<seealso><directive module="core" type="section">If</directive></seealso>
<seealso><directive module="core" type="section">ElseIf</directive></seealso>
<seealso><directive module="core" type="section">Else</directive></seealso>
+<seealso><directive module="core">ErrorDocument</directive></seealso>
+<seealso><directive module="mod_alias">Alias</directive></seealso>
+<seealso><directive module="mod_alias">ScriptAlias</directive></seealso>
+<seealso><directive module="mod_alias">Redirect</directive></seealso>
<seealso><directive module="mod_auth_basic">AuthBasicFake</directive></seealso>
<seealso><directive module="mod_auth_form">AuthFormLoginRequiredLocation</directive></seealso>
<seealso><directive module="mod_auth_form">AuthFormLoginSuccessLocation</directive></seealso>
<seealso><directive module="mod_auth_form">AuthFormLogoutLocation</directive></seealso>
+<seealso><directive module="mod_authn_core">AuthName</directive></seealso>
+<seealso><directive module="mod_authn_core">AuthType</directive></seealso>
<seealso><directive module="mod_rewrite">RewriteCond</directive></seealso>
<seealso><directive module="mod_setenvif">SetEnvIfExpr</directive></seealso>
<seealso><directive module="mod_headers">Header</directive></seealso>
<seealso><directive module="mod_headers">RequestHeader</directive></seealso>
<seealso><directive module="mod_filter">FilterProvider</directive></seealso>
+<seealso><directive module="mod_crypto">CryptoKey</directive></seealso>
+<seealso><directive module="mod_crypto">CryptoIV</directive></seealso>
<seealso><a href="mod/mod_authz_core.html#reqexpr">Require expr</a></seealso>
<seealso><a href="mod/mod_authnz_ldap.html#requser">Require ldap-user</a></seealso>
<seealso><a href="mod/mod_authnz_ldap.html#reqgroup">Require ldap-group</a></seealso>
<seealso><a href="mod/mod_authnz_ldap.html#reqdn">Require ldap-dn</a></seealso>
<seealso><a href="mod/mod_authnz_ldap.html#reqattribute">Require ldap-attribute</a></seealso>
<seealso><a href="mod/mod_authnz_ldap.html#reqfilter">Require ldap-filter</a></seealso>
+<seealso><a href="mod/mod_authnz_ldap.html#reqsearch">Require ldap-search</a></seealso>
<seealso><a href="mod/mod_authz_dbd.html#reqgroup">Require dbd-group</a></seealso>
<seealso><a href="mod/mod_authz_dbm.html#reqgroup">Require dbm-group</a></seealso>
<seealso><a href="mod/mod_authz_groupfile.html#reqgroup">Require group</a></seealso>
href="http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_Form">Backus-Naur
Form</a> (BNF) is a notation technique for context-free grammars,
often used to describe the syntax of languages used in computing.
- In most cases, expressions are used to express boolean values. For
- these, the starting point in the BNF is <code>expr</code>.
+ In most cases, expressions are used to express boolean values.
+ For these, the starting point in the BNF is <code>expr</code>.
However, a few directives like <directive
module="mod_log_debug">LogMessage</directive> accept expressions
that evaluate to a string value. For those, the starting point in
the BNF is <code>string</code>.
</p>
+<blockquote>
<pre>
expr ::= "<strong>true</strong>" | "<strong>false</strong>"
| "<strong>!</strong>" expr
rebackref ::= "<strong>$</strong>" [0-9]
-function ::= funcname "<strong>(</strong>" word "<strong>)</strong>"
+function ::= funcname "<strong>(</strong>" wordlist "<strong>)</strong>"
listfunction ::= listfuncname "<strong>(</strong>" word "<strong>)</strong>"
</pre>
+</blockquote>
</section>
<tr><th>Name</th></tr>
<tr><td><code>HTTP_ACCEPT</code></td></tr>
+ <tr><td><code>HTTP_COOKIE</code></td></tr>
<tr><td><code>HTTP_FORWARDED</code></td></tr>
<tr><td><code>HTTP_HOST</code></td></tr>
<tr><td><code>HTTP_PROXY_CONNECTION</code></td></tr>
<tr><td><code>REQUEST_URI</code></td>
<td>The path part of the request's URI</td></tr>
<tr><td><code>DOCUMENT_URI</code></td>
- <td>Same as REQUEST_URI</td></tr>
+ <td>Same as <code>REQUEST_URI</code></td></tr>
<tr><td><code>REQUEST_FILENAME</code></td>
<td>The full local filesystem path to the file or script matching the
request, if this has already been determined by the server at the
<tr><td><code>REMOTE_HOST</code></td>
<td>The host name of the remote host</td></tr>
<tr><td><code>REMOTE_USER</code></td>
- <td>The name of the authenticated user (if any)</td></tr>
+ <td>The name of the authenticated user, if any (not available during <directive><If></directive>)</td></tr>
<tr><td><code>REMOTE_IDENT</code></td>
<td>The user name set by <module>mod_ident</module></td></tr>
<tr><td><code>SERVER_NAME</code></td>
module="mod_authn_core">AuthType</directive> (e.g.
