.html#cgi-spec">CGI specification</a>. If you are using
+<a href="suexec.html">Suexec</a> to execute CGI scripts under
+different userids, note that the environment will be cleaned down to a
+set of <em>safe</em> environment variables before the CGI script is
+executed. The set of safe environment variables is defined at
+compile time in <code>suexec.c</code>.
+</p>
+
+<p>Server-parsed (SSI) documents processed by mod_include's
+<code>server-parsed</code> handler can print environment variables
+using the <code>echo</code> element, and can use environment variables
+in flow control elements.
+</p>
+
+<p>Access to the server can be controlled based on the value of
+environment variables using the <code>allow from env=</code> and
+<code>deny from env=</code></a> directives. In combination with
+<code>SetEnvIf</code>, this allows for flexible control of access to
+the server based on characteristics of the client. For example, you
+can use these directives to deny access to a particular browser
+(User-Agent).
+</p>
+
+<p>Environment variables can be logged in the access log using the
+<code>LogFormat</code> option <code>%e</code>. In addition, the
+decision on whether or not to log requests can be made based on the
+status of environment variables using the conditional form of the
+<code>CustomLog</code> directive. In combination with
+<code>SetEnvIf</code> this allows for flexible control of which
+requests are logged. For example, you can choose not to log requests
+for filenames ending in <code>gif</code>, or you can choose to only
+log requests from clients which are outside your subnet.
+</p>
+
+<p>The <code>%{ENV:...}</code> form of <em>TestString</em> in the
+<code>RewriteCond</code> allows mod_rewrite's rewrite engine to make
+decisions conditional on environment variables.
+
+<hr>
+
+<H2><a name="special">Special Purpose Environment Variables</a></H2>
<P>
Interoperability problems have led to the introduction of
mechanisms to modify the way Apache behaves when talking to particular
@@ -51,13 +180,78 @@
<H2>nokeepalive</H2>
<P>
-This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set. Because
-of problems with Netscape 2.x and KeepAlive, we recommend the following
-directive be used:
+This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set.
</P>
-<PRE>
- BrowserMatch Mozilla/2 nokeepalive
-</PRE>
+
+
+<hr>
+
+<h2><a name="examples">Examples</a></h2>
+
+<h3>Changing protocol behavior with misbehaving clients</h3>
+
+<p>We recommend that the following lines be included in httpd.conf
+to deal with known client problems.</p>
+
+<pre>
+#
+# The following directives modify normal HTTP response behavior.
+# The first directive disables keepalive for Netscape 2.x and browsers that
+# spoof it. There are known problems with these browser implementations.
+# The second directive is for Microsoft Internet Explorer 4.0b2
+# which has a broken HTTP/1.1 implementation and does not properly
+# support keepalive when it is used on 301 or 302 (redirect) responses.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+
+#
+# The following directive disables HTTP/1.1 responses to browsers which
+# are in violation of the HTTP/1.0 spec by not being able to grok a
+# basic 1.1 response.
+#
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+</pre>
+
+<h3>Do not log requests for images in the access log</h3>
+
+<p>This example keeps requests for images from appearing
+in the access log. It can be easily modified to prevent logging
+of particular directories, or to prevent logging of requests
+coming from particular hosts.</p>
+
+<pre>
+ SetEnvIf Request_URI \.gif image-request
+ SetEnvIf Request_URI \.jpg image-request
+ SetEnvIf Request_URI \.png image-request
+ CustomLog logs/access_log env=!image-request
+</pre>
+
+<h3>Prevent "Image Theft"</h3>
+
+<p>This example shows how to keep people not on your server from using
+images on your server as inline-images on their pages. This is not
+a recommended configuration, but it can work in limited
+circumstances. We assume that all your images are in a directory
+called /web/images.</p>
+
+<pre>
+ SetEnvIf Referer "^http://www.example.com/" local_referal
+ # Allow browsers that do not send Referer info
+ SetEnvIf Referer "^$" local_referal
+ <Directory /web/images>
+ Order Deny,Allow
+ Deny from all
+ Allow from env=local_referal
+ </Directory>
+</pre>
+
+<p>For more information about this technique, see the ApacheToday
+tutorial "<a
+href="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS">Keeping
+Your Images from Adorning Other Sites</a>".</p>
<!--#include virtual="footer.html" -->
</BODY>
Modified: htdocs/manual index.html env.html
Log:
Change env.html from a specific discussion of special-purpose environment
variables to a general discussion of environment variables in Apache.
