[Top] [Prev] [Next] [Last] Download PDF:   US   UK Download Postscript:   US   UK

Appendix C

Environment Variables

Environment variables provide input for external programs accessed by content delivery modules such as mod_cgi and mod_php. The value of an environment variable can depend on the server, the server platform, the state of the system, the date or time, or HTML form input. This appendix provides information about environment variables commonly associated with Stronghold and other Web server software.

Environment variables can be set in several ways:

• Some environment variables are set by the system or in run command files.
  
  
• Environment variables corresponding to HTTP metainformation can be set by CGI programs on the basis of HTTP request headers sent by the client.
  
  
• Variables can be set on a per-object basis using the PassEnv and SetEnv directives.
  
  
• Variables can be set conditionally, based on any request criteria, using the SetEnvIf and SetEnvIfNoCase directives.
  
  
• The special environment variable UNIQUE_ID is set by mod_unique_id, which assigns a unique identifier to every request.
  
  
• Variables can be set by programs themselves.
  
  

This appendix divides environment variables into three categories:

• server variables
  
  
• client request variables
  
  
• SSL/TLS security variables
  
  

---

Server Variables

These variables pertain to the server software and its current configuration.

SERVER_SOFTWARE

• Syntax: SERVER_SOFTWARE=Stronghold/2.4.1 Apache/1.3.2
  
• Context: server
  

  The name and version number of the server software, including its Apache core

GATEWAY_INTERFACE

• Syntax: GATEWAY_INTERFACE=CGI/1.1
  
• Context: server
  

  The name and version number of your CGI gateway, which does not change unless you switch to a different version of the CGI module

SERVER_ADMIN

• Syntax: SERVER_ADMIN=email-address
  
• Context: server
  

  The server administrator's email address or other information, from httpd.conf

SERVER_ROOT

• Syntax: SERVER_ROOT=path
  
• Context: server
  

  The path to the ServerRoot directory, from httpd.conf

DOCUMENT_ROOT

• Syntax: DOCUMENT_ROOT=path
  
• Context: server
  

  The root directory for Web documents, from httpd.conf

---

Client Request Variables

These variables are derived from the HTTP headers of client requests. Their values vary with the client software and the nature of the request.

UNIQUE_ID

• Syntax: UNIQUE_ID IP, PID, time_stamp, counter
  
• Context: client request
  

  The unique identifier for this request, set by the module mod_unique_id and consisting of the requested IP number, the process ID of the child HTTPD process handling the request, the UNIX time stamp, and the value of a 16-bit counter (to distinguish requests received during the same second in time), with a possible 65,536 unique identifiers per second per HTTPD process

SERVER_NAME

• Syntax: SERVER_NAME=host
  
• Context: client request
  

  The host being addressed in this request, which may be the main host or a virtual host, either as a fully-qualified domain name or an IP address

HTTP_HOST

• Syntax: HTTP_HOST=host
  
• Context: client request
  

  Same as SERVER_NAME

HTTP_ACCEPT

• Syntax: HTTP_ACCEPT=MIME-type[, MIME-type, MIME-type . . . ]
  
• Context: client request
  

  One or more MIME types that the client can accept

HTTP_COOKIE

• Syntax: HTTP_COOKIE=cookie
  
• Context: client request
  

  The cookie presented in the Cookie header of the client request, if any.

HTTP_USER_AGENT

• Syntax: HTTP_USER_AGENT=name/version (platform)
  
• Context: client request
  

  The name, version number, and platform of the client software

SERVER_PORT

• Syntax: SERVER_PORT=port
  
• Context: client request
  

  The port number to which the request was sent

REMOTE_HOST

• Syntax: REMOTE_HOST=host
  
• Context: client request
  

  The hostname or IP number of the client host or proxy server that originated the request

  NOTE:

  This is only set if Stronghold is not compiled with MINIMAL_DNS, or if HostnameLookups is set to "off."

  
  

REMOTE_PORT

• Syntax: REMOTE_PORT=port
  
• Context: client request
  

  The client-side port number that originated the request

REMOTE_ADDR

• Syntax: REMOTE_ADDR=IP
  
• Context: client request
  

  The IP number of the client host

REMOTE_USER

• Syntax: REMOTE_USER=username
  
• Context: client request
  

  The remote username, if the script is subject to basic authentication

REMOTE_IDENT

• Syntax: REMOTE_IDENT=ident
  
• Context: client request
  

  The remote username as supplied by identd, if available

  NOTE:

  This is only set if IdentityCheck is set to "on."

