for all configuration directives.
This document describes the <em>ap_expr</em> expression parser.
</p>
+ <p>The <em>ap_expr</em> expression is intended to replace most other
+ expression variants in HTTPD. For example, the deprecated
+ <directive module="mod_ssl">SSLRequire</directive> expressions can be
+ replaced by <a href="mod/mod_authz_core.html#reqexpr">Require expr</a>.
+ </p>
</summary>
+<seealso><directive module="core" type="section">If</directive></seealso>
+<seealso><directive module="core" type="section">ElseIf</directive></seealso>
+<seealso><directive module="core" type="section">Else</directive></seealso>
+<seealso><directive module="mod_rewrite">RewriteCond</directive></seealso>
+<seealso><directive module="mod_setenvif">SetEnvIfExpr</directive></seealso>
+<seealso><directive module="mod_headers">Header</directive></seealso>
+<seealso><directive module="mod_headers">RequestHeader</directive></seealso>
+<seealso><directive module="mod_filter">FilterProvider</directive></seealso>
+<seealso><a href="mod/mod_authz_core.html#reqexpr">Require expr</a></seealso>
+<seealso><directive module="mod_ssl">SSLRequire</directive></seealso>
+<seealso><directive module="mod_log_debug">LogMessage</directive></seealso>
+<seealso><module>mod_include</module></seealso>
+
<section id="grammar">
- <title>Grammar in BNF notation</title>
+ <title>Grammar in Backus-Naur Form notation</title>
+ <p><a href="http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_Form">Backus-Naur Form</a> (BNF) is a notation
+ technique for context-free grammars, often used to describe the syntax of languages used in computing.
+ In most cases, expressions are used to express boolean values.
+ For these, the starting boint in the BNF is <code>expr</code>. However, a few directives
+ like <directive module="mod_log_debug">LogMessage</directive> accept expressions
+ that evaluate to a string value. For those, the starting boint in the BNF is <code>string</code>.
+ </p>
<blockquote>
<pre>
expr ::= "<strong>true</strong>" | "<strong>false</strong>"
<code>%{REMOTE_USER}</code> will not be set in this case.</p>
<p>The following variables provide the values of the named HTTP request
- headers. The values of other headers can be obtained witht the
- <code>req</code> <a href="#functions">function</a>.</p>
+ headers. The values of other headers can be obtained with the
+ <code>req</code> <a href="#functions">function</a>. Using these
+ variables may cause the header name to be added to the Vary
+ header of the HTTP response, except where otherwise noted for the
+ directive accepting the expression. The <code>req_novary</code>
+ <a href="#functions">function</a> may be used to circumvent this
+ behavior.</p>
<table border="1" style="zebra">
<columnspec><column width="1"/></columnspec>
<tr><td><code>REQUEST_SCHEME</code></td>
<td>The scheme part of the request's URI</td></tr>
<tr><td><code>REQUEST_URI</code></td>
- <td>The URI of the request</td></tr>
+ <td>The path part of the request's URI</td></tr>
+ <tr><td><code>DOCUMENT_URI</code></td>
+ <td>Same as REQUEST_URI</td></tr>
<tr><td><code>REQUEST_FILENAME</code></td>
- <td></td></tr>
+ <td>The full local filesystem path to the file or script matching the
+ request, if this has already been determined by the server at the
+ time <code>REQUEST_FILENAME</code> is referenced. Otherwise, such
+ as when used in virtual host context, the same value as
+ <code>REQUEST_URI</code> </td></tr>
<tr><td><code>SCRIPT_FILENAME</code></td>
<td>Same as <code>REQUEST_FILENAME</code></td></tr>
+ <tr><td><code>LAST_MODIFIED</code></td>
+ <td>The date and time of last modification of the file in the format
+ <code>20101231235959</code>, if this has already been determined by
+ the server at the time <code>LAST_MODIFIED</code> is referenced.
