1 <?xml version="1.0" encoding="UTF-8" ?>
2 <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
3 <?xml-stylesheet type="text/xsl" href="./style/manual.en.xsl"?>
4 <!-- $LastChangedRevision: 1055507 $ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <manualpage metafile="expr.xml.meta">
25 <title>Expressions in Apache HTTP Server</title>
28 <p>Historically, there are several syntax variants for expressions used to express
29 a condition in the different modules of the Apache HTTP Server.
30 There is some ongoing effort to only use a single variant, called <em>ap_expr</em>,
31 for all configuration directives.
32 This document describes the <em>ap_expr</em> expression parser.
34 <p>The <em>ap_expr</em> expression is intended to replace most other
35 expression variants in HTTPD. For example, the deprecated
36 <directive module="mod_ssl">SSLRequire</directive> expressions can be
37 replaced by <a href="mod/mod_authz_core.html#reqexpr">Require expr</a>.
41 <seealso><directive module="core">If</directive></seealso>
42 <seealso><directive module="mod_rewrite">RewriteCond</directive></seealso>
43 <seealso><directive module="mod_setenvif">SetEnvIfExpr</directive></seealso>
44 <seealso><directive module="mod_filter">FilterProvider</directive></seealso>
45 <seealso><a href="mod/mod_authz_core.html#reqexpr">Require expr</a></seealso>
46 <seealso><directive module="mod_ssl">SSLRequire</directive></seealso>
47 <seealso><module>mod_include</module></seealso>
49 <section id="grammar">
50 <title>Grammar in Backus–Naur Form notation</title>
51 <p><a href="http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_Form">Backus–Naur Form</a> (BNF) is a notation
52 technique for context-free grammars, often used to describe the syntax of languages used in computing.
56 expr ::= "<strong>true</strong>" | "<strong>false</strong>"
57 | "<strong>!</strong>" expr
58 | expr "<strong>&&</strong>" expr
59 | expr "<strong>||</strong>" expr
60 | "<strong>(</strong>" expr "<strong>)</strong>"
67 | word "<strong>in</strong>" "<strong>{</strong>" wordlist "<strong>}</strong>"
68 | word "<strong>in</strong>" listfunction
69 | word "<strong>=~</strong>" regex
70 | word "<strong>!~</strong>" regex
73 stringcomp ::= word "<strong>==</strong>" word
74 | word "<strong>!=</strong>" word
75 | word "<strong><</strong>" word
76 | word "<strong><=</strong>" word
77 | word "<strong>></strong>" word
78 | word "<strong>>=</strong>" word
80 integercomp ::= word "<strong>-eq</strong>" word | word "<strong>eq</strong>" word
81 | word "<strong>-ne</strong>" word | word "<strong>ne</strong>" word
82 | word "<strong>-lt</strong>" word | word "<strong>lt</strong>" word
83 | word "<strong>-le</strong>" word | word "<strong>le</strong>" word
84 | word "<strong>-gt</strong>" word | word "<strong>gt</strong>" word
85 | word "<strong>-ge</strong>" word | word "<strong>ge</strong>" word
88 | wordlist "<strong>,</strong>" word
90 word ::= word "<strong>.</strong>" word
92 | "<strong>'</strong>" string "<strong>'</strong>"
93 | "<strong>"</strong>" string "<strong>"</strong>"
101 stringpart ::= cstring
108 variable ::= "<strong>%{</strong>" varname "<strong>}</strong>"
109 | "<strong>%{</strong>" funcname "<strong>:</strong>" funcargs "<strong>}</strong>"
111 rebackref ::= "<strong>$</strong>" [0-9]
113 function ::= funcname "<strong>(</strong>" word "<strong>)</strong>"
115 listfunction ::= listfuncname "<strong>(</strong>" word "<strong>)</strong>"
122 <title>Variables</title>
124 <p>The expression parser provides a number of variables of the form
125 <code>%{HTTP_HOST}</code>. Note that the value of a variable may depend
126 on the phase of the request processing in which it is evaluated. For
127 example, an expression used in an <directive><If ></directive>
128 directive is evaluated before authentication is done. Therefore,
129 <code>%{REMOTE_USER}</code> will not be set in this case.</p>
131 <p>The following variables provide the values of the named HTTP request
132 headers. The values of other headers can be obtained witht the
133 <code>req</code> <a href="#functions">function</a>.</p>
135 <table border="1" style="zebra">
136 <columnspec><column width="1"/></columnspec>
138 <tr><th>Name</th></tr>
139 <tr><td><code>HTTP_ACCEPT</code></td></tr>
140 <tr><td><code>HTTP_FORWARDED</code></td></tr>
141 <tr><td><code>HTTP_HOST</code></td></tr>
142 <tr><td><code>HTTP_PROXY_CONNECTION</code></td></tr>
143 <tr><td><code>HTTP_REFERER</code></td></tr>
144 <tr><td><code>HTTP_USER_AGENT</code></td></tr>
148 <p>Other request related variables</p>
150 <table border="1" style="zebra">
151 <columnspec><column width=".4"/><column width=".6"/></columnspec>
153 <tr><th>Name</th><th>Description</th></tr>
154 <tr><td><code>REQUEST_METHOD</code></td>
155 <td>The HTTP method of the incoming request (e.g.
