1<?xml version="1.0" encoding="ISO-8859-1"?> 2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 3<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 5 This file is generated from xml source: DO NOT EDIT 6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 7 --> 8<title>Environment Variables in Apache - Apache HTTP Server</title> 9<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> 10<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> 11<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" /> 12<script src="/style/scripts/prettify.min.js" type="text/javascript"> 13</script> 14 15<link href="/images/favicon.ico" rel="shortcut icon" /></head> 16<body id="manual-page"><div id="page-header"> 17<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p> 18<p class="apache">Apache HTTP Server Version 2.4</p> 19<img alt="" src="/images/feather.gif" /></div> 20<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div> 21<div id="path"> 22<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Environment Variables in Apache</h1> 23<div class="toplang"> 24<p><span>Available Languages: </span><a href="/en/env.html" title="English"> en </a> | 25<a href="/fr/env.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> | 26<a href="/ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | 27<a href="/ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | 28<a href="/tr/env.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> 29</div> 30 31 <p>There are two kinds of environment variables that affect 32 the Apache HTTP Server.</p> 33 34 <p>First, there are the environment variables controlled by 35 the underlying operating system. These are set before the 36 server starts. They can be used in expansions in configuration 37 files, and can optionally be passed to CGI scripts and SSI 38 using the PassEnv directive.</p> 39 40 <p>Second, the Apache HTTP Server provides a mechanism for storing 41 information in named variables that are also called <em>environment 42 variables</em>. This information can be used to control various 43 operations such as logging or access control. The variables are 44 also used as a mechanism to communicate with external programs 45 such as CGI scripts. This document discusses different ways to 46 manipulate and use these variables.</p> 47 48 <p>Although these variables are referred to as <em>environment 49 variables</em>, they are not the same as the environment 50 variables controlled by the underlying operating system. 51 Instead, these variables are stored and manipulated in an 52 internal Apache structure. They only become actual operating 53 system environment variables when they are provided to CGI 54 scripts and Server Side Include scripts. If you wish to 55 manipulate the operating system environment under which the 56 server itself runs, you must use the standard environment 57 manipulation mechanisms provided by your operating system 58 shell.</p> 59 </div> 60<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#setting">Setting Environment Variables</a></li> 61<li><img alt="" src="/images/down.gif" /> <a href="#using">Using Environment Variables</a></li> 62<li><img alt="" src="/images/down.gif" /> <a href="#special">Special Purpose Environment Variables</a></li> 63<li><img alt="" src="/images/down.gif" /> <a href="#examples">Examples</a></li> 64</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> 65<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 66<div class="section"> 67<h2><a name="setting" id="setting">Setting Environment Variables</a></h2> 68 69 <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_cache.html">mod_cache</a></code></li><li><code class="module"><a href="/mod/mod_env.html">mod_env</a></code></li><li><code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code></li><li><code class="module"><a href="/mod/mod_setenvif.html">mod_setenvif</a></code></li><li><code class="module"><a href="/mod/mod_unique_id.html">mod_unique_id</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code></li><li><code class="directive"><a href="/mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></code></li><li><code class="directive"><a href="/mod/mod_env.html#passenv">PassEnv</a></code></li><li><code class="directive"><a href="/mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li><li><code class="directive"><a href="/mod/mod_env.html#setenv">SetEnv</a></code></li><li><code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li><li><code class="directive"><a href="/mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase</a></code></li><li><code class="directive"><a href="/mod/mod_env.html#unsetenv">UnsetEnv</a></code></li></ul></td></tr></table> 70 71 <h3><a name="basic-manipulation" id="basic-manipulation">Basic Environment Manipulation</a></h3> 72 73 74 <p>The most basic way to set an environment variable in Apache 75 is using the unconditional <code class="directive"><a href="/mod/mod_env.html#setenv">SetEnv</a></code> directive. Variables may also be passed from 76 the environment of the shell which started the server using the 77 <code class="directive"><a href="/mod/mod_env.html#passenv">PassEnv</a></code> directive.