  
  

SERVER_PROTOCOL

• Syntax: SERVER_PROTOCOL=protocol/version
  
• Context: client request
  

  The protocol and version number used to send the request, which Stronghold also uses in its response in order to ensure compatibility with the client

REQUEST_METHOD

• Syntax: REQUEST_METHOD=method
  
• Context: client request
  

  The method used in this request, such as GET or POST

AUTH_TYPE

• Syntax: AUTH_TYPE=method
  
• Context: client request
  

  The authentication method used in this request, if any

CONTENT_TYPE

• Syntax: CONTENT_TYPE=MIME-type
  
• Context: client request
  

  The MIME type of any data attached to the request header

CONTENT_LENGTH

• Syntax: CONTENT_LENGTH=n
  
• Context: client request
  

  The size, in bytes, of any data attached to the request header

SCRIPT_NAME

• Syntax: SCRIPT_NAME=path/to/script
  
• Context: client request
  

  The URI of the requested script

SCRIPT_FILENAME

• Syntax: SCRIPT_FILENAME=absolute/path/to/script
  
• Context: client request
  

  The absolute path to the requested script

SCRIPT_URI

• Syntax: SCRIPT_URI=method://host/path/to/script
  
• Context: client request
  

  The URI of the requested script

SCRIPT_URL

• Syntax: SCRIPT_URL=path/to/script
  
• Context: client request
  

  The URL of the requested script

QUERY_STRING

• Syntax: QUERY_STRING=string
  
• Context: client request
  

  The query-string for this transaction, embedded in the requested URL

PATH_INFO

• Syntax: PATH_INFO=info
  
• Context: client request
  

  Extra path information submitted in the request URL and used as input to a CGI program

PATH_TRANSLATED

• Syntax: PATH_TRANSLATED=path
  
• Context: client request
  

  The absolute path of the requested file, if the value of PATH_INFO can be translated to a file

ERROR_NOTES

• Syntax: ERROR_NOTES notes
  
• Context: client request
  

  Information about errors that occur during the fulfillment of a client request, such as

  malformed header from script. Bad header=test bad header output Premature end of script headers
  
  

  NOTE:

  In the error document CGI, this variable is actually called REDIRECT_ERROR_NOTES because it relates to the requested document, not the error document.

  
  

---

SSL/TLS Variables

These variables are specific to SSL and TLS:

• protocol variables
  
  
• server security variables
  
  
• client security variables
  
  

Protocol Variables

These variables relate to the SSL and TLS protocols.

SSL_PROTOCOL_VERSION

• Syntax: SSL_PROTOCOL_VERSION=2|3
  
• Context: SSL/TLS
  

  The version of SSL/TLS used in this transaction, either TLS version 1 or SSL version 2 or 3

SSLEAY_VERSION

• Syntax: SSLEAY_VERSION=n
  
• Context: SSL/TLS
  

  The current version of SSLeay

HTTPS

• Syntax: HTTPS=on|off
  
• Context: SSL/TLS
  

  "On" or "off," depending on whether SSL/TLS is turned on

HTTPS_SECRETKEYSIZE

• Syntax: HTTPS_SECRETKEYSIZE=n
  
• Context: SSL/TLS
  

  The size, in bytes, of the server's private key

HTTPS_KEYSIZE

• Syntax: HTTPS_KEYSIZE=n
  
• Context: SSL/TLS
  

  The full size, in bytes, of the server's public key

  NOTE:

  This is different from HTTPS_SECRETKEYSIZE only if you are using an export-crippled cryptography scheme.

  
  

HTTPS_CIPHER

• Syntax: HTTPS_CIPHER=cipher
  
• Context: SSL/TLS
  

  Same as SSL_CIPHER

HTTPS_EXPORT

• Syntax: HTTPS_EXPORT=true|false
  
• Context: SSL/TLS
  

  "False" if the session uses a cipher that is restricted for export, "true" if it uses an exportable (crippled) cipher