156 <code>GET</code>)</td></tr>
157 <tr><td><code>REQUEST_SCHEME</code></td>
158 <td>The scheme part of the request's URI</td></tr>
159 <tr><td><code>REQUEST_URI</code></td>
160 <td>The URI of the request</td></tr>
161 <tr><td><code>REQUEST_FILENAME</code></td>
162 <td>The full local filesystem path to the file or script matching the
163 request, if this has already been determined by the server at the
164 time <code>REQUEST_FILENAME</code> is referenced. Otherwise, such
165 as when used in virtual host context, the same value as
166 <code>REQUEST_URI</code> </td></tr>
167 <tr><td><code>SCRIPT_FILENAME</code></td>
168 <td>Same as <code>REQUEST_FILENAME</code></td></tr>
169 <tr><td><code>SCRIPT_USER</code></td>
170 <td>The user name of the owner of the script.</td></tr>
171 <tr><td><code>SCRIPT_GROUP</code></td>
172 <td>The group name of the group of the script.</td></tr>
173 <tr><td><code>PATH_INFO</code></td>
174 <td>The trailing path name information, see
175 <directive module="core">AcceptPathInfo</directive></td></tr>
176 <tr><td><code>QUERY_STRING</code></td>
177 <td>The query string of the current request</td></tr>
178 <tr><td><code>IS_SUBREQ</code></td>
179 <td>"<code>true</code>" if the current request is a subrequest,
180 "<code>false</code>" otherwise</td></tr>
181 <tr><td><code>THE_REQUEST</code></td>
182 <td>The complete request line (e.g.,
183 "<code>GET /index.html HTTP/1.1</code>")</td></tr>
184 <tr><td><code>REMOTE_ADDR</code></td>
185 <td>The IP address of the remote host</td></tr>
186 <tr><td><code>REMOTE_HOST</code></td>
187 <td>The host name of the remote host</td></tr>
188 <tr><td><code>REMOTE_USER</code></td>
189 <td>The name of the authenticated user (if any)</td></tr>
190 <tr><td><code>REMOTE_IDENT</code></td>
191 <td>The user name set by <module>mod_ident</module></td></tr>
192 <tr><td><code>SERVER_NAME</code></td>
193 <td>The <directive module="core">ServerName</directive> of
194 the current vhost</td></tr>
195 <tr><td><code>SERVER_PORT</code></td>
196 <td>The server port of the current vhost, see
197 <directive module="core">ServerName</directive></td></tr>
198 <tr><td><code>SERVER_ADMIN</code></td>
199 <td>The <directive module="core">ServerAdmin</directive> of
200 the current vhost</td></tr>
201 <tr><td><code>SERVER_PROTOCOL</code></td>
202 <td>The protocol used by the request</td></tr>
203 <tr><td><code>DOCUMENT_ROOT</code></td>
204 <td>The <directive module="core">DocumentRoot</directive> of
205 the current vhost</td></tr>
206 <tr><td><code>AUTH_TYPE</code></td>
207 <td>The configured <directive module="mod_authn_core">AuthType</directive>
208 (e.g. "<code>basic</code>")</td></tr>
209 <tr><td><code>CONTENT_TYPE</code></td>
210 <td>The content type of the response</td></tr>
211 <tr><td><code>HANDLER</code></td>
212 <td>The name of the <a href="handler.html">handler</a> creating
213 the response</td></tr>
214 <tr><td><code>HTTPS</code></td>
215 <td>"<code>on</code>" if the request uses https,
216 "<code>off</code>" otherwise</td></tr>
217 <tr><td><code>IPV6</code></td>
218 <td>"<code>on</code>" if the connection uses IPv6,
219 "<code>off</code>" otherwise</td></tr>
220 <tr><td><code>REQUEST_LOG_ID</code></td>
221 <td>The error log id of the request (see
222 <directive module="core">ErrorLogFormat</directive>)</td></tr>
223 <tr><td><code>CONN_LOG_ID</code></td>
224 <td>The error log id of the connection (see
225 <directive module="core">ErrorLogFormat</directive>)</td></tr>
229 <p>Misc variables</p>
231 <table border="1" style="zebra">
232 <columnspec><column width=".4"/><column width=".6"/></columnspec>
234 <tr><th>Name</th><th>Description</th></tr>