+ </td></tr>
+ <tr><td><code>SCRIPT_USER</code></td>
+ <td>The user name of the owner of the script.</td></tr>
+ <tr><td><code>SCRIPT_GROUP</code></td>
+ <td>The group name of the group of the script.</td></tr>
<tr><td><code>PATH_INFO</code></td>
- <td></td></tr>
+ <td>The trailing path name information, see
+ <directive module="core">AcceptPathInfo</directive></td></tr>
<tr><td><code>QUERY_STRING</code></td>
<td>The query string of the current request</td></tr>
<tr><td><code>IS_SUBREQ</code></td>
<td>The <directive module="core">ServerAdmin</directive> of
the current vhost</td></tr>
<tr><td><code>SERVER_PROTOCOL</code></td>
- <td>The protocol used by the request</td></tr>
+ <td>The protocol used by the request (e.g. HTTP/1.1). In some types of
+ internal subrequests, this variable has the value
+ <code>INCLUDED</code>.</td></tr>
+ <tr><td><code>SERVER_PROTOCOL_VERSION</code></td>
+ <td>A number that encodes the HTTP version of the request:
+ <code>1000 * major + minor</code>. For example, <code>1001</code>
+ corresponds to HTTP/1.1 and <code>9</code> corresponds
+ to HTTP/0.9</td></tr>
+ <tr><td><code>SERVER_PROTOCOL_VERSION_MAJOR</code></td>
+ <td>The major version part of the HTTP version of the request,
+ e.g. <code>1</code> for HTTP/1.0</td></tr>
+ <tr><td><code>SERVER_PROTOCOL_VERSION_MINOR</code></td>
+ <td>The minor version part of the HTTP version of the request,
+ e.g. <code>0</code> for HTTP/1.0</td></tr>
<tr><td><code>DOCUMENT_ROOT</code></td>
<td>The <directive module="core">DocumentRoot</directive> of
the current vhost</td></tr>
<tr><td><code>IPV6</code></td>
<td>"<code>on</code>" if the connection uses IPv6,
"<code>off</code>" otherwise</td></tr>
+ <tr><td><code>REQUEST_STATUS</code></td>
+ <td>The HTTP error status of the request</td></tr>
<tr><td><code>REQUEST_LOG_ID</code></td>
<td>The error log id of the request (see
<directive module="core">ErrorLogFormat</directive>)</td></tr>
<tr><td><code>CONN_LOG_ID</code></td>
<td>The error log id of the connection (see
<directive module="core">ErrorLogFormat</directive>)</td></tr>
+ <tr><td><code>CONN_REMOTE_ADDR</code></td>
+ <td>The peer IP address of the connection (see the
+ <module>mod_remoteip</module> module)</td></tr>
</table>
<section id="unnop">
<title>Unary operators</title>
- <p>Unary operators have the form "<code>-[a-zA-Z]</code>", i.e. a
- minus and one character. The name <em>is</em> case sensitive.
+ <p>Unary operators take one argument and have the form
+ "<code>-[a-zA-Z]</code>", i.e. a minus and one character.
+ The name <em>is</em> case sensitive.
Modules may register additional unary operators.</p>
<table border="1" style="zebra">
<columnspec><column width=".2"/><column width=".2"/><column width=".6"/></columnspec>
- <tr><th>Name</th><th>Description</th></tr>
+ <tr><th>Name</th><th>Description</th><th>Restricted</th></tr>
+ <tr><td><code>-d</code></td>
+ <td>The argument is treated as a filename.
+ True if the file exists and is a directory</td><td>yes</td></tr>
+ <tr><td><code>-e</code></td>
+ <td>The argument is treated as a filename.
+ True if the file (or dir or special) exists</td><td>yes</td></tr>
+ <tr><td><code>-f</code></td>
+ <td>The argument is treated as a filename.
+ True if the file exists and is regular file</td><td>yes</td></tr>
+ <tr><td><code>-s</code></td>
+ <td>The argument is treated as a filename.
+ True if the file exists and is not empty</td><td>yes</td></tr>
+ <tr><td><code>-L</code></td>
+ <td>The argument is treated as a filename.
+ True if the file exists and is symlink</td><td>yes</td></tr>
+ <tr><td><code>-h</code></td>
+ <td>The argument is treated as a filename.
+ True if the file exists and is symlink
+ (same as <code>-L</code>)</td><td>yes</td></tr>
+ <tr><td><code>-F</code></td>
+ <td>True if string is a valid file, accessible via all the server's
+ currently-configured access controls for that path. This uses an
+ internal subrequest to do the check, so use it with care - it can
+ impact your server's performance!</td><td></td></tr>
+ <tr><td><code>-U</code></td>
+ <td>True if string is a valid URL, accessible via all the server's
+ currently-configured access controls for that path. This uses an
+ internal subrequest to do the check, so use it with care - it can
+ impact your server's performance!</td><td></td></tr>
+ <tr><td><code>-A</code></td>
+ <td>Alias for <code>-U</code></td><td></td></tr>
<tr><td><code>-n</code></td>
- <td>True if string is not empty</td></tr>
+ <td>True if string is not empty</td><td></td></tr>
<tr><td><code>-z</code></td>
- <td>True if string is empty</td></tr>
+ <td>True if string is empty</td><td></td></tr>
<tr><td><code>-T</code></td>
<td>False if string is empty, "<code>0</code>", "<code>off</code>",
"<code>false</code>", or "<code>no</code>" (case insensitive).