"<code>basic</code>")</td></tr>
<tr><td><code>CONTENT_TYPE</code></td>
- <td>The content type of the response</td></tr>
+ <td>The content type of the response (not available during <directive><If></directive>)</td></tr>
<tr><td><code>HANDLER</code></td>
<td>The name of the <a href="handler.html">handler</a> creating
the response</td></tr>
+ <tr><td><code>HTTP2</code></td>
+ <td>"<code>on</code>" if the request uses http/2,
+ "<code>off</code>" otherwise</td></tr>
<tr><td><code>HTTPS</code></td>
<td>"<code>on</code>" if the request uses https,
"<code>off</code>" otherwise</td></tr>
<td>"<code>on</code>" if the connection uses IPv6,
"<code>off</code>" otherwise</td></tr>
<tr><td><code>REQUEST_STATUS</code></td>
- <td>The HTTP error status of the request</td></tr>
+ <td>The HTTP error status of the request (not available during <directive><If></directive>)</td></tr>
<tr><td><code>REQUEST_LOG_ID</code></td>
<td>The error log id of the request (see
<directive module="core">ErrorLogFormat</directive>)</td></tr>
<tr><td><code>CONN_REMOTE_ADDR</code></td>
<td>The peer IP address of the connection (see the
<module>mod_remoteip</module> module)</td></tr>
+ <tr><td><code>CONTEXT_PREFIX</code></td>
+ <td></td></tr>
+ <tr><td><code>CONTEXT_DOCUMENT_ROOT</code></td>
+ <td></td></tr>
</table>
<tr><td><code>TIME_YEAR</code></td>
<td>The current year (e.g. <code>2010</code>)</td></tr>
<tr><td><code>TIME_MON</code></td>
- <td>The current month (<code>1</code>, ..., <code>12</code>)</td></tr>
+ <td>The current month (<code>01</code>, ..., <code>12</code>)</td></tr>
<tr><td><code>TIME_DAY</code></td>
- <td>The current day of the month</td></tr>
+ <td>The current day of the month (<code>01</code>, ...)</td></tr>
<tr><td><code>TIME_HOUR</code></td>
<td>The hour part of the current time
- (<code>0</code>, ..., <code>23</code>)</td></tr>
+ (<code>00</code>, ..., <code>23</code>)</td></tr>
<tr><td><code>TIME_MIN</code></td>
<td>The minute part of the current time </td></tr>
<tr><td><code>TIME_SEC</code></td>
<table border="1" style="zebra">
<columnspec><column width=".2"/><column width=".4"/><column width=".4"/></columnspec>
- <tr><th>Name</th><th>Description</th><th>Restricted</th></tr>
+ <tr><th>Name</th><th>Description</th><th>Special notes</th></tr>
<tr><td><code>req</code>, <code>http</code></td>
<td>Get HTTP request header; header names may be added to the Vary
header, see below</td><td></td></tr>
<td>Same as <code>req</code>, but header names will not be added to the
Vary header</td><td></td></tr>
<tr><td><code>resp</code></td>
- <td>Get HTTP response header</td><td></td></tr>
+ <td>Get HTTP response header (most response headers will not yet be set
+ during <directive><If></directive>)</td><td></td></tr>
<tr><td><code>reqenv</code></td>
<td>Lookup request environment variable (as a shortcut,
- <code>v</code> can be used too to access
- variables).</td><td></td></tr>
+ <code>v</code> can also be used to access variables).
