1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
4 <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
7 This file is generated from xml source: DO NOT EDIT
8 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
10 <title>Environment Variables in Apache - Apache HTTP Server Version 2.5</title>
11 <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
12 <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
13 <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
14 <script src="./style/scripts/prettify.min.js" type="text/javascript">
17 <link href="./images/favicon.ico" rel="shortcut icon" /></head>
18 <body id="manual-page"><div id="page-header">
19 <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p>
20 <p class="apache">Apache HTTP Server Version 2.5</p>
21 <img alt="" src="./images/feather.gif" /></div>
22 <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div>
24 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.5</a></div><div id="page-content"><div id="preamble"><h1>Environment Variables in Apache</h1>
26 <p><span>Available Languages: </span><a href="./en/env.html" title="English"> en </a> |
27 <a href="./fr/env.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
28 <a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
29 <a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
30 <a href="./tr/env.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
33 <p>There are two kinds of environment variables that affect
34 the Apache HTTP Server.</p>
36 <p>First, there are the environment variables controlled by
37 the underlying operating system. These are set before the
38 server starts. They can be used in expansions in configuration
39 files, and can optionally be passed to CGI scripts and SSI
40 using the PassEnv directive.</p>
42 <p>Second, the Apache HTTP Server provides a mechanism for storing
43 information in named variables that are also called <em>environment
44 variables</em>. This information can be used to control various
45 operations such as logging or access control. The variables are
46 also used as a mechanism to communicate with external programs
47 such as CGI scripts. This document discusses different ways to
48 manipulate and use these variables.</p>
50 <p>Although these variables are referred to as <em>environment
51 variables</em>, they are not the same as the environment
52 variables controlled by the underlying operating system.
53 Instead, these variables are stored and manipulated in an
54 internal Apache structure. They only become actual operating
55 system environment variables when they are provided to CGI
56 scripts and Server Side Include scripts. If you wish to
57 manipulate the operating system environment under which the
58 server itself runs, you must use the standard environment
59 manipulation mechanisms provided by your operating system
62 <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#setting">Setting Environment Variables</a></li>
63 <li><img alt="" src="./images/down.gif" /> <a href="#using">Using Environment Variables</a></li>
64 <li><img alt="" src="./images/down.gif" /> <a href="#special">Special Purpose Environment Variables</a></li>
65 <li><img alt="" src="./images/down.gif" /> <a href="#examples">Examples</a></li>
66 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
67 <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
69 <h2><a name="setting" id="setting">Setting Environment Variables</a></h2>
71 <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_cache.html">mod_cache</a></code></li><li><code class="module"><a href="./mod/mod_env.html">mod_env</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li><li><code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code></li><li><code class="module"><a href="./mod/mod_unique_id.html">mod_unique_id</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase</a></code></li><li><code class="directive"><a href="./mod/mod_env.html#unsetenv">UnsetEnv</a></code></li></ul></td></tr></table>
73 <h3><a name="basic-manipulation" id="basic-manipulation">Basic Environment Manipulation</a></h3>
76 <p>The most basic way to set an environment variable in Apache
77 is using the unconditional <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> directive. Variables may also be passed from
78 the environment of the shell which started the server using the
79 <code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code> directive.</p>
82 <h3><a name="conditional" id="conditional">Conditional Per-Request Settings</a></h3>
85 <p>For additional flexibility, the directives provided by
86 <code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code> allow environment variables to be set
87 on a per-request basis, conditional on characteristics of particular
88 requests. For example, a variable could be set only when a
89 specific browser (User-Agent) is making a request, or only when
90 a specific Referer [sic] header is found. Even more flexibility
91 is available through the <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>'s <code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> which uses the
92 <code>[E=...]</code> option to set environment variables.</p>
95 <h3><a name="unique-identifiers" id="unique-identifiers">Unique Identifiers</a></h3>
98 <p>Finally, <code class="module"><a href="./mod/mod_unique_id.html">mod_unique_id</a></code> sets the environment
99 variable <code>UNIQUE_ID</code> for each request to a value which is
100 guaranteed to be unique across "all" requests under very
101 specific conditions.</p>
104 <h3><a name="standard-cgi" id="standard-cgi">Standard CGI Variables</a></h3>
107 <p>In addition to all environment variables set within the
108 Apache configuration and passed from the shell, CGI scripts and
109 SSI pages are provided with a set of environment variables
110 containing meta-information about the request as required by
111 the <a href="http://www.ietf.org/rfc/rfc3875">CGI
112 specification</a>.</p>
115 <h3><a name="caveats" id="caveats">Some Caveats</a></h3>
119 <li>It is not possible to override or change the standard CGI
120 variables using the environment manipulation directives.</li>
122 <li>When <code class="program"><a href="./programs/suexec.html">suexec</a></code> is used to launch
123 CGI scripts, the environment will be cleaned down to a set of
124 <em>safe</em> variables before CGI scripts are launched. The
125 list of <em>safe</em> variables is defined at compile-time in
126 <code>suexec.c</code>.</li>
128 <li>For portability reasons, the names of environment
129 variables may contain only letters, numbers, and the
130 underscore character. In addition, the first character may
131 not be a number. Characters which do not match this
132 restriction will be replaced by an underscore when passed to
133 CGI scripts and SSI pages.</li>
135 <li>A special case are HTTP headers which are passed to CGI
136 scripts and the like via environment variables (see below).
137 They are converted to uppercase and only dashes are replaced with
138 underscores; if the header contains any other (invalid) character,
139 the whole header is silently dropped. See <a href="#fixheader">
140 below</a> for a workaround.</li>
142 <li>The <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> directive runs
143 late during request processing meaning that directives such as
144 <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> and <code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> will not see the
145 variables set with it.</li>
147 <li>When the server looks up a path via an internal
148 <a class="glossarylink" href="./glossary.html#subrequest" title="see glossary">subrequest</a> such as looking
149 for a <code class="directive"><a href="./mod/mod_dir.html#directoryindex">DirectoryIndex</a></code>
150 or generating a directory listing with <code class="module"><a href="./mod/mod_autoindex.html">mod_autoindex</a></code>,
151 per-request environment variables are <em>not</em> inherited in the
152 subrequest. Additionally,
153 <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> directives
154 are not separately evaluated in the subrequest due to the API phases
155 <code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code> takes action in.</li>
158 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
159 <div class="section">
160 <h2><a name="using" id="using">Using Environment Variables</a></h2>
163 <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_authz_host.html">mod_authz_host</a></code></li><li><code class="module"><a href="./mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code></li><li><code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code></li><li><code class="module"><a href="./mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_authz_core.html#require">Require</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="./mod/mod_access_compat.html#deny">Deny</a></code></li><li><code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code></li><li><code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li></ul></td></tr></table>
165 <h3><a name="cgi-scripts" id="cgi-scripts">CGI Scripts</a></h3>
168 <p>One of the primary uses of environment variables is to
169 communicate information to CGI scripts. As discussed above, the
170 environment passed to CGI scripts includes standard
171 meta-information about the request in addition to any variables
172 set within the Apache configuration. For more details, see the
173 <a href="howto/cgi.html">CGI tutorial</a>.</p>
176 <h3><a name="ssi-pages" id="ssi-pages">SSI Pages</a></h3>
179 <p>Server-parsed (SSI) documents processed by
180 <code class="module"><a href="./mod/mod_include.html">mod_include</a></code>'s
181 <code>INCLUDES</code> filter can print environment variables
182 using the <code>echo</code> element, and can use environment
183 variables in flow control elements to makes parts of a page
184 conditional on characteristics of a request. Apache also
185 provides SSI pages with the standard CGI environment variables
186 as discussed above. For more details, see the <a href="howto/ssi.html">SSI tutorial</a>.</p>
189 <h3><a name="access-control" id="access-control">Access Control</a></h3>
192 <p>Access to the server can be controlled based on the value of
193 environment variables using the <code>allow from env=</code>
194 and <code>deny from env=</code> directives. In combination with
195 <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>, this
196 allows for flexible control of access to the server based on
197 characteristics of the client. For example, you can use these
198 directives to deny access to a particular browser (User-Agent).
202 <h3><a name="logging" id="logging">Conditional Logging</a></h3>
205 <p>Environment variables can be logged in the access log using
206 the <code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code>
207 option <code>%e</code>. In addition, the decision on whether
208 or not to log requests can be made based on the status of
209 environment variables using the conditional form of the
210 <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code>
211 directive. In combination with <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> this allows for flexible control of which
212 requests are logged. For example, you can choose not to log
213 requests for filenames ending in <code>gif</code>, or you can
214 choose to only log requests from clients which are outside your
218 <h3><a name="response-headers" id="response-headers">Conditional Response Headers</a></h3>
221 <p>The <code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code>
222 directive can use the presence or
223 absence of an environment variable to determine whether or not
224 a certain HTTP header will be placed in the response to the
225 client. This allows, for example, a certain response header to
226 be sent only if a corresponding header is received in the
227 request from the client.</p>
231 <h3><a name="external-filter" id="external-filter">External Filter Activation</a></h3>
234 <p>External filters configured by <code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code>
235 using the <code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code> directive can
236 by activated conditional on an environment variable using the
237 <code>disableenv=</code> and <code>enableenv=</code> options.</p>
240 <h3><a name="url-rewriting" id="url-rewriting">URL Rewriting</a></h3>
243 <p>The <code>%{ENV:<em>variable</em>}</code> form of
244 <em>TestString</em> in the <code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> allows <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>'s rewrite
245 engine to make decisions conditional on environment variables.
246 Note that the variables accessible in <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>
247 without the <code>ENV:</code> prefix are not actually environment
248 variables. Rather, they are variables special to
249 <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code> which cannot be accessed from other
252 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
253 <div class="section">
254 <h2><a name="special" id="special">Special Purpose Environment Variables</a></h2>
257 <p>Interoperability problems have led to the introduction of
258 mechanisms to modify the way Apache behaves when talking to
259 particular clients. To make these mechanisms as flexible as
260 possible, they are invoked by defining environment variables,
261 typically with <code class="directive"><a href="./mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code>, though <code class="directive"><a href="./mod/mod_env.html#setenv">SetEnv</a></code> and <code class="directive"><a href="./mod/mod_env.html#passenv">PassEnv</a></code> could also be used, for example.</p>
263 <h3><a name="downgrade" id="downgrade">downgrade-1.0</a></h3>
266 <p>This forces the request to be treated as a HTTP/1.0 request
267 even if it was in a later dialect.</p>
270 <h3><a name="force-gzip" id="force-gzip">force-gzip</a></h3>
272 <p>If you have the <code>DEFLATE</code> filter activated, this
273 environment variable will ignore the accept-encoding setting of
274 your browser and will send compressed output unconditionally.</p>
276 <h3><a name="force-no-vary" id="force-no-vary">force-no-vary</a></h3>
279 <p>This causes any <code>Vary</code> fields to be removed from
280 the response header before it is sent back to the client. Some
281 clients don't interpret this field correctly; setting this
282 variable can work around this problem. Setting this variable
283 also implies <strong>force-response-1.0</strong>.</p>
286 <h3><a name="force-response" id="force-response">force-response-1.0</a></h3>
289 <p>This forces an HTTP/1.0 response to clients making an HTTP/1.0
290 request. It was originally
291 implemented as a result of a problem with AOL's proxies. Some
292 HTTP/1.0 clients may not behave correctly when given an HTTP/1.1
293 response, and this can be used to interoperate with them.</p>
297 <h3><a name="gzip-only-text-html" id="gzip-only-text-html">gzip-only-text/html</a></h3>
300 <p>When set to a value of "1", this variable disables the
301 <code>DEFLATE</code> output filter provided by
302 <code class="module"><a href="./mod/mod_deflate.html">mod_deflate</a></code> for content-types other than
303 <code>text/html</code>. If you'd rather
304 use statically compressed files, <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code>
305 evaluates the variable as well (not only for gzip, but for all
306 encodings that differ from "identity").</p>
309 <h3><a name="no-gzip" id="no-gzip">no-gzip</a></h3>
311 <p>When set, the <code>DEFLATE</code> filter of
312 <code class="module"><a href="./mod/mod_deflate.html">mod_deflate</a></code> will be turned off and
313 <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code> will refuse to deliver encoded
318 <h3><a name="no-cache" id="no-cache">no-cache</a></h3>
319 <p><em>Available in versions 2.2.12 and later</em></p>
321 <p>When set, <code class="module"><a href="./mod/mod_cache.html">mod_cache</a></code> will not save an otherwise
322 cacheable response. This environment variable does not influence
323 whether a response already in the cache will be served for the current
328 <h3><a name="nokeepalive" id="nokeepalive">nokeepalive</a></h3>
331 <p>This disables <code class="directive"><a href="./mod/core.html#keepalive">KeepAlive</a></code>
336 <h3><a name="prefer-language" id="prefer-language">prefer-language</a></h3>
338 <p>This influences <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code>'s behaviour. If
339 it contains a language tag (such as <code>en</code>, <code>ja</code>
340 or <code>x-klingon</code>), <code class="module"><a href="./mod/mod_negotiation.html">mod_negotiation</a></code> tries
341 to deliver a variant with that language. If there's no such variant,
342 the normal <a href="content-negotiation.html">negotiation</a> process
347 <h3><a name="redirect-carefully" id="redirect-carefully">redirect-carefully</a></h3>
350 <p>This forces the server to be more careful when sending a redirect
351 to the client. This is typically used when a client has a known
352 problem handling redirects. This was originally implemented as a
353 result of a problem with Microsoft's WebFolders software which has
354 a problem handling redirects on directory resources via DAV
359 <h3><a name="suppress-error-charset" id="suppress-error-charset">suppress-error-charset</a></h3>
362 <p><em>Available in versions after 2.0.54</em></p>
364 <p>When Apache issues a redirect in response to a client request,
365 the response includes some actual text to be displayed in case
366 the client can't (or doesn't) automatically follow the redirection.
367 Apache ordinarily labels this text according to the character set
368 which it uses, which is ISO-8859-1.</p>
370 <p> However, if the redirection is to a page that uses a different
371 character set, some broken browser versions will try to use the
372 character set from the redirection text rather than the actual page.
373 This can result in Greek, for instance, being incorrectly rendered.</p>
375 <p>Setting this environment variable causes Apache to omit the character
376 set for the redirection text, and these broken browsers will then correctly
377 use that of the destination page.</p>
379 <div class="warning">
380 <h3>Security note</h3>
382 <p>Sending error pages without a specified character set may
383 allow a cross-site-scripting attack for existing browsers (MSIE)
384 which do not follow the HTTP/1.1 specification and attempt to
385 "guess" the character set from the content. Such browsers can
386 be easily fooled into using the UTF-7 character set, and UTF-7
387 content from input data (such as the request-URI) will not be
388 escaped by the usual escaping mechanisms designed to prevent
389 cross-site-scripting attacks.</p>
394 <h3><a name="proxy" id="proxy">force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked,
395 proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled</a></h3>
397 <p>These directives alter the protocol behavior of
398 <code class="module"><a href="./mod/mod_proxy.html">mod_proxy</a></code>. See the <code class="module"><a href="./mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="./mod/mod_proxy_http.html">mod_proxy_http</a></code>
399 documentation for more details.</p>
402 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
403 <div class="section">
404 <h2><a name="examples" id="examples">Examples</a></h2>
407 <h3><a name="fixheader" id="fixheader">Passing broken headers to CGI scripts</a></h3>
410 <p>Starting with version 2.4, Apache is more strict about how HTTP
411 headers are converted to environment variables in <code class="module"><a href="./mod/mod_cgi.html">mod_cgi
412 </a></code> and other modules: Previously any invalid characters
413 in header names were simply translated to underscores. This allowed
414 for some potential cross-site-scripting attacks via header injection
415 (see <a href="http://events.ccc.de/congress/2007/Fahrplan/events/2212.en.html">
416 Unusual Web Bugs</a>, slide 19/20).</p>
418 <p>If you have to support a client which sends broken headers and
419 which can't be fixed, a simple workaround involving <code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif
420 </a></code> and <code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code> allows you to still accept
423 <pre class="prettyprint lang-config">#
424 # The following works around a client sending a broken Accept_Encoding
427 SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1
428 RequestHeader set Accept-Encoding %{fix_accept_encoding}e env=fix_accept_encoding</pre>
433 <h3><a name="misbehaving" id="misbehaving">Changing protocol behavior with misbehaving clients</a></h3>
436 <p>Earlier versions recommended that the following lines be included in
437 httpd.conf to deal with known client problems. Since the affected clients
438 are no longer seen in the wild, this configuration is likely no-longer
440 <pre class="prettyprint lang-config">#
441 # The following directives modify normal HTTP response behavior.
442 # The first directive disables keepalive for Netscape 2.x and browsers that
443 # spoof it. There are known problems with these browser implementations.
444 # The second directive is for Microsoft Internet Explorer 4.0b2
445 # which has a broken HTTP/1.1 implementation and does not properly
446 # support keepalive when it is used on 301 or 302 (redirect) responses.
448 BrowserMatch "Mozilla/2" nokeepalive
449 BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
452 # The following directive disables HTTP/1.1 responses to browsers which
453 # are in violation of the HTTP/1.0 spec by not being able to understand a
454 # basic 1.1 response.
456 BrowserMatch "RealPlayer 4\.0" force-response-1.0
457 BrowserMatch "Java/1\.0" force-response-1.0
458 BrowserMatch "JDK/1\.0" force-response-1.0</pre>
462 <h3><a name="no-img-log" id="no-img-log">Do not log requests for images in the access log</a></h3>
465 <p>This example keeps requests for images from appearing in the
466 access log. It can be easily modified to prevent logging of
467 particular directories, or to prevent logging of requests
468 coming from particular hosts.</p>
470 <pre class="prettyprint lang-config">SetEnvIf Request_URI \.gif image-request
471 SetEnvIf Request_URI \.jpg image-request
472 SetEnvIf Request_URI \.png image-request
473 CustomLog "logs/access_log" common env=!image-request</pre>
477 <h3><a name="image-theft" id="image-theft">Prevent "Image Theft"</a></h3>
480 <p>This example shows how to keep people not on your server
481 from using images on your server as inline-images on their
482 pages. This is not a recommended configuration, but it can work
483 in limited circumstances. We assume that all your images are in
484 a directory called <code>/web/images</code>.</p>
486 <pre class="prettyprint lang-config">SetEnvIf Referer "^http://www\.example\.com/" local_referal
487 # Allow browsers that do not send Referer info
488 SetEnvIf Referer "^$" local_referal
489 <Directory "/web/images">
490 Require env local_referal
491 </Directory></pre>
494 <p>For more information about this technique, see the
495 "<a href="http://www.serverwatch.com/tutorials/article.php/1132731">Keeping Your Images from Adorning Other Sites</a>"
496 tutorial on ServerWatch.</p>
499 <div class="bottomlang">
500 <p><span>Available Languages: </span><a href="./en/env.html" title="English"> en </a> |
501 <a href="./fr/env.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
502 <a href="./ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
503 <a href="./ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
504 <a href="./tr/env.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
505 </div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
506 <script type="text/javascript"><!--//--><![CDATA[//><!--
507 var comments_shortname = 'httpd';
508 var comments_identifier = 'http://httpd.apache.org/docs/trunk/env.html';
510 if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
511 d.write('<div id="comments_thread"><\/div>');
512 var s = d.createElement('script');
513 s.type = 'text/javascript';
515 s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
516 (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
519 d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
521 })(window, document);
522 //--><!]]></script></div><div id="footer">
523 <p class="apache">Copyright 2016 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
524 <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
525 if (typeof(prettyPrint) !== 'undefined') {