SSL_SERVER_SESSIONDIR

• Syntax: SSL_SERVER_SESSIONDIR=path
  
• Context: SSL/TLS
  

  The session caching directory, if applicable

SSL_SERVER_CERTIFICATELOGDIR

• Syntax: SSL_SERVER_CERTIFICATELOGDIR=path
  
• Context: SSL/TLS
  

  The directory where Stronghold logs client certificates

SSL_CIPHER

• Syntax: SSL_CIPHER=cipher
  
• Context: SSL/TLS
  

  The type of cipher used for the current session

Server Security Variables

SSL_SERVER_CERTFILE

• Syntax: SSL_SERVER_CERTFILE=filename
  
• Context: SSL/TLS server
  

  The server's certificate file

SSL_SERVER_KEYFILE

• Syntax: SSL_SERVER_KEYFILE=filename
  
• Context: SSL/TLS server
  

  The server's private key file

SSL_SERVER_KEYFILETYPE

• Syntax: SSL_SERVER_KEYFILETYPE=PEM
  
• Context: SSL/TLS server
  

  The format of the server's public key file; only PEM is supported

SSL_SERVER_KEY_SIZE

• Syntax: SSL_SERVER_KEY_SIZE=n
  
• Context: SSL/TLS server
  

  The size, in bytes, of the server's public key

SSL_SERVER_KEY_ALGORITHM

• Syntax: SSL_SERVER_KEY_ALGORITHM=algorithm
  
• Context: SSL/TLS server
  

  The algorithm used to generate the server's public key

SSL_SERVER_KEY_EXP

• Syntax: SSL_SERVER_KEY_EXP=expiry-time
  
• Context: SSL/TLS server
  

  The expiration date of the server's public key, in ASN1 format

SSL_SERVER_CERTIFICATE

• Syntax: SSL_SERVER_CERTIFICATE=hash
  
• Context: SSL/TLS server
  

  A hash of the certificate

SSL_SERVER_CERT_START

• Syntax: SSL_SERVER_CERT_START=date
  
• Context: SSL/TLS server
  

  The date on which the server certificate becomes valid, in ASN1 format

SSL_SERVER_CERT_END

• Syntax: SSL_SERVER_CERT_END=date
  
• Context: SSL/TLS server
  

  The date on which the server certificate is no longer valid

SSL_SERVER_EMAIL

• Syntax: SSL_SERVER_EMAIL=email-address
  
• Context: SSL/TLS server
  

  The email address of the server administrator

SSL_SERVER_O

• Syntax: SSL_SERVER_O=organization
  
• Context: SSL/TLS server
  

  The name of the organization to which the server certificate belongs

SSL_SERVER_C

• Syntax: SSL_SERVER_C=country-code
  
• Context: SSL/TLS server
  

  The two-character code for the country in which the server resides; valid country codes are listed in Appendix D

SSL_SERVER_SP

• Syntax: SSL_SERVER_SP=state|province
  
• Context: SSL/TLS server
  

  The state or province in which the server resides

SSL_SERVER_L

• Syntax: SSL_SERVER_L=locality
  
• Context: SSL/TLS server
  

  The locality, such as a town or city, in which the server resides

SSL_SERVER_SIGNATURE_ALGORITHM

• Syntax: SSL_SERVER_SIGNATURE_ALGORITHM=algorithm
  
• Context: SSL/TLS server
  

  The algorithm used the sign the server's certificate

SSL_SERVER_IO

• Syntax: SSL_SERVER_IO=CA
  
• Context: SSL/TLS server
  

  Issuer Organization, the name of the Certification Authority (CA) that issued the server's certificate

SSL_SERVER_IOU

• Syntax: SSL_SERVER_IOU=organizational-unit
  
• Context: SSL server
  

  Issuer Organizational Unit, the name of the organizational unit of the CA that issued the server certificate

SSL_SERVER_IEMAIL

• Syntax: SSL_SERVER_IEMAIL=email-address
  
• Context: SSL/TLS server
  

  Issuer Email, the contact email address of the CA that signed the server certificate

SSL_SERVER_ICN

• Syntax: SSL_SERVER_ICN=hostname
  
• Context: SSL/TLS server
  

  Issuer Common Name, the hostname of the CA that issued the server certificate

SSL_SERVER_IL

• Syntax: SSL_SERVER_IL=locality
  
• Context: SSL/TLS server
  

  Issuer Locality, the locality of the CA that issued the server certificate

SSL_SERVER_ISP

• Syntax: SSL_SERVER_ISP=state|province
  
• Context: SSL/TLS server
  

  Issuer State/Province, the state or province of the CA that issued the server certificate