235 <tr><td><code>TIME_YEAR</code></td>
236 <td>The current year (e.g. <code>2010</code>)</td></tr>
237 <tr><td><code>TIME_MON</code></td>
238 <td>The current month (<code>1</code>, ..., <code>12</code>)</td></tr>
239 <tr><td><code>TIME_DAY</code></td>
240 <td>The current day of the month</td></tr>
241 <tr><td><code>TIME_HOUR</code></td>
242 <td>The hour part of the current time
243 (<code>0</code>, ..., <code>23</code>)</td></tr>
244 <tr><td><code>TIME_MIN</code></td>
245 <td>The minute part of the current time </td></tr>
246 <tr><td><code>TIME_SEC</code></td>
247 <td>The second part of the current time </td></tr>
248 <tr><td><code>TIME_WDAY</code></td>
249 <td>The day of the week (starting with <code>0</code>
250 for Sunday)</td></tr>
251 <tr><td><code>TIME</code></td>
252 <td>The date and time in the format <code>20101231235959</code></td></tr>
253 <tr><td><code>SERVER_SOFTWARE</code></td>
254 <td>The server version string</td></tr>
255 <tr><td><code>API_VERSION</code></td>
256 <td>The date of the API version (module magic number)</td></tr>
259 <p>Some modules register additional variables, see e.g. <module>mod_ssl</module>.</p>
264 <title>Binary operators</title>
266 <p>With the exception of some built-in comparison operators, binary
267 operators have the form "<code>-[a-zA-Z][a-zA-Z0-9_]+</code>", i.e. a
268 minus and at least two characters. The name is not case sensitive.
269 Modules may register additional binary operators.</p>
272 <title>Comparison operators</title>
274 <table border="1" style="zebra">
275 <columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec>
277 <tr><th>Name</th><th>Alternative</th> <th>Description</th></tr>
278 <tr><td><code>==</code></td>
279 <td><code>=</code></td>
280 <td>String equality</td></tr>
281 <tr><td><code>!=</code></td>
283 <td>String inequality</td></tr>
284 <tr><td><code><</code></td>
286 <td>String less than</td></tr>
287 <tr><td><code><=</code></td>
289 <td>String less than or equal</td></tr>
290 <tr><td><code>></code></td>
292 <td>String greater than</td></tr>
293 <tr><td><code>>=</code></td>
295 <td>String greater than or equal</td></tr>
296 <tr><td><code>-eq</code></td>
297 <td><code>eq</code></td>
298 <td>Integer equality</td></tr>
299 <tr><td><code>-ne</code></td>
300 <td><code>ne</code></td>
301 <td>Integer inequality</td></tr>
302 <tr><td><code>-lt</code></td>
303 <td><code>lt</code></td>
304 <td>Integer less than</td></tr>
305 <tr><td><code>-le</code></td>
306 <td><code>le</code></td>
307 <td>Integer less than or equal</td></tr>
308 <tr><td><code>-gt</code></td>
309 <td><code>gt</code></td>
310 <td>Integer greater than</td></tr>
311 <tr><td><code>-ge</code></td>
312 <td><code>ge</code></td>
313 <td>Integer greater than or equal</td></tr>
317 <section id="binaryother">
318 <title>Other binary operators</title>
320 <table border="1" style="zebra">
321 <columnspec><column width=".2"/><column width=".8"/></columnspec>
323 <tr><th>Name</th><th>Description</th></tr>
324 <tr><td><code>-ipmatch</code></td>
325 <td>IP address matches address/netmask</td></tr>
326 <tr><td><code>-strmatch</code></td>
327 <td>left string matches pattern given by right string (containing
328 wildcards *, ?, [])</td></tr>
329 <tr><td><code>-strcmatch</code></td>
330 <td>same as <code>-strmatch</code>, but case insensitive</td></tr>
331 <tr><td><code>-fnmatch</code></td>
332 <td>same as <code>-strmatch</code>, but slashes are not matched by
340 <title>Unary operators</title>
342 <p>Unary operators have the form "<code>-[a-zA-Z]</code>", i.e. a
343 minus and one character. The name <em>is</em> case sensitive.
