SetEnvIf and SetEnvIfNoCase are really useful directives supplied by the mod_setenvif module that allow you to conditionally set environment variables accessible by scripts and apache based on the value of HTTP Headers, Other Variables, and Request information.
For debugging, you may want to use my server environment variable debugging script
These can be used for attribute
.
crawl-66-249-70-24.googlebot.com
66.249.70.24
208.113.183.103
GET
HTTP/1.1
/robots.txt
SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
SetEnvIfNoCase Remote_Host "(.*)" HTTP_MY_REMOTE_HOST=$1 SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1 SetEnvIfNoCase Server_Addr "(.*)" HTTP_MY_SERVER_ADDR=$1 SetEnvIfNoCase Request_Method "(.*)" HTTP_MY_REQUEST_METHOD=$1 SetEnvIfNoCase Request_Protocol "(.*)" HTTP_MY_REQUEST_PROTOCOL=$1 SetEnvIfNoCase Request_URI "(.*)" HTTP_MY_REQUEST_URI=$1
Sets REMOTE_HOST to www.askapache.com if Remote_Addr=208.113.183.103. This can be useful if your server doesn't automatically do a reverse lookup on a remote address, so this way you can tell if the request was internal/from your server.
SetEnvIf Remote_Addr 208.113.183.103 REMOTE_HOST=www.askapache.com
SetEnvIfNoCase ^HOST$ .+ HTTP_MY_HAS_HOST Order Deny,Allow Deny from All Allow from env=HTTP_MY_HAS_HOST
or
SetEnvIfNoCase Host .+ HTTP_MY_HAS_HOST Order Deny,Allow Deny from All Allow from env=HTTP_MY_HAS_HOST
SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1 SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1 SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1 SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1 SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1 SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1
This is useful in disallowing direct access to interpreters like shell scripts, cgi scripts, and other interpreters. Only works this way if you have a static IP for your server. So the only way to access these files is by instructing the server itself to request the file, using an Action directive or by requesting the file through a .php or other script using curl or wget, or something like fsockopen.
SetEnvIfNoCase Remote_Addr 208.113.183.103 REDIRECT_STATUS Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS
Can be useful if your site is getting hammered by spambots. Some nice examples from around the net are at Fight Blog Spam With Apache... Keep in mind the HTTP_USER_AGENT is directly from the client, so its easy to spoof / change. Instead use mod_security for a much better solution.
SetEnvIfNoCase User-Agent "^Bandit" bad_bot SetEnvIfNoCase User-Agent "^Baiduspider" bad_bot SetEnvIfNoCase User-Agent "^BatchFTP" bad_bot SetEnvIfNoCase User-Agent "^Bigfoot" bad_bot SetEnvIfNoCase User-Agent "^Black.Hole" bad_bot Order Allow,Deny Allow from All Deny from env=bad_bot
This does the opposite of above, allowing ONLY these web robots access. Other than rogue robots, configuring your robots.txt file correctly will keep most robots where you want them.
SetEnvIfNoCase User-Agent .*google.* search_robot SetEnvIfNoCase User-Agent .*yahoo.* search_robot SetEnvIfNoCase User-Agent .*bot.* search_robot SetEnvIfNoCase User-Agent .*ask.* search_robot Order Deny,Allow Deny from All Allow from env=search_robot
Description: | Sets environment variables based on attributes of the request |
---|---|
Syntax: | SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... |
Context: | server config, virtual host, directory, .htaccess |
Override: | FileInfo |
Status: | Base |
Module: | mod_setenvif |
The SetEnvIf
directive defines environment variables based on attributes of the request. The attribute specified in the first argument can be one of three things:
Host
, User-Agent
, Referer
, and Accept-Language
. A regular expression may be used to specify a set of request headers.Remote_Host
- the hostname (if available) of the client making the requestRemote_Addr
- the IP address of the client making the requestServer_Addr
- the IP address of the server on which the request was received (only with versions later than 2.0.43)Request_Method
- the name of the method being used (GET
, POST
, et cetera)Request_Protocol
- the name and version of the protocol with which the request was made (e.g., "HTTP/0.9", "HTTP/1.1", etc.)Request_URI
- the resource requested on the HTTP request line -- generally the portion of the URL following the scheme and host portion without the query string. See the RewriteCond
directive of mod_rewrite
for extra information on how to match your query string.SetEnvIf
directives to test against the result of prior matches. Only those environment variables defined by earlier SetEnvIf[NoCase]
directives are available for testing in this manner. 'Earlier' means that they were defined at a broader scope (such as server-wide) or previously in the current directive's scope. Environment variables will be considered only if there was no match among request characteristics and a regular expression was not used for the attribute.The second argument (regex) is a regular expression. If the regex matches against the attribute, then the remainder of the arguments are evaluated.
The rest of the arguments give the names of variables to set, and optionally values to which they should be set. These take the form of
varname
!varname
varname=value
In the first form, the value will be set to "1". The second will remove the given variable if already defined, and the third will set the variable to the literal value given by value
. Since version 2.0.51 Apache will recognize occurrences of $1
..$9
within value and replace them by parenthesized subexpressions of regex.
SetEnvIf Request_URI ".gif$" object_is_image=gif SetEnvIf Request_URI ".jpg$" object_is_image=jpg SetEnvIf Request_URI ".xbm$" object_is_image=xbm SetEnvIf Referer www.askapache.com intra_site_referral SetEnvIf object_is_image xbm XBIT_PROCESSING=1 SetEnvIf ^SETENVIF* ^[a-z].* HAS_SETENVIF
The first three will set the environment variable object_is_image
if the request was for an image file, and the fourth sets intra_site_referral
if the referring page was somewhere on the www.askapache.com
Web site.
The last example will set environment variable HAS_SETENVIF
if the request contains any headers that begin with "SETENVIF" whose values begins with any character in the set [a-z].