apache httpd.conf 中SetEnvIf and SetEnvIfNoCase Examples
Htaccess SetEnvIf and SetEnvIfNoCase ExamplesContents
[*]
Unique mod_setenvif Variables
[*]
Populates HTTP_MY_ Variables with mod_setenvif variable values
[*]
Set REMOTE_HOST to HTTP_HOST
[*]
Allows only if HOST Header is present in request
[*]
Add values from HTTP Headers
[*]
Set the REDIRECT_STATUS for Interpreter Security
[*]
Block Bad Bots
[*]
Allow Search robots
[*]
SetEnvIf Directive
[*]
SetEnvIf Example:
[*]
htaccess Guide Sections
SetEnvIf
and SetEnvIfNoCase
are really useful directives supplied by the mod_setenvif module
that allow you to conditionally set environment variables accessible by
scripts and apache based on the value of HTTP Headers, Other Variables,
and Request information.
For debugging, you may want to use my server environment variable debugging script
[*]
Unique mod_setenvif Variables
[*]
Populates HTTP_MY_ Variables with mod_setenvif variable values
[*]
Set REMOTE_HOST to HTTP_HOST
[*]
Allows only if HOST Header is present in request
[*]
Add values from HTTP Headers
[*]
Set the REDIRECT_STATUS for Interpreter Security
Unique mod_setenvif Variables
These can be used for attribute
.
Remote_Host
the hostname (if available) of the client making the request - crawl-66-249-70-24.googlebot.com
Remote_Addr
IP address of the client making the request - 66.249.70.24
Server_Addr
IP address of the server on which the request was received - 208.113.183.103
Request_Method
name of the method being used - GET
Request_Protocol
name and version of the protocol with which the request was made - HTTP/1.1
Request_URI
the resource requested on the HTTP request line -- generally the
portion of the URL following the scheme and host portion without the
query string - /robots.txt
Syntax:
SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
Populates HTTP_MY_ Variables with mod_setenvif variable values
SetEnvIfNoCase Remote_Host "(.*)" HTTP_MY_REMOTE_HOST=$1
SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1
SetEnvIfNoCase Server_Addr "(.*)" HTTP_MY_SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.*)" HTTP_MY_REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.*)" HTTP_MY_REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.*)" HTTP_MY_REQUEST_URI=$1
Set REMOTE_HOST to HTTP_HOST
Sets REMOTE_HOST to www.askapache.com if Remote_Addr=208.113.183.103.
This can be useful if your server doesn't automatically do a reverse
lookup on a remote address, so this way you can tell if the request was
internal/from your server.
SetEnvIf Remote_Addr 208\.113\.183\.103 REMOTE_HOST=www.askapache.com
Allows only if HOST Header is present in request
SetEnvIfNoCase ^HOST$ .+ HTTP_MY_HAS_HOST
Order Deny,Allow
Deny from All
Allow from env=HTTP_MY_HAS_HOST
or
SetEnvIfNoCase Host .+ HTTP_MY_HAS_HOST
Order Deny,Allow
Deny from All
Allow from env=HTTP_MY_HAS_HOST
Add values from HTTP Headers
SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1
Set the REDIRECT_STATUS for Interpreter Security
This is useful in disallowing direct access to interpreters like
shell scripts, cgi scripts, and other interpreters.Only works this way
if you have a static IP for your server.So the only way to access
these files is by instructing the server itself to request the file,
using an Action directive or by requesting the file through a .php or
other script using curl or wget, or something like fsockopen.
<filesMatch "\.(cgi|sh|pl)$">
SetEnvIfNoCase Remote_Addr 208\.113\.183\.103 REDIRECT_STATUS
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</filesMatch>
Block Bad Bots
Can be useful if your site is getting hammered by spambots. Some nice examples from around the net are at Fight Blog Spam With Apache
...Keep in mind the HTTP_USER_AGENT is directly from the client, so its easy to spoof / change.Instead use mod_security
for a much better solution.