</p> 78 79 80 <h3><a name="conditional" id="conditional">Conditional Per-Request Settings</a></h3> 81 82 83 <p>For additional flexibility, the directives provided by 84 <code class="module"><a href="/mod/mod_setenvif.html">mod_setenvif</a></code> allow environment variables to be set 85 on a per-request basis, conditional on characteristics of particular 86 requests. For example, a variable could be set only when a 87 specific browser (User-Agent) is making a request, or only when 88 a specific Referer [sic] header is found. Even more flexibility 89 is available through the <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code>'s <code class="directive"><a href="/mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> which uses the 90 <code>[E=...]</code> option to set environment variables.</p> 91 92 93 <h3><a name="unique-identifiers" id="unique-identifiers">Unique Identifiers</a></h3> 94 95 96 <p>Finally, <code class="module"><a href="/mod/mod_unique_id.html">mod_unique_id</a></code> sets the environment 97 variable <code>UNIQUE_ID</code> for each request to a value which is 98 guaranteed to be unique across "all" requests under very 99 specific conditions.</p> 100 101 102 <h3><a name="standard-cgi" id="standard-cgi">Standard CGI Variables</a></h3> 103 104 105 <p>In addition to all environment variables set within the 106 Apache configuration and passed from the shell, CGI scripts and 107 SSI pages are provided with a set of environment variables 108 containing meta-information about the request as required by 109 the <a href="http://www.ietf.org/rfc/rfc3875">CGI 110 specification</a>.</p> 111 112 113 <h3><a name="caveats" id="caveats">Some Caveats</a></h3> 114 115 116 <ul> 117 <li>It is not possible to override or change the standard CGI 118 variables using the environment manipulation directives.</li> 119 120 <li>When <code class="program"><a href="/programs/suexec.html">suexec</a></code> is used to launch 121 CGI scripts, the environment will be cleaned down to a set of 122 <em>safe</em> variables before CGI scripts are launched. The 123 list of <em>safe</em> variables is defined at compile-time in 124 <code>suexec.c</code>.</li> 125 126 <li>For portability reasons, the names of environment 127 variables may contain only letters, numbers, and the 128 underscore character. In addition, the first character may 129 not be a number. Characters which do not match this 130 restriction will be replaced by an underscore when passed to 131 CGI scripts and SSI pages.</li> 132 133 <li>A special case are HTTP headers which are passed to CGI 134 scripts and the like via environment variables (see below). 135 They are converted to uppercase and only dashes are replaced with 136 underscores; if the header contains any other (invalid) character, 137 the whole header is silently dropped. See <a href="#fixheader"> 138 below</a> for a workaround.</li> 139 140 <li>The <code class="directive"><a href="/mod/mod_env.html#setenv">SetEnv</a></code> directive runs 141 late during request processing meaning that directives such as 142 <code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> and <code class="directive"><a href="/mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> will not see the 143 variables set with it.</li> 144 145 <li>When the server looks up a path via an internal 146 <a class="glossarylink" href="/glossary.html#subrequest" title="see glossary">subrequest</a> such as looking 147 for a <code class="directive"><a href="/mod/mod_dir.html#directoryindex">DirectoryIndex</a></code> 148 or generating a directory listing with <code class="module"><a href="/mod/mod_autoindex.html">mod_autoindex</a></code>, 149 per-request environment variables are <em>not</em> inherited in the 150 subrequest. Additionally, 151 <code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> directives 152 are not separately evaluated in the subrequest due to the API phases 153 <code class="module"><a href="/mod/mod_setenvif.html">mod_setenvif</a></code> takes action in.