apache httpd.conf 中SetEnvIf and SetEnvIfNoCase Examples

mingche

Htaccess SetEnvIf and SetEnvIfNoCase Examples

　　Contents

• 
  Unique mod_setenvif Variables
  
• 
  Populates HTTP_MY_ Variables with mod_setenvif variable values
  
• 
  Set REMOTE_HOST to HTTP_HOST
  
• 
  Allows only if HOST Header is present in request
  
• 
  Add values from HTTP Headers
  
• 
  Set the REDIRECT_STATUS for Interpreter Security
  
• 
  Block Bad Bots
  
• 
  Allow Search robots
  
• 
  SetEnvIf Directive
  
  
  • 
    SetEnvIf Example:
    
  
  
  
• 
  htaccess Guide Sections
  

　　SetEnvIf
and SetEnvIfNoCase
are really useful directives supplied by the mod_setenvif module
that allow you to conditionally set environment variables accessible by
scripts and apache based on the value of HTTP Headers, Other Variables,
and Request information.
For debugging, you may want to use my server environment variable debugging script

• 
  Unique mod_setenvif Variables
  
• 
  Populates HTTP_MY_ Variables with mod_setenvif variable values
  
• 
  Set REMOTE_HOST to HTTP_HOST
  
• 
  Allows only if HOST Header is present in request
  
• 
  Add values from HTTP Headers
  
• 
  Set the REDIRECT_STATUS for Interpreter Security
  

Unique mod_setenvif Variables

　　These can be used for attribute
.

Remote_Host
the hostname (if available) of the client making the request - crawl-66-249-70-24.googlebot.com

Remote_Addr
IP address of the client making the request - 66.249.70.24

Server_Addr
IP address of the server on which the request was received - 208.113.183.103

Request_Method
name of the method being used - GET

Request_Protocol
name and version of the protocol with which the request was made - HTTP/1.1

Request_URI
the resource requested on the HTTP request line -- generally the
portion of the URL following the scheme and host portion without the
query string - /robots.txt

　　Syntax:

SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...

Populates HTTP_MY_ Variables with mod_setenvif variable values


SetEnvIfNoCase Remote_Host "(.*)" HTTP_MY_REMOTE_HOST=$1
SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1
SetEnvIfNoCase Server_Addr "(.*)" HTTP_MY_SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.*)" HTTP_MY_REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.*)" HTTP_MY_REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.*)" HTTP_MY_REQUEST_URI=$1

Set REMOTE_HOST to HTTP_HOST

　　Sets REMOTE_HOST to www.askapache.com if Remote_Addr=208.113.183.103.
This can be useful if your server doesn't automatically do a reverse
lookup on a remote address, so this way you can tell if the request was
internal/from your server.

SetEnvIf Remote_Addr 208\.113\.183\.103 REMOTE_HOST=www.askapache.com

Allows only if HOST Header is present in request


SetEnvIfNoCase ^HOST$ .+ HTTP_MY_HAS_HOST
Order Deny,Allow
Deny from All
Allow from env=HTTP_MY_HAS_HOST
　　or

SetEnvIfNoCase Host .+ HTTP_MY_HAS_HOST
Order Deny,Allow
Deny from All
Allow from env=HTTP_MY_HAS_HOST

Add values from HTTP Headers


SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1

Set the REDIRECT_STATUS for Interpreter Security

　　This is useful in disallowing direct access to interpreters like
shell scripts, cgi scripts, and other interpreters.  Only works this way
if you have a static IP for your server.  So the only way to access
these files is by instructing the server itself to request the file,
using an Action directive or by requesting the file through a .php or
other script using curl or wget, or something like fsockopen.

<filesMatch "\.(cgi|sh|pl)$">
SetEnvIfNoCase Remote_Addr 208\.113\.183\.103 REDIRECT_STATUS
 
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</filesMatch>

Block Bad Bots

　　Can be useful if your site is getting hammered by spambots. Some nice examples from around the net are at Fight Blog Spam With Apache
...  Keep in mind the HTTP_USER_AGENT is directly from the client, so its easy to spoof / change.  Instead use mod_security
for a much better solution.