SetEnvIfNoCase User-Agent "^Bandit" bad_bot
SetEnvIfNoCase User-Agent "^Baiduspider" bad_bot
SetEnvIfNoCase User-Agent "^BatchFTP" bad_bot
SetEnvIfNoCase User-Agent "^Bigfoot" bad_bot
SetEnvIfNoCase User-Agent "^Black.Hole" bad_bot
Order Allow,Deny
Allow from All
Deny from env=bad_bot
Allow Search robots
This does the opposite of above, allowing ONLY these web robots access.Other than rogue robots, configuring your robots.txt file
correctly will keep most robots where you want them.
SetEnvIfNoCase User-Agent .*google.* search_robot
SetEnvIfNoCase User-Agent .*yahoo.* search_robot
SetEnvIfNoCase User-Agent .*bot.* search_robot
SetEnvIfNoCase User-Agent .*ask.* search_robot
Order Deny,Allow
Deny from All
Allow from env=search_robot
SetEnvIf Directive
Description:
Sets environment variables based on attributes of the request
Syntax:
SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
Context:
server config, virtual host, directory, .htaccess
Override:
FileInfo
Status:
Base
Module:
mod_setenvif
The SetEnvIf
directive defines environment variables
based on attributes of the request. The attribute specified in the first
argument can be one of three things:
[*]An HTTP request header field (see RFC2616
for more information about these); for example: Host
, User-Agent
, Referer
, and Accept-Language
.A regular expression may be used to specify a set of request headers.
[*]One of the following aspects of the request:
[*]
Remote_Host
- the hostname (if available) of the client making the request
[*]
Remote_Addr
- the IP address of the client making the request
[*]
Server_Addr
- the IP address of the server on which the request was received (only with versions later than 2.0.43)
[*]
Request_Method
- the name of the method being used (GET
, POST
, et cetera)
[*]
Request_Protocol
- the name and version of the protocol with which the request was made (e.g., "HTTP/0.9", "HTTP/1.1", etc.)
[*]
Request_URI
- the resource requested on the HTTP
request line -- generally the portion of the URL following the scheme
and host portion without the query string. See the RewriteCond
directive of mod_rewrite
for extra information on how to match your query string.
[*]The name of an environment variable in the list of those associated with the request. This allows SetEnvIf
directives to test against the result of prior matches. Only those environment variables defined by earlier SetEnvIf
directives are available for testing in this manner. 'Earlier' means
that they were defined at a broader scope (such as server-wide) or
previously in the current directive's scope. Environment variables will
be considered only if there was no match among request characteristics
and a regular expression was not used for the attribute.
The second argument (regex) is a regular expression.If the regex
matches against the attribute, then the remainder of the arguments are
evaluated.
The rest of the arguments give the names of variables to set, and
optionally values to which they should be set. These take the form of
[*]
varname
[*]
!varname
[*]
varname=value
In the first form, the value will be set to "1". The second will
remove the given variable if already defined, and the third will set the
variable to the literal value given by value
. Since version 2.0.51
Apache will recognize occurrences of $1
..$9
within value
and replace them by parenthesized subexpressions of regex
.
SetEnvIf Example:
SetEnvIf Request_URI "\.gif$" object_is_image=gif
SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
SetEnvIf Referer www\.askapache\.com intra_site_referral
SetEnvIf object_is_image xbm XBIT_PROCESSING=1
SetEnvIf ^SETENVIF*^.*HAS_SETENVIF
The first three will set the environment variable object_is_image
if the request was for an image file, and the fourth sets intra_site_referral
if the referring page was somewhere on the www.askapache.com
Web site.
The last example will set environment variable HAS_SETENVIF
if the request contains any headers that begin with "SETENVIF" whose values begins with any character in the set .
htaccess Guide Sections
[*]
htaccess tricks for Webmasters
[*]
HTTP Header control with htaccess
[*]
PHP on Apache tips and tricks
[*]
SEO Redirects without mod_rewrite
[*]
mod_rewrite examples, tips, and tricks
[*]
HTTP Caching and Site Speedups
[*]
Authentication on Apache
[*]
htaccess Security Tricks and Tips
[*]
SSL tips and examples
[*]
Variable Fun (mod_env) Section
[*]
.htaccess Security with MOD_SECURITY
[*]
SetEnvIf and SetEnvIfNoCase Examples
from:http://www.askapache.com/htaccess/setenvif.html
页:
[1]