</li> 154 </ul> 155 156 </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 157<div class="section"> 158<h2><a name="using" id="using">Using Environment Variables</a></h2> 159 160 161 <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_authz_host.html">mod_authz_host</a></code></li><li><code class="module"><a href="/mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="/mod/mod_ext_filter.html">mod_ext_filter</a></code></li><li><code class="module"><a href="/mod/mod_headers.html">mod_headers</a></code></li><li><code class="module"><a href="/mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="/mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li><li><code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="/mod/mod_access_compat.html#deny">Deny</a></code></li><li><code class="directive"><a href="/mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code></li><li><code class="directive"><a href="/mod/mod_headers.html#header">Header</a></code></li><li><code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="/mod/mod_rewrite.html#rewritecond">RewriteCond</a></code></li><li><code class="directive"><a href="/mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li></ul></td></tr></table> 162 163 <h3><a name="cgi-scripts" id="cgi-scripts">CGI Scripts</a></h3> 164 165 166 <p>One of the primary uses of environment variables is to 167 communicate information to CGI scripts. As discussed above, the 168 environment passed to CGI scripts includes standard 169 meta-information about the request in addition to any variables 170 set within the Apache configuration. For more details, see the 171 <a href="howto/cgi.html">CGI tutorial</a>.</p> 172 173 174 <h3><a name="ssi-pages" id="ssi-pages">SSI Pages</a></h3> 175 176 177 <p>Server-parsed (SSI) documents processed by 178 <code class="module"><a href="/mod/mod_include.html">mod_include</a></code>'s 179 <code>INCLUDES</code> filter can print environment variables 180 using the <code>echo</code> element, and can use environment 181 variables in flow control elements to makes parts of a page 182 conditional on characteristics of a request. Apache also 183 provides SSI pages with the standard CGI environment variables 184 as discussed above. For more details, see the <a href="howto/ssi.html">SSI tutorial</a>.</p> 185 186 187 <h3><a name="access-control" id="access-control">Access Control</a></h3> 188 189 190 <p>Access to the server can be controlled based on the value of 191 environment variables using the <code>allow from env=</code> 192 and <code>deny from env=</code> directives. In combination with 193 <code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>, this 194 allows for flexible control of access to the server based on 195 characteristics of the client. For example, you can use these 196 directives to deny access to a particular browser (User-Agent). 197 </p> 198 199 200 <h3><a name="logging" id="logging">Conditional Logging</a></h3> 201 202 203 <p>Environment variables can be logged in the access log using 204 the <code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code> 205 option <code>%e</code>. In addition, the decision on whether 206 or not to log requests can be made based on the status of 207 environment variables using the conditional form of the 208 <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code> 209 directive. In combination with <code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> this allows for flexible control of which 210 requests are logged. For example, you can choose not to log 211 requests for filenames ending in <code>gif</code>, or you can 212 choose to only log requests from clients which are outside your 213 subnet.</p> 214 215 216 <h3><a name="response-headers" id="response-headers">Conditional Response Headers</a></h3> 217 218 219 <p>The <code class="directive"><a href="/mod/mod_headers.html#header">Header</a></code> 220 directive can use the presence or 221 absence of an environment variable to determine whether or not 222 a certain HTTP header will be placed in the response to the 223 client. This allows, for example, a certain response header to 224 be sent only if a corresponding header is received in the 225 request from the client.