- True otherwise.</td></tr>
+ True otherwise.</td><td></td></tr>
<tr><td><code>-R</code></td>
<td>Same as "<code>%{REMOTE_ADDR} -ipmatch ...</code>", but more efficient
- </td></tr>
+ </td><td></td></tr>
</table>
+ <p>The operators marked as "restricted" are not available in some modules
+ like <module>mod_include</module>.</p>
</section>
<section id="functions">
<table border="1" style="zebra">
<columnspec><column width=".2"/><column width=".8"/></columnspec>
- <tr><th>Name</th><th>Description</th></tr>
+ <tr><th>Name</th><th>Description</th><th>Restricted</th></tr>
<tr><td><code>req</code>, <code>http</code></td>
- <td>Get HTTP request header</td></tr>
+ <td>Get HTTP request header; header names may be added to the Vary
+ header, see below</td><td></td></tr>
+ <tr><td><code>req_novary</code></td>
+ <td>Same as <code>req</code>, but header names will not be added to the
+ Vary header</td><td></td></tr>
<tr><td><code>resp</code></td>
- <td>Get HTTP response header</td></tr>
+ <td>Get HTTP response header</td><td></td></tr>
<tr><td><code>reqenv</code></td>
- <td>Lookup request environment variable</td></tr>
+ <td>Lookup request environment variable</td><td></td></tr>
<tr><td><code>osenv</code></td>
- <td>Lookup operating system environment variable</td></tr>
+ <td>Lookup operating system environment variable</td><td></td></tr>
<tr><td><code>note</code></td>
- <td>Lookup request note</td></tr>
+ <td>Lookup request note</td><td></td></tr>
<tr><td><code>env</code></td>
<td>Return first match of <code>note</code>, <code>reqenv</code>,
- <code>osenv</code></td></tr>
+ <code>osenv</code></td><td></td></tr>
<tr><td><code>tolower</code></td>
- <td>Convert string to lower case</td></tr>
+ <td>Convert string to lower case</td><td></td></tr>
<tr><td><code>toupper</code></td>
- <td>Convert string to uppser case</td></tr>
+ <td>Convert string to uppser case</td><td></td></tr>
<tr><td><code>escape</code></td>
- <td>Escape special characters in %hex encoding</td></tr>
+ <td>Escape special characters in %hex encoding</td><td></td></tr>
<tr><td><code>unescape</code></td>
- <td>Unescape %hex encoded string, leaving URL-special characters encoded (XXX: describe better)</td></tr>
+ <td>Unescape %hex encoded string, leaving encoded slashes alone;
+ return empty string if %00 is found</td><td></td></tr>
<tr><td><code>file</code></td>
- <td>Read contents from a file</td></tr>
+ <td>Read contents from a file</td><td>yes</td></tr>
+ <tr><td><code>filesize</code></td>
+ <td>Return size of a file (or 0 if file does not exist or is not
+ regular file)</td><td>yes</td></tr>
+
</table>
+ <p>The functions marked as "restricted" are not available in some modules
+ like <module>mod_include</module>.</p>
+
+ <p>When the functions <code>req</code> or <code>http</code> are used,
+ the header name will automatically be added to the Vary header of the
+ HTTP response, except where otherwise noted for the directive accepting
+ the expression. The <code>req_novary</code> function can be used to
+ prevent names from being added to the Vary header.</p>
+
<p>In addition to string-valued functions, there are also list-valued functions which
take one string as argument and return a wordlist, i.e. a list of strings. The wordlist
can be used with the special <code>-in</code> operator.
</section>
+<section id="examples">
+
+ <title>Example expressions</title>
+ <p>The following examples show how expressions might be used to evaluate requests:</p>
+ <!-- This section should probably be extended with more, useful examples -->
+ <highlight language="config">
+# Compare the host name to example.com and redirect to www.example.com if it matches
+<If "%{HTTP_HOST} == 'example.com'">
+ Redirect permanent / http://www.example.com
+</If>
+
+# Force text/plain if requesting a file with the query string contains 'forcetext'
+<If "%{QUERY_STRING} =~ /forcetext/">
+ ForceType text/plain
+</If>
+
+# Only allow access to this content during business hours
+<Directory "/foo/bar/business">
+ Require expr %{TIME_HOUR} -gt 9 && %{TIME_HOUR} -lt 17
+</Directory>
+ </highlight>
+</section>
+
<section id="other">
<title>Other</title>
</section>
+<section id="sslrequire">
+ <title>Comparison with SSLRequire</title>
+ <p>The <em>ap_expr</em> syntax is mostly a superset of the syntax of the
+ deprecated <directive module="mod_ssl">SSLRequire</directive> directive.
+ The differences are described in <directive
+ module="mod_ssl">SSLRequire</directive>'s documentation.</p>
+</section>
+
</manualpage>
projects / apache / blobdiff