1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5 This file is generated from xml source: DO NOT EDIT
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8 <title>Environment Variables in Apache - Apache HTTP Server</title>
9 <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10 <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11 <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
12 <script src="./style/scripts/prettify.js" type="text/javascript">
15 <link href="./images/favicon.ico" rel="shortcut icon" /></head>
16 <body id="manual-page"><div id="page-header">
17 <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p>
18 <p class="apache">Apache HTTP Server Version 2.5</p>
19 <img alt="" src="./images/feather.gif" /></div>
20 <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div>
22 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.5</a></div><div id="page-content"><div id="preamble"><h1>Environment Variables in Apache</h1>
24 <p><span>Available Languages: </span><a href="./en/env.html" title="English"> en </a> |
25 <a href="./fr/env.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
26 <a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
27 <a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
28 <a href="./tr/env.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
31 <p>There are two kinds of environment variables that affect
32 the Apache HTTP Server.</p>
34 <p>First, there are the environment variables controlled by
35 the underlying operating system. These are set before the
36 server starts. They can be used in expansions in configuration
37 files, and can optionally be passed to CGI scripts and SSI
38 using the PassEnv directive.</p>
40 <p>Second, the Apache HTTP Server provides a mechanism for storing
41 information in named variables that are also called <em>environment
42 variables</em>. This information can be used to control various
43 operations such as logging or access control. The variables are
44 also used as a mechanism to communicate with external programs
45 such as CGI scripts. This document discusses different ways to
46 manipulate and use these variables.</p>
48 <p>Although these variables are referred to as <em>environment
49 variables</em>, they are not the same as the environment
50 variables controlled by the underlying operating system.
51 Instead, these variables are stored and manipulated in an
52 internal Apache structure. They only become actual operating
53 system environment variables when they are provided to CGI
54 scripts and Server Side Include scripts. If you wish to
55 manipulate the operating system environment under which the
56 server itself runs, you must use the standard environment
57 manipulation mechanisms provided by your operating system
60 <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#setting">Setting Environment Variables</a></li>
61 <li><img alt="" src="./images/down.gif" /> <a href="#using">Using Environment Variables</a></li>
62 <li><img alt="" src="./images/down.gif" /> <a href="#special">Special Purpose Environment Variables</a></li>
63 <li><img alt="" src="./images/down.gif" /> <a href="#examples">Examples</a></li>
64 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
65 <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
67 <h2><a name="setting" id="setting">Setting Environment Variables</a></h2>
69 <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_cache.html">mod_cache</a></code></li><li><code class="module"><a href="./mod/mod_env.html">mod_env</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li><li><code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code></li><li><code class="module"><a href="./mod/mod_unique_id.html">mod_unique_id</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#unsetenv">UnsetEnv</a></code></li></ul></td></tr></table>
71 <h3><a name="basic-manipulation" id="basic-manipulation">Basic Environment Manipulation</a></h3>
74 <p>The most basic way to set an environment variable in Apache
75 is using the unconditional <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> directive. Variables may also be passed from
76 the environment of the shell which started the server using the
77 <code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code> directive.</p>
80 <h3><a name="conditional" id="conditional">Conditional Per-Request Settings</a></h3>
83 <p>For additional flexibility, the directives provided by
84 <code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code> allow environment variables to be set
85 on a per-request basis, conditional on characteristics of particular
86 requests. For example, a variable could be set only when a
87 specific browser (User-Agent) is making a request, or only when
88 a specific Referer [sic] header is found. Even more flexibility
89 is available through the <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>'s <code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> which uses the
90 <code>[E=...]</code> option to set environment variables.</p>
93 <h3><a name="unique-identifiers" id="unique-identifiers">Unique Identifiers</a></h3>
96 <p>Finally, <code class="module"><a href="./mod/mod_unique_id.html">mod_unique_id</a></code> sets the environment