</p> 226 227 228 229 <h3><a name="external-filter" id="external-filter">External Filter Activation</a></h3> 230 231 232 <p>External filters configured by <code class="module"><a href="/mod/mod_ext_filter.html">mod_ext_filter</a></code> 233 using the <code class="directive"><a href="/mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code> directive can 234 by activated conditional on an environment variable using the 235 <code>disableenv=</code> and <code>enableenv=</code> options.</p> 236 237 238 <h3><a name="url-rewriting" id="url-rewriting">URL Rewriting</a></h3> 239 240 241 <p>The <code>%{ENV:<em>variable</em>}</code> form of 242 <em>TestString</em> in the <code class="directive"><a href="/mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> allows <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code>'s rewrite 243 engine to make decisions conditional on environment variables. 244 Note that the variables accessible in <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code> 245 without the <code>ENV:</code> prefix are not actually environment 246 variables. Rather, they are variables special to 247 <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code> which cannot be accessed from other 248 modules.</p> 249 250 </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 251<div class="section"> 252<h2><a name="special" id="special">Special Purpose Environment Variables</a></h2> 253 254 255 <p>Interoperability problems have led to the introduction of 256 mechanisms to modify the way Apache behaves when talking to 257 particular clients. To make these mechanisms as flexible as 258 possible, they are invoked by defining environment variables, 259 typically with <code class="directive"><a href="/mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code>, though <code class="directive"><a href="/mod/mod_env.html#setenv">SetEnv</a></code> and <code class="directive"><a href="/mod/mod_env.html#passenv">PassEnv</a></code> could also be used, for example.</p> 260 261 <h3><a name="downgrade" id="downgrade">downgrade-1.0</a></h3> 262 263 264 <p>This forces the request to be treated as a HTTP/1.0 request 265 even if it was in a later dialect.</p> 266 267 268 <h3><a name="force-gzip" id="force-gzip">force-gzip</a></h3> 269 270 <p>If you have the <code>DEFLATE</code> filter activated, this 271 environment variable will ignore the accept-encoding setting of 272 your browser and will send compressed output unconditionally.</p> 273 274 <h3><a name="force-no-vary" id="force-no-vary">force-no-vary</a></h3> 275 276 277 <p>This causes any <code>Vary</code> fields to be removed from 278 the response header before it is sent back to the client. Some 279 clients don't interpret this field correctly; setting this 280 variable can work around this problem. Setting this variable 281 also implies <strong>force-response-1.0</strong>.</p> 282 283 284 <h3><a name="force-response" id="force-response">force-response-1.0</a></h3> 285 286 287 <p>This forces an HTTP/1.0 response to clients making an HTTP/1.0 288 request. It was originally 289 implemented as a result of a problem with AOL's proxies. Some 290 HTTP/1.0 clients may not behave correctly when given an HTTP/1.1 291 response, and this can be used to interoperate with them.</p> 292 293 294 295 <h3><a name="gzip-only-text-html" id="gzip-only-text-html">gzip-only-text/html</a></h3> 296 297 298 <p>When set to a value of "1", this variable disables the 299 <code>DEFLATE</code> output filter provided by 300 <code class="module"><a href="/mod/mod_deflate.html">mod_deflate</a></code> for content-types other than 301 <code>text/html</code>. If you'd rather 302 use statically compressed files, <code class="module"><a href="/mod/mod_negotiation.html">mod_negotiation</a></code> 303 evaluates the variable as well (not only for gzip, but for all 304 encodings that differ from "identity").</p> 305 306 307 <h3><a name="no-gzip" id="no-gzip">no-gzip</a></h3> 308 309 <p>When set, the <code>DEFLATE</code> filter of 310 <code class="module"><a href="/mod/mod_deflate.html">mod_deflate</a></code> will be turned off and 311 <code class="module"><a href="/mod/mod_negotiation.html">mod_negotiation</a></code> will refuse to deliver encoded 312 resources.</p> 313 314 315 316 <h3><a name="no-cache" id="no-cache">no-cache</a></h3> 317 <p><em>Available in versions 2.2.12 and later</em></p> 318 319 <p>When set, <code class="module"><a href="/mod/mod_cache.html">mod_cache</a></code> will not save an otherwise 320 cacheable response. This environment variable does not influence 321 whether a response already in the cache will be served for the current 322 request.