SetEnvIfNoCase User-Agent "^Bandit" bad_bot
SetEnvIfNoCase User-Agent "^Baiduspider" bad_bot
SetEnvIfNoCase User-Agent "^BatchFTP" bad_bot
SetEnvIfNoCase User-Agent "^Bigfoot" bad_bot
SetEnvIfNoCase User-Agent "^Black.Hole" bad_bot
 
Order Allow,Deny
Allow from All
Deny from env=bad_bot

Allow Search robots

　　This does the opposite of above, allowing ONLY these web robots access.  Other than rogue robots, configuring your robots.txt file
correctly will keep most robots where you want them.

SetEnvIfNoCase User-Agent .*google.* search_robot
SetEnvIfNoCase User-Agent .*yahoo.* search_robot
SetEnvIfNoCase User-Agent .*bot.* search_robot
SetEnvIfNoCase User-Agent .*ask.* search_robot
 
Order Deny,Allow
Deny from All
Allow from env=search_robot

SetEnvIf Directive


Description:
Sets environment variables based on attributes of the request

Syntax:

SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...


Context:
server config, virtual host, directory, .htaccess

Override:
FileInfo

Status:
Base

Module:
mod_setenvif
　　The SetEnvIf
directive defines environment variables
based on attributes of the request. The attribute specified in the first
argument can be one of three things:

• An HTTP request header field (see RFC2616
  for more information about these); for example: Host
  , User-Agent
  , Referer
  , and Accept-Language
  .  A regular expression may be used to specify a set of request headers.
  
• One of the following aspects of the request:
  
  
  
  • 
    Remote_Host
    - the hostname (if available) of the client making the request
    
  • 
    Remote_Addr
    - the IP address of the client making the request
    
  • 
    Server_Addr
    - the IP address of the server on which the request was received (only with versions later than 2.0.43)
    
  • 
    Request_Method
    - the name of the method being used (GET
    , POST
    , et cetera)
    
  • 
    Request_Protocol
    - the name and version of the protocol with which the request was made (e.g., "HTTP/0.9", "HTTP/1.1", etc.)
    
  • 
    Request_URI
    - the resource requested on the HTTP
    request line -- generally the portion of the URL following the scheme
    and host portion without the query string. See the RewriteCond
    directive of mod_rewrite
    for extra information on how to match your query string.
    
  
  
  
• The name of an environment variable in the list of those associated with the request. This allows SetEnvIf
  directives to test against the result of prior matches. Only those environment variables defined by earlier SetEnvIf[NoCase]
  directives are available for testing in this manner. 'Earlier' means
  that they were defined at a broader scope (such as server-wide) or
  previously in the current directive's scope. Environment variables will
  be considered only if there was no match among request characteristics
  and a regular expression was not used for the attribute.
  

　　The second argument (regex) is a regular expression.  If the regex
matches against the attribute, then the remainder of the arguments are
evaluated.
　　The rest of the arguments give the names of variables to set, and
optionally values to which they should be set. These take the form of

• 
  varname
  
• 
  !varname
  
• 
  varname=value
  

　　In the first form, the value will be set to "1". The second will
remove the given variable if already defined, and the third will set the
variable to the literal value given by value
. Since version 2.0.51
Apache will recognize occurrences of $1
..$9
within value
and replace them by parenthesized subexpressions of regex
.


SetEnvIf Example:


SetEnvIf Request_URI "\.gif$" object_is_image=gif
SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
SetEnvIf Referer www\.askapache\.com intra_site_referral
SetEnvIf object_is_image xbm XBIT_PROCESSING=1
SetEnvIf ^SETENVIF*  ^[a-z].*  HAS_SETENVIF
　　The first three will set the environment variable object_is_image
if the request was for an image file, and the fourth sets intra_site_referral
if the referring page was somewhere on the www.askapache.com
Web site.
　　The last example will set environment variable HAS_SETENVIF
if the request contains any headers that begin with "SETENVIF" whose values begins with any character in the set [a-z].



htaccess Guide Sections

• 
  htaccess tricks for Webmasters
  
• 
  HTTP Header control with htaccess
  
• 
  PHP on Apache tips and tricks
  
• 
  SEO Redirects without mod_rewrite
  
• 
  mod_rewrite examples, tips, and tricks
  
• 
  HTTP Caching and Site Speedups
  
• 
  Authentication on Apache
  
• 
  htaccess Security Tricks and Tips
  
• 
  SSL tips and examples
  
• 
  Variable Fun (mod_env) Section
  
• 
  .htaccess Security with MOD_SECURITY
  
• 
  SetEnvIf and SetEnvIfNoCase Examples
  

　　from：http://www.askapache.com/htaccess/setenvif.html