97 variable <code>UNIQUE_ID</code> for each request to a value which is
98 guaranteed to be unique across "all" requests under very
99 specific conditions.</p>
102 <h3><a name="standard-cgi" id="standard-cgi">Standard CGI Variables</a></h3>
105 <p>In addition to all environment variables set within the
106 Apache configuration and passed from the shell, CGI scripts and
107 SSI pages are provided with a set of environment variables
108 containing meta-information about the request as required by
109 the <a href="http://www.ietf.org/rfc/rfc3875">CGI
110 specification</a>.</p>
113 <h3><a name="caveats" id="caveats">Some Caveats</a></h3>
117 <li>It is not possible to override or change the standard CGI
118 variables using the environment manipulation directives.</li>
120 <li>When <code class="program"><a href="./programs/suexec.html">suexec</a></code> is used to launch
121 CGI scripts, the environment will be cleaned down to a set of
122 <em>safe</em> variables before CGI scripts are launched. The
123 list of <em>safe</em> variables is defined at compile-time in
124 <code>suexec.c</code>.</li>
126 <li>For portability reasons, the names of environment
127 variables may contain only letters, numbers, and the
128 underscore character. In addition, the first character may
129 not be a number. Characters which do not match this
130 restriction will be replaced by an underscore when passed to
131 CGI scripts and SSI pages.</li>
133 <li>A special case are HTTP headers which are passed to CGI
134 scripts and the like via environment variables (see below).
135 They are converted to uppercase and only dashes are replaced with
136 underscores; if the header contains any other (invalid) character,
137 the whole header is silently dropped. See <a href="#fixheader">
138 below</a> for a workaround.</li>
140 <li>The <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> directive runs
141 late during request processing meaning that directives such as
142 <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> and <code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> will not see the
143 variables set with it.</li>
145 <li>When the server looks up a path via an internal
146 <a class="glossarylink" href="./glossary.html#subrequest" title="see glossary">subrequest</a> such as looking
147 for a <code class="directive"><a href="./mod/mod_dir.html#directoryindex">DirectoryIndex</a></code>
148 or generating a directory listing with <code class="module"><a href="./mod/mod_autoindex.html">mod_autoindex</a></code>,
149 per-request environment variables are <em>not</em> inherited in the
150 subrequest. Additionally,
151 <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> directives
152 are not separately evaluated in the subrequest due to the API phases
153 <code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code> takes action in.</li>
156 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
157 <div class="section">
158 <h2><a name="using" id="using">Using Environment Variables</a></h2>
161 <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_authz_host.html">mod_authz_host</a></code></li><li><code class="module"><a href="./mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code></li><li><code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code></li><li><code class="module"><a href="./mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_authz_core.html#require">Require</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="./mod/mod_access_compat.html#deny">Deny</a></code></li><li><code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code></li><li><code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li></ul></td></tr></table>
163 <h3><a name="cgi-scripts" id="cgi-scripts">CGI Scripts</a></h3>
166 <p>One of the primary uses of environment variables is to
167 communicate information to CGI scripts. As discussed above, the
168 environment passed to CGI scripts includes standard
169 meta-information about the request in addition to any variables
170 set within the Apache configuration. For more details, see the
171 <a href="howto/cgi.html">CGI tutorial</a>.</p>
174 <h3><a name="ssi-pages" id="ssi-pages">SSI Pages</a></h3>
177 <p>Server-parsed (SSI) documents processed by
178 <code class="module"><a href="./mod/mod_include.html">mod_include</a></code>'s
179 <code>INCLUDES</code> filter can print environment variables
180 using the <code>echo</code> element, and can use environment
181 variables in flow control elements to makes parts of a page
182 conditional on characteristics of a request. Apache also
183 provides SSI pages with the standard CGI environment variables
184 as discussed above. For more details, see the <a href="howto/ssi.html">SSI tutorial</a>.</p>
187 <h3><a name="access-control" id="access-control">Access Control</a></h3>
190 <p>Access to the server can be controlled based on the value of
191 environment variables using the <code>allow from env=</code>
192 and <code>deny from env=</code> directives. In combination with
193 <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>, this
194 allows for flexible control of access to the server based on
195 characteristics of the client. For example, you can use these
196 directives to deny access to a particular browser (User-Agent).