</p> 323 324 325 326 <h3><a name="nokeepalive" id="nokeepalive">nokeepalive</a></h3> 327 328 329 <p>This disables <code class="directive"><a href="/mod/core.html#keepalive">KeepAlive</a></code> 330 when set.</p> 331 332 333 334 <h3><a name="prefer-language" id="prefer-language">prefer-language</a></h3> 335 336 <p>This influences <code class="module"><a href="/mod/mod_negotiation.html">mod_negotiation</a></code>'s behaviour. If 337 it contains a language tag (such as <code>en</code>, <code>ja</code> 338 or <code>x-klingon</code>), <code class="module"><a href="/mod/mod_negotiation.html">mod_negotiation</a></code> tries 339 to deliver a variant with that language. If there's no such variant, 340 the normal <a href="content-negotiation.html">negotiation</a> process 341 applies.</p> 342 343 344 345 <h3><a name="redirect-carefully" id="redirect-carefully">redirect-carefully</a></h3> 346 347 348 <p>This forces the server to be more careful when sending a redirect 349 to the client. This is typically used when a client has a known 350 problem handling redirects. This was originally implemented as a 351 result of a problem with Microsoft's WebFolders software which has 352 a problem handling redirects on directory resources via DAV 353 methods.</p> 354 355 356 357 <h3><a name="suppress-error-charset" id="suppress-error-charset">suppress-error-charset</a></h3> 358 359 360 <p><em>Available in versions after 2.0.54</em></p> 361 362 <p>When Apache issues a redirect in response to a client request, 363 the response includes some actual text to be displayed in case 364 the client can't (or doesn't) automatically follow the redirection. 365 Apache ordinarily labels this text according to the character set 366 which it uses, which is ISO-8859-1.</p> 367 368 <p> However, if the redirection is to a page that uses a different 369 character set, some broken browser versions will try to use the 370 character set from the redirection text rather than the actual page. 371 This can result in Greek, for instance, being incorrectly rendered.</p> 372 373 <p>Setting this environment variable causes Apache to omit the character 374 set for the redirection text, and these broken browsers will then correctly 375 use that of the destination page.</p> 376 377 <div class="warning"> 378 <h3>Security note</h3> 379 380 <p>Sending error pages without a specified character set may 381 allow a cross-site-scripting attack for existing browsers (MSIE) 382 which do not follow the HTTP/1.1 specification and attempt to 383 "guess" the character set from the content. Such browsers can 384 be easily fooled into using the UTF-7 character set, and UTF-7 385 content from input data (such as the request-URI) will not be 386 escaped by the usual escaping mechanisms designed to prevent 387 cross-site-scripting attacks.</p> 388 </div> 389 390 391 392 <h3><a name="proxy" id="proxy">force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked, 393 proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled</a></h3> 394 395 <p>These directives alter the protocol behavior of 396 <code class="module"><a href="/mod/mod_proxy.html">mod_proxy</a></code>. See the <code class="module"><a href="/mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="/mod/mod_proxy_http.html">mod_proxy_http</a></code> 397 documentation for more details.</p> 398 399 400 </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 401<div class="section"> 402<h2><a name="examples" id="examples">Examples</a></h2> 403 404 405 <h3><a name="fixheader" id="fixheader">Passing broken headers to CGI scripts</a></h3> 406 407 408 <p>Starting with version 2.4, Apache is more strict about how HTTP 409 headers are converted to environment variables in <code class="module"><a href="/mod/mod_cgi.html">mod_cgi 410 </a></code> and other modules: Previously any invalid characters 411 in header names were simply translated to underscores. This allowed 412 for some potential cross-site-scripting attacks via header injection 413 (see <a href="http://events.ccc.de/congress/2007/Fahrplan/events/2212.en.html"> 414 Unusual Web Bugs</a>, slide 19/20).</p> 415 416 <p>If you have to support a client which sends broken headers and 417 which can't be fixed, a simple workaround involving <code class="module"><a href="/mod/mod_setenvif.html">mod_setenvif 418 </a></code> and <code class="module"><a href="/mod/mod_headers.html">mod_headers</a></code> allows you to still accept 419 these headers:</p> 420 421<pre class="prettyprint lang-config"># 422# The following works around a client sending a broken Accept_Encoding 423# header. 