Revision Changes Path
1.37 +1 -1 httpd-docs-1.3/htdocs/manual/index.html
Index: index.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/index.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- index.html 2000/10/09 18:34:20 1.36
+++ index.html 2000/10/11 21:54:51 1.37
@@ -40,7 +40,7 @@
<LI><A HREF="dso.html">Dynamic Shared Object (DSO) support</A>
<LI><A HREF="handler.html">Handlers</A>
<LI><A HREF="content-negotiation.html">Content negotiation</A>
-<LI><A HREF="env.html">Special purpose environment variables</A>
+<LI><A HREF="env.html">Environment Variables</A>
<LI><A HREF="misc/API.html">The Apache API</A>
<LI><A HREF="suexec.html">Using SetUserID Execution for CGI</A>
</UL>
1.10 +201 -7 httpd-docs-1.3/htdocs/manual/env.html
Index: env.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/env.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- env.html 1999/05/04 19:17:37 1.9
+++ env.html 2000/10/11 21:54:52 1.10
@@ -13,7 +13,136 @@
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
-<H1 ALIGN="CENTER">Special Purpose Environment Variables</H1>
+<h1 align="center">Environment Variables in Apache</h1>
+
+<p>Many operating systems provide a facility for storage and
+transmission of information called environment variables. Apache uses
+environment variables in many ways to control operations and to
+communicate with other programs like CGI scripts. This document
+explains some of the ways to use environment variables in Apache.</p>
+
+<ul>
+<li><a href="#setting">Setting Environment Variables</a></li>
+<li><a href="#using">Using Environment Variables</a></li>
+<li><a href="#special">Special Purpose Environment Variables</a></li>
+<li><a href="#examples">Examples</a></li>
+</ul>
+
+<hr>
+
+<h2><a name="setting">Setting Environment Variables</a></h2>
+
+<h3>Related Modules</h3>
+
+<ul>
+<li><a href="mod/mod_env.html">mod_env</a></li>
+<li><a href="mod/mod_rewrite.html">mod_rewrite</a></li>
+<li><a href="mod/mod_setenvif.html">mod_setenvif</a></li>
+<li><a href="mod/mod_unique_id.html">mod_unique_id</a></li>
+</ul>
+
+<h3>Related Directives</h3>
+
+<ul>
+<li><A HREF="mod/mod_setenvif.html#BrowserMatch">BrowserMatch</A></li>
+<li><A HREF="mod/mod_setenvif.html#BrowserMatchNoCase">BrowserMatchNoCase</A></li>
+<li><A HREF="mod/mod_env.html#passenv">PassEnv</A></li>
+<li><A HREF="mod/mod_rewrite.html#RewriteRule">RewriteRule</A></li>
+<li><A HREF="mod/mod_env.html#setenv">SetEnv</A></li>
+<li><A HREF="mod/mod_setenvif.html#SetEnvIf">SetEnvIf</A></li>
+<li><A HREF="mod/mod_setenvif.html#SetEnvIfNoCase">SetEnvIfNoCase</A></li>
+<li><A HREF="mod/mod_env.html#unsetenv">UnsetEnv</A></li>
+</ul>
+
+<p>The most basic way to set an environment variable in Apache is
+using the unconditional <code>SetEnv</code> directive. Variables
+may also be passed from the environment when Apache is started
+using the <code>PassEnv</code> directive.</p>
+
+<p>The directives provided by mod_setenvif allow environment variables
+to be set on a per-request basis based on characteristics of particular
+requests. For example, a variable could be set only when a specific
+browser (User-Agent) is making a request, or only when a specific
+Referer header is found. Even more flexibility is available through the
+mod_rewrite's <code>RewriteRule</code> which uses the
+<code>[E=...]</code> option to set environment variables.</p>
+
+<p>Finally, mod_unique_id sets the environment variable
+<code>UNIQUE_ID</code> for each request to a value which is guaranteed
+to be unique across "all" requests under very specific conditions.</p>
+
+<hr>
+
+<h2><a name="using">Using Environment Variables</a></h2>
+
+<h3>Related Modules</h3>
+
+<ul>
+<li><a href="mod/mod_access.html">mod_access</a></li>
+<li><a href="mod/mod_cgi.html">mod_cgi</a></li>
+<li><a href="mod/mod_include.html">mod_include</a></li>
+<li><a href="mod/mod_log_config.html">mod_log_config</a></li>
+<li><a href="mod/mod_rewrite.html">mod_rewrite</a></li>
+</ul>
+
+<h3>Related Directives</h3>
+
+<ul>
+<LI><A HREF="mod/mod_access.html#allowfromenv">Allow from env=</A></li>
+<li><a href="mod/mod_log_config.html#customlog-conditional">CustomLog
+(conditional)</a></li>
+<LI><A HREF="mod/mod_access.html#denyfromenv">Deny from env=</A></li>
+<li><a href="mod/mod_log_config.html#logformat">LogFormat</a></li>
+<LI><A HREF="mod/mod_rewrite.html#RewriteCond">RewriteCond</A></li>
+<LI><A HREF="mod/mod_rewrite.html#RewriteRule">RewriteRule</A></li>
+</ul>
+
+
+<p>One of the primary uses of environment variables is to communicate
+information to CGI scripts. In addition to all environment variables
+set within Apache, CGI scripts are provided with a set of
+meta-information about the request as provided for in the <a
+href="misc/FAQ.html#cgi-spec">CGI specification</a>. If you are using
+<a href="suexec.html">Suexec</a> to execute CGI scripts under
+different userids, note that the environment will be cleaned down to a
+set of <em>safe</em> environment variables before the CGI script is
+executed. The set of safe environment variables is defined at
+compile time in <code>suexec.c</code>.