200 <h3><a name="logging" id="logging">Conditional Logging</a></h3>
203 <p>Environment variables can be logged in the access log using
204 the <code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code>
205 option <code>%e</code>. In addition, the decision on whether
206 or not to log requests can be made based on the status of
207 environment variables using the conditional form of the
208 <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code>
209 directive. In combination with <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> this allows for flexible control of which
210 requests are logged. For example, you can choose not to log
211 requests for filenames ending in <code>gif</code>, or you can
212 choose to only log requests from clients which are outside your
216 <h3><a name="response-headers" id="response-headers">Conditional Response Headers</a></h3>
219 <p>The <code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code>
220 directive can use the presence or
221 absence of an environment variable to determine whether or not
222 a certain HTTP header will be placed in the response to the
223 client. This allows, for example, a certain response header to
224 be sent only if a corresponding header is received in the
225 request from the client.</p>
229 <h3><a name="external-filter" id="external-filter">External Filter Activation</a></h3>
232 <p>External filters configured by <code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code>
233 using the <code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code> directive can
234 by activated conditional on an environment variable using the
235 <code>disableenv=</code> and <code>enableenv=</code> options.</p>
238 <h3><a name="url-rewriting" id="url-rewriting">URL Rewriting</a></h3>
241 <p>The <code>%{ENV:<em>variable</em>}</code> form of
242 <em>TestString</em> in the <code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> allows <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>'s rewrite
243 engine to make decisions conditional on environment variables.
244 Note that the variables accessible in <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>
245 without the <code>ENV:</code> prefix are not actually environment
246 variables. Rather, they are variables special to
247 <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code> which cannot be accessed from other
250 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
251 <div class="section">
252 <h2><a name="special" id="special">Special Purpose Environment Variables</a></h2>
255 <p>Interoperability problems have led to the introduction of
256 mechanisms to modify the way Apache behaves when talking to
257 particular clients. To make these mechanisms as flexible as
258 possible, they are invoked by defining environment variables,
259 typically with <code class="directive"><a href="./mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code>, though <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> and <code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code> could also be used, for example.</p>
261 <h3><a name="downgrade" id="downgrade">downgrade-1.0</a></h3>
264 <p>This forces the request to be treated as a HTTP/1.0 request
265 even if it was in a later dialect.</p>
268 <h3><a name="force-gzip" id="force-gzip">force-gzip</a></h3>
270 <p>If you have the <code>DEFLATE</code> filter activated, this
271 environment variable will ignore the accept-encoding setting of
272 your browser and will send compressed output unconditionally.</p>
274 <h3><a name="force-no-vary" id="force-no-vary">force-no-vary</a></h3>
277 <p>This causes any <code>Vary</code> fields to be removed from
278 the response header before it is sent back to the client. Some
279 clients don't interpret this field correctly; setting this
280 variable can work around this problem. Setting this variable
281 also implies <strong>force-response-1.0</strong>.</p>
284 <h3><a name="force-response" id="force-response">force-response-1.0</a></h3>
287 <p>This forces an HTTP/1.0 response to clients making an HTTP/1.0
288 request. It was originally
289 implemented as a result of a problem with AOL's proxies. Some
290 HTTP/1.0 clients may not behave correctly when given an HTTP/1.1
291 response, and this can be used to interoperate with them.</p>
295 <h3><a name="gzip-only-text-html" id="gzip-only-text-html">gzip-only-text/html</a></h3>
298 <p>When set to a value of "1", this variable disables the
299 <code>DEFLATE</code> output filter provided by
300 <code class="module"><a href="./mod/mod_deflate.html">mod_deflate</a></code> for content-types other than
301 <code>text/html</code>. If you'd rather
302 use statically compressed files, <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code>
303 evaluates the variable as well (not only for gzip, but for all
304 encodings that differ from "identity").</p>
307 <h3><a name="no-gzip" id="no-gzip">no-gzip</a></h3>
309 <p>When set, the <code>DEFLATE</code> filter of
310 <code class="module"><a href="./mod/mod_deflate.html">mod_deflate</a></code> will be turned off and
311 <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code> will refuse to deliver encoded
316 <h3><a name="no-cache" id="no-cache">no-cache</a></h3>
