Appendix C: Environment Variables

Environment variables provide input for external programs accessed by content delivery modules such as mod_cgi and mod_php. The value of an environment variable can depend on the server, the server platform, the state of the system, the date or time, or HTML form input. This appendix provides information about environment variables commonly associated with Stronghold and other Web server software.

Environment variables can be set in several ways:