+</p>
+
+<p>Server-parsed (SSI) documents processed by mod_include's
+<code>server-parsed</code> handler can print environment variables
+using the <code>echo</code> element, and can use environment variables
+in flow control elements.
+</p>
+
+<p>Access to the server can be controlled based on the value of
+environment variables using the <code>allow from env=</code> and
+<code>deny from env=</code></a> directives. In combination with
+<code>SetEnvIf</code>, this allows for flexible control of access to
+the server based on characteristics of the client. For example, you
+can use these directives to deny access to a particular browser
+(User-Agent).
+</p>
+
+<p>Environment variables can be logged in the access log using the
+<code>LogFormat</code> option <code>%e</code>. In addition, the
+decision on whether or not to log requests can be made based on the
+status of environment variables using the conditional form of the
+<code>CustomLog</code> directive. In combination with
+<code>SetEnvIf</code> this allows for flexible control of which
+requests are logged. For example, you can choose not to log requests
+for filenames ending in <code>gif</code>, or you can choose to only
+log requests from clients which are outside your subnet.
+</p>
+
+<p>The <code>%{ENV:...}</code> form of <em>TestString</em> in the
+<code>RewriteCond</code> allows mod_rewrite's rewrite engine to make
+decisions conditional on environment variables.
+
+<hr>
+
+<H2><a name="special">Special Purpose Environment Variables</a></H2>
<P>
Interoperability problems have led to the introduction of
mechanisms to modify the way Apache behaves when talking to particular
@@ -51,13 +180,78 @@
<H2>nokeepalive</H2>
<P>
-This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set. Because
-of problems with Netscape 2.x and KeepAlive, we recommend the following
-directive be used:
+This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set.
</P>
-<PRE>
- BrowserMatch Mozilla/2 nokeepalive
-</PRE>
+
+
+<hr>
+
+<h2><a name="examples">Examples</a></h2>
+
+<h3>Changing protocol behavior with misbehaving clients</h3>
+
+<p>We recommend that the following lines be included in httpd.conf
+to deal with known client problems.</p>
+
+<pre>
+#
+# The following directives modify normal HTTP response behavior.
+# The first directive disables keepalive for Netscape 2.x and browsers that
+# spoof it. There are known problems with these browser implementations.
+# The second directive is for Microsoft Internet Explorer 4.0b2
+# which has a broken HTTP/1.1 implementation and does not properly
+# support keepalive when it is used on 301 or 302 (redirect) responses.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+
+#
+# The following directive disables HTTP/1.1 responses to browsers which
+# are in violation of the HTTP/1.0 spec by not being able to grok a
+# basic 1.1 response.
+#
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+</pre>
+
+<h3>Do not log requests for images in the access log</h3>
+
+<p>This example keeps requests for images from appearing
+in the access log. It can be easily modified to prevent logging
+of particular directories, or to prevent logging of requests
+coming from particular hosts.</p>
+
+<pre>
+ SetEnvIf Request_URI \.gif image-request
+ SetEnvIf Request_URI \.jpg image-request
+ SetEnvIf Request_URI \.png image-request
+ CustomLog logs/access_log env=!image-request
+</pre>
+
+<h3>Prevent "Image Theft"</h3>
+
+<p>This example shows how to keep people not on your server from using
+images on your server as inline-images on their pages. This is not
+a recommended configuration, but it can work in limited
+circumstances. We assume that all your images are in a directory
+called /web/images.</p>
+
+<pre>
+ SetEnvIf Referer "^http://www.example.com/" local_referal
+ # Allow browsers that do not send Referer info
+ SetEnvIf Referer "^$" local_referal
+ <Directory /web/images>
+ Order Deny,Allow
+ Deny from all
+ Allow from env=local_referal
+ </Directory>
+</pre>
+
+<p>For more information about this technique, see the ApacheToday
+tutorial "<a
+href="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS">Keeping
+Your Images from Adorning Other Sites</a>".</p>
<!--#include virtual="footer.html" -->
</BODY>