317 <p><em>Available in versions 2.2.12 and later</em></p>
319 <p>When set, <code class="module"><a href="./mod/mod_cache.html">mod_cache</a></code> will not save an otherwise
320 cacheable response. This environment variable does not influence
321 whether a response already in the cache will be served for the current
326 <h3><a name="nokeepalive" id="nokeepalive">nokeepalive</a></h3>
329 <p>This disables <code class="directive"><a href="./mod/core.html#keepalive">KeepAlive</a></code>
334 <h3><a name="prefer-language" id="prefer-language">prefer-language</a></h3>
336 <p>This influences <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code>'s behaviour. If
337 it contains a language tag (such as <code>en</code>, <code>ja</code>
338 or <code>x-klingon</code>), <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code> tries
339 to deliver a variant with that language. If there's no such variant,
340 the normal <a href="content-negotiation.html">negotiation</a> process
345 <h3><a name="redirect-carefully" id="redirect-carefully">redirect-carefully</a></h3>
348 <p>This forces the server to be more careful when sending a redirect
349 to the client. This is typically used when a client has a known
350 problem handling redirects. This was originally implemented as a
351 result of a problem with Microsoft's WebFolders software which has
352 a problem handling redirects on directory resources via DAV
357 <h3><a name="suppress-error-charset" id="suppress-error-charset">suppress-error-charset</a></h3>
360 <p><em>Available in versions after 2.0.54</em></p>
362 <p>When Apache issues a redirect in response to a client request,
363 the response includes some actual text to be displayed in case
364 the client can't (or doesn't) automatically follow the redirection.
365 Apache ordinarily labels this text according to the character set
366 which it uses, which is ISO-8859-1.</p>
368 <p> However, if the redirection is to a page that uses a different
369 character set, some broken browser versions will try to use the
370 character set from the redirection text rather than the actual page.
371 This can result in Greek, for instance, being incorrectly rendered.</p>
373 <p>Setting this environment variable causes Apache to omit the character
374 set for the redirection text, and these broken browsers will then correctly
375 use that of the destination page.</p>
377 <div class="warning">
378 <h3>Security note</h3>
380 <p>Sending error pages without a specified character set may
381 allow a cross-site-scripting attack for existing browsers (MSIE)
382 which do not follow the HTTP/1.1 specification and attempt to
383 "guess" the character set from the content. Such browsers can
384 be easily fooled into using the UTF-7 character set, and UTF-7
385 content from input data (such as the request-URI) will not be
386 escaped by the usual escaping mechanisms designed to prevent
387 cross-site-scripting attacks.</p>
392 <h3><a name="proxy" id="proxy">force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked,
393 proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled</a></h3>
395 <p>These directives alter the protocol behavior of
396 <code class="module"><a href="./mod/mod_proxy.html">mod_proxy</a></code>. See the <code class="module"><a href="./mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="./mod/mod_proxy_http.html">mod_proxy_http</a></code>
397 documentation for more details.</p>
400 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
401 <div class="section">
402 <h2><a name="examples" id="examples">Examples</a></h2>
405 <h3><a name="fixheader" id="fixheader">Passing broken headers to CGI scripts</a></h3>
408 <p>Starting with version 2.4, Apache is more strict about how HTTP
409 headers are converted to environment variables in <code class="module"><a href="./mod/mod_cgi .html">mod_cgi
410 </a></code> and other modules: Previously any invalid characters
411 in header names were simply translated to underscores. This allowed
412 for some potential cross-site-scripting attacks via header injection
413 (see <a href="http://events.ccc.de/congress/2007/Fahrplan/events/2212.en.html">
414 Unusual Web Bugs</a>, slide 19/20).</p>
416 <p>If you have to support a client which sends broken headers and
417 which can't be fixed, a simple workaround involving <code class="module"><a href="./mod/mod_setenvif .html">mod_setenvif
418 </a></code> and <code class="module"><a href="./mod/mod_header.html">mod_header</a></code> allows you to still accept
421 <pre class="prettyprint lang-config">
423 # The following works around a client sending a broken Accept_Encoding
426 SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1
427 RequestHeader set Accept-Encoding %{fix_accept_encoding}e env=fix_accept_encoding
433 <h3><a name="misbehaving" id="misbehaving">Changing protocol behavior with misbehaving clients</a></h3>
436 <p>Earlier versions recommended that the following lines be included in
437 httpd.conf to deal with known client problems. Since the affected clients
438 are no longer seen in the wild, this configuration is likely no-longer
440 <pre class="prettyprint lang-config">
442 # The following directives modify normal HTTP response behavior.