424# 425SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1 426RequestHeader set Accept-Encoding %{fix_accept_encoding}e env=fix_accept_encoding</pre> 427 428 429 430 431 <h3><a name="misbehaving" id="misbehaving">Changing protocol behavior with misbehaving clients</a></h3> 432 433 434 <p>Earlier versions recommended that the following lines be included in 435 httpd.conf to deal with known client problems. Since the affected clients 436 are no longer seen in the wild, this configuration is likely no-longer 437 necessary.</p> 438<pre class="prettyprint lang-config"># 439# The following directives modify normal HTTP response behavior. 440# The first directive disables keepalive for Netscape 2.x and browsers that 441# spoof it. There are known problems with these browser implementations. 442# The second directive is for Microsoft Internet Explorer 4.0b2 443# which has a broken HTTP/1.1 implementation and does not properly 444# support keepalive when it is used on 301 or 302 (redirect) responses. 445# 446BrowserMatch "Mozilla/2" nokeepalive 447BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 448 449# 450# The following directive disables HTTP/1.1 responses to browsers which 451# are in violation of the HTTP/1.0 spec by not being able to understand a 452# basic 1.1 response. 453# 454BrowserMatch "RealPlayer 4\.0" force-response-1.0 455BrowserMatch "Java/1\.0" force-response-1.0 456BrowserMatch "JDK/1\.0" force-response-1.0</pre> 457 458 459 460 <h3><a name="no-img-log" id="no-img-log">Do not log requests for images in the access log</a></h3> 461 462 463 <p>This example keeps requests for images from appearing in the 464 access log. It can be easily modified to prevent logging of 465 particular directories, or to prevent logging of requests 466 coming from particular hosts.</p> 467 468 <pre class="prettyprint lang-config">SetEnvIf Request_URI \.gif image-request 469SetEnvIf Request_URI \.jpg image-request 470SetEnvIf Request_URI \.png image-request 471CustomLog logs/access_log common env=!image-request</pre> 472 473 474 475 <h3><a name="image-theft" id="image-theft">Prevent "Image Theft"</a></h3> 476 477 478 <p>This example shows how to keep people not on your server 479 from using images on your server as inline-images on their 480 pages. This is not a recommended configuration, but it can work 481 in limited circumstances. We assume that all your images are in 482 a directory called <code>/web/images</code>.</p> 483 484 <pre class="prettyprint lang-config">SetEnvIf Referer "^http://www\.example\.com/" local_referal 485# Allow browsers that do not send Referer info 486SetEnvIf Referer "^$" local_referal 487<Directory /web/images> 488 Require env local_referal 489</Directory></pre> 490 491 492 <p>For more information about this technique, see the 493 "<a href="http://www.serverwatch.com/tutorials/article.php/1132731">Keeping Your Images from Adorning Other Sites</a>" 494 tutorial on ServerWatch.</p> 495 496 </div></div> 497<div class="bottomlang"> 498<p><span>Available Languages: </span><a href="/en/env.html" title="English"> en </a> | 499<a href="/fr/env.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> | 500<a href="/ja/env.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | 501<a href="/ko/env.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | 502<a href="/tr/env.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> 503</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> 504<script type="text/javascript"><!--//--><![CDATA[//><!-- 505var comments_shortname = 'httpd'; 506var comments_identifier = 'http://httpd.apache.org/docs/2.4/env.html'; 507(function(w, d) { 508 if (w.location.hostname.toLowerCase() == "httpd.apache.org") { 509 d.write('<div id="comments_thread"><\/div>'); 510 var s = d.createElement('script'); 511 s.type = 'text/javascript'; 512 s.async = true; 513 s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; 514 (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); 515 } 516 else { 517 d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); 518 } 519})(window, document); 520//--><!]]></script></div><div id="footer"> 521<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> 522<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- 523if (typeof(prettyPrint) !== 'undefined') { 524 prettyPrint(); 525} 526//--><!]]></script> 527</body></html>