SSL_SERVER_IC

• Syntax: SSL_SERVER_IC=country-code
  
• Context: SSL/TLS server
  

  Issuer Country, the two-character code for the country in which the CA that issued the server certificate resides; valid country codes are listed in Appendix D

Client Security Variables

SSL_CLIENT_KEY_ALGORITHM

• Syntax: SSL_CLIENT_KEY_ALGORITHM=algorithm
  
• Context: SSL/TLS client
  

  The algorithm used to generate the client's public key

SSL_CLIENT_KEY_SIZE

• Syntax: SSL_CLIENT_KEY_SIZE=n
  
• Context: SSL/TLS client
  

  The size, in bytes, of the client's public key

SSL_CLIENT_KEY_EXP

• Syntax: SSL_CLIENT_KEY_EXP=expiry-time
  
• Context: SSL/TLS client
  

  Expiration date of the client's certificate, in ASN1 format

SSL_CLIENT_CERTIFICATE

• Syntax: SSL_CLIENT_CERTIFICATE=hash
  
• Context: SSL/TLS client
  

  A hash of the client's certificate

SSL_CLIENT_CN

• Syntax: SSL_CLIENT_CN=name
  
• Context: SSL/TLS client
  

  The name of the client certificate's bearer

SSL_CLIENT_EMAIL

• Syntax: SSL_CLIENT_EMAIL=email-address
  
• Context: SSL/TLS client
  

  The email address of the client certificate's bearer

SSL_CLIENT_OU

• Syntax: SSL_CLIENT_OU=organizational-unit
  
• Context: SSL/TLS client
  

  The organizational unit of the client certificate's bearer

SSL_CLIENT_C

• Syntax: SSL_CLIENT_C=country-code
  
• Context: SSL/TLS client
  

  The two-character code for the country in which the client resides; valid country codes are listed in Appendix D

SSL_CLIENT_SP

• Syntax: SSL_CLIENT_SP=state|province
  
• Context: SSL/TLS client
  

  The state or province in which the client resides

SSL_CLIENT_L

• Syntax: SSL_CLIENT_L=locality
  
• Context: SSL/TLS client
  

  The locality, such as a city or town, in which the client resides

SSL_CLIENT_CERT_START

• Syntax: SSL_CLIENT_CERT_START=date
  
• Context: SSL/TLS client
  

  The date on which the client's certificate becomes valid, in ASN1 format

SSL_CLIENT_CERT_END

• Syntax: SSL_CLIENT_CERT_END=date
  
• Context: SSL/TLS client
  

  The date on which the client's certificate is no longer valid, in ASN1 format

SSL_CLIENT_O

• Syntax: SSL_CLIENT_O=organization
  
• Context: SSL/TLS client
  

  The name of the organization to which the client belongs

SSL_CLIENT_IO

• Syntax: SSL_CLIENT_IO=CA
  
• Context: SSL/TLS client
  

  The name of the CA that issued the client certificate

SSL_CLIENT_IOU

• Syntax: SSL_CLIENT_IOU=organizational-unit
  
• Context: SSL/TLS client
  

  The name of the organizational unit of the CA that issued the client certificate

SSL_CLIENT_IEMAIL

• Syntax: SSL_CLIENT_IEMAIL=email-address
  
• Context: SSL/TLS client
  

  The contact email address of the CA that issued the client certificate

SSL_CLIENT_IC

• Syntax: SSL_CLIENT_IC=country-code
  
• Context: SSL/TLS client
  

  The country in which the CA that issued the client certificate resides; valid country codes are listed in Appendix D

SSL_CLIENT_IL

• Syntax: SSL_CLIENT_IL=locality
  
• Context: SSL/TLS client
  

  The locality, such as a city or town, of the CA that issued the client certificate

SSL_CLIENT_ICN

• Syntax: SSL_CLIENT_ICN=hostname
  
• Context: SSL/TLS client
  

  The hostname of the CA that issued the client certificate

SSL_CLIENT_ISP

• Syntax: SSL_CLIENT_ISP=state|province
  
• Context: SSL/TLS client
  

  The state or province of the CA that issued the client certificate

SSL_CLIENT_SIGNATURE_ALGORITHM

• Syntax: SSL_CLIENT_SIGNATURE_ALGORITHM=algorithm
  
• Context: SSL/TLS client
  

  The algorithm used to sign the client certificate

---

[Top] [Prev] [Next] [Last]

© 1998 C2Net International Feedback: stronghold-docs@c2.net