443 # The first directive disables keepalive for Netscape 2.x and browsers that
444 # spoof it. There are known problems with these browser implementations.
445 # The second directive is for Microsoft Internet Explorer 4.0b2
446 # which has a broken HTTP/1.1 implementation and does not properly
447 # support keepalive when it is used on 301 or 302 (redirect) responses.
449 BrowserMatch "Mozilla/2" nokeepalive
450 BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
453 # The following directive disables HTTP/1.1 responses to browsers which
454 # are in violation of the HTTP/1.0 spec by not being able to understand a
455 # basic 1.1 response.
457 BrowserMatch "RealPlayer 4\.0" force-response-1.0
458 BrowserMatch "Java/1\.0" force-response-1.0
459 BrowserMatch "JDK/1\.0" force-response-1.0
464 <h3><a name="no-img-log" id="no-img-log">Do not log requests for images in the access log</a></h3>
467 <p>This example keeps requests for images from appearing in the
468 access log. It can be easily modified to prevent logging of
469 particular directories, or to prevent logging of requests
470 coming from particular hosts.</p>
472 <pre class="prettyprint lang-config">
473 SetEnvIf Request_URI \.gif image-request
474 SetEnvIf Request_URI \.jpg image-request
475 SetEnvIf Request_URI \.png image-request
476 CustomLog logs/access_log common env=!image-request
481 <h3><a name="image-theft" id="image-theft">Prevent "Image Theft"</a></h3>
484 <p>This example shows how to keep people not on your server
485 from using images on your server as inline-images on their
486 pages. This is not a recommended configuration, but it can work
487 in limited circumstances. We assume that all your images are in
488 a directory called <code>/web/images</code>.</p>
490 <pre class="prettyprint lang-config">
491 SetEnvIf Referer "^http://www\.example\.com/" local_referal
492 # Allow browsers that do not send Referer info
493 SetEnvIf Referer "^$" local_referal
494 <Directory /web/images>
495 Require env local_referal
500 <p>For more information about this technique, see the
501 "<a href="http://www.serverwatch.com/tutorials/article.php/1132731">Keeping Your Images from Adorning Other Sites</a>"
502 tutorial on ServerWatch.</p>
505 <div class="bottomlang">
506 <p><span>Available Languages: </span><a href="./en/env.html" title="English"> en </a> |
507 <a href="./fr/env.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
508 <a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
509 <a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
510 <a href="./tr/env.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
511 </div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
512 <script type="text/javascript"><!--//--><![CDATA[//><!--
513 var comments_shortname = 'httpd';
514 var comments_identifier = 'http://httpd.apache.org/docs/trunk/env.html';
516 if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
517 d.write('<div id="comments_thread"><\/div>');
518 var s = d.createElement('script');
519 s.type = 'text/javascript';
521 s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
522 (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
525 d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
527 })(window, document);
528 //--><!]]></script></div><div id="footer">
529 <p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
530 <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
531 if (typeof(prettyPrint) !== 'undefined') {