+ </td>
+ <td>ordering</td></tr>
<tr><td><code>osenv</code></td>
<td>Lookup operating system environment variable</td><td></td></tr>
<tr><td><code>note</code></td>
- <td>Lookup request note</td><td></td></tr>
+ <td>Lookup request note</td><td>ordering</td></tr>
<tr><td><code>env</code></td>
<td>Return first match of <code>note</code>, <code>reqenv</code>,
- <code>osenv</code></td><td></td></tr>
+ <code>osenv</code></td><td>ordering</td></tr>
<tr><td><code>tolower</code></td>
<td>Convert string to lower case</td><td></td></tr>
<tr><td><code>toupper</code></td>
<td>Hash the string using SHA1, then encode the hash with hexadecimal
encoding</td><td></td></tr>
<tr><td><code>file</code></td>
- <td>Read contents from a file</td><td>yes</td></tr>
+ <td>Read contents from a file (including line endings, when present)
+ </td><td>restricted</td></tr>
+ <tr><td><code>filemod</code></td>
+ <td>Return last modification time of a file (or 0 if file does not exist
+ or is not regular file)</td><td>restricted</td></tr>
<tr><td><code>filesize</code></td>
<td>Return size of a file (or 0 if file does not exist or is not
- regular file)</td><td>yes</td></tr>
+ regular file)</td><td>restricted</td></tr>
+ <tr><td><code>ldap</code></td>
+ <td>Escape characters as required by LDAP distinguished name escaping
+ (RFC4514) and LDAP filter escaping (RFC4515).</td><td></td></tr>
+ <tr><td><code>replace</code></td>
+ <td>replace(string, "from", "to") replaces all occurences of "from"
+ in the string with "to".</td><td></td></tr>
</table>
- <p>The functions marked as "restricted" are not available in some modules
- like <module>mod_include</module>.</p>
+ <p>The functions marked as "restricted" in the final column are not
+ available in some modules like <module>mod_include</module>.</p>
+
+ <p>The functions marked as "ordering" in the final column require some
+ consideration for the ordering of different components of the server,
+ especially when the function is used within the
+ <<directive module="core">If</directive>> directive which is
+ evaluated relatively early.</p>
+ <note>
+ <title>Environment variable ordering</title>
+ When environment variables are looked up within an
+ <<directive module="core">If</directive>> condition, it's important
+ to consider how extremely early in request processing that this
+ resolution occurs. As a guideline, any directive defined outside of virtual host
+ context (directory, location, htaccess) is not likely to have yet had a
+ chance to execute. <directive module="mod_setenvif">SetEnvIf</directive>
+ in virtual host scope is one directive that runs prior to this resolution
+ <br/>
+ <br/>
+ When <code>reqenv</code> is used outside of <<directive module="core"
+ >If</directive>>, the resolution will generally occur later, but the
+ exact timing depends on the directive the expression has been used within.
+ </note>
<p>When the functions <code>req</code> or <code>http</code> are used,
the header name will automatically be added to the Vary header of the
</section>
<section id="examples">
-
- <title>Example expressions</title>
+
+ <title>Example expressions</title>
<p>The following examples show how expressions might be used to
evaluate requests:</p>
- <!-- This section should probably be extended with more, useful examples -->
- <highlight language="config">
+ <!-- This section should probably be extended with more, useful examples -->
+ <highlight language="config">
# Compare the host name to example.com and redirect to www.example.com if it matches
<If "%{HTTP_HOST} == 'example.com'">
- Redirect permanent / http://www.example.com/
+ Redirect permanent "/" "http://www.example.com/"
</If>
# Force text/plain if requesting a file with the query string contains 'forcetext'
# Only allow access to this content during business hours
<Directory "/foo/bar/business">
Require expr %{TIME_HOUR} -gt 9 && %{TIME_HOUR} -lt 17
-</Directory>
- </highlight>
+</Directory>
+
+# Check a HTTP header for a list of values
+<If "%{HTTP:X-example-header} in { 'foo', 'bar', 'baz' }">
+ Header set matched true
+</If>
+
+# Check an environment variable for a regular expression, negated.
+<If "! reqenv('REDIRECT_FOO') =~ /bar/">
+ Header set matched true
+</If>
+
+# Check result of URI mapping by running in Directory context with -f
+<Directory "/var/www">
+ AddEncoding x-gzip gz
+<If "-f '%{REQUEST_FILENAME}.unzipme' && ! %{HTTP:Accept-Encoding} =~ /gzip/">
+ SetOutputFilter INFLATE
+</If>
+</Directory>
+
+# Check against the client IP
+<If "-R '192.168.1.0/24'">
+ Header set matched true
+</If>
+
+# Function examples in boolean context
+<If "md5('foo') == 'acbd18db4cc2f85cedef654fccc4a4d8'">
+ Header set checksum-matched true
+</If>
+<If "md5('foo') == replace('md5:XXXd18db4cc2f85cedef654fccc4a4d8', 'md5:XXX', 'acb')">
+ Header set checksum-matched-2 true
+</If>
+
+# Function example in string context
+Header set foo-checksum "expr=%{md5:foo}"
+
+# This delays the evaluation of the condition clause compared to <If>
+Header always set CustomHeader my-value "expr=%{REQUEST_URI} =~ m#^/special_path\.php$#"
+
+ </highlight>
</section>
<section id="other">
<tr><th>Name</th><th>Alternative</th> <th>Description</th></tr>
<tr><td><code>-in</code></td>
<td><code>in</code></td>
- <td>string contained in string list</td></tr>
+ <td>string contained in wordlist</td></tr>
<tr><td><code>/regexp/</code></td>
<td><code>m#regexp#</code></td>
<td>Regular expression (the second form allows different
projects / apache / blobdiff