344 Modules may register additional unary operators.</p>
346 <table border="1" style="zebra">
347 <columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec>
349 <tr><th>Name</th><th>Description</th></tr>
350 <tr><td><code>-n</code></td>
351 <td>True if string is not empty</td></tr>
352 <tr><td><code>-z</code></td>
353 <td>True if string is empty</td></tr>
354 <tr><td><code>-T</code></td>
355 <td>False if string is empty, "<code>0</code>", "<code>off</code>",
356 "<code>false</code>", or "<code>no</code>" (case insensitive).
357 True otherwise.</td></tr>
358 <tr><td><code>-R</code></td>
359 <td>Same as "<code>%{REMOTE_ADDR} -ipmatch ...</code>", but more efficient
365 <section id="functions">
366 <title>Functions</title>
368 <p>Normal string-valued functions take one string as argument and return
369 a string. Functions names are not case sensitive.
370 Modules may register additional functions.</p>
372 <table border="1" style="zebra">
373 <columnspec><column width=".2"/><column width=".8"/></columnspec>
375 <tr><th>Name</th><th>Description</th></tr>
376 <tr><td><code>req</code>, <code>http</code></td>
377 <td>Get HTTP request header</td></tr>
378 <tr><td><code>resp</code></td>
379 <td>Get HTTP response header</td></tr>
380 <tr><td><code>reqenv</code></td>
381 <td>Lookup request environment variable</td></tr>
382 <tr><td><code>osenv</code></td>
383 <td>Lookup operating system environment variable</td></tr>
384 <tr><td><code>note</code></td>
385 <td>Lookup request note</td></tr>
386 <tr><td><code>env</code></td>
387 <td>Return first match of <code>note</code>, <code>reqenv</code>,
388 <code>osenv</code></td></tr>
389 <tr><td><code>tolower</code></td>
390 <td>Convert string to lower case</td></tr>
391 <tr><td><code>toupper</code></td>
392 <td>Convert string to uppser case</td></tr>
393 <tr><td><code>escape</code></td>
394 <td>Escape special characters in %hex encoding</td></tr>
395 <tr><td><code>unescape</code></td>
396 <td>Unescape %hex encoded string, leaving URL-special characters encoded (XXX: describe better)</td></tr>
397 <tr><td><code>file</code></td>
398 <td>Read contents from a file</td></tr>
401 <p>In addition to string-valued functions, there are also list-valued functions which
402 take one string as argument and return a wordlist, i.e. a list of strings. The wordlist
403 can be used with the special <code>-in</code> operator.
404 Functions names are not case sensitive.
405 Modules may register additional functions.</p>
407 <p>There are no built-in list-valued functions. <module>mod_ssl</module>
408 provides <code>PeerExtList</code>. See the description of
409 <directive module="mod_ssl">SSLRequire</directive> for details
410 (but <code>PeerExtList</code> is also usable outside
411 of <directive module="mod_ssl">SSLRequire</directive>).</p>
418 <table border="1" style="zebra">
419 <columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec>
421 <tr><th>Name</th><th>Alternative</th> <th>Description</th></tr>
422 <tr><td><code>-in</code></td>
423 <td><code>in</code></td>
424 <td>string contained in string list</td></tr>
425 <tr><td><code>/regexp/</code></td>
426 <td><code>m#regexp#</code></td>
427 <td>Regular expression (the second form allows different delimiters than /)</td></tr>
428 <tr><td><code>/regexp/i</code></td>
429 <td><code>m#regexp#i</code></td>
430 <td>Case insensitive regular expression</td></tr>
431 <tr><td><code>$0 ... $9</code></td>
433 <td>Regular expression backreferences</td></tr>
436 <section id="rebackref">
437 <title>Regular expression backreferences</title>
438 <p>The strings <code>$0</code> ... <code>$9</code> allow to reference
439 the capture groups from a previously executed, successfully
440 matching regular expressions. They can normally only be used in the
441 same expression as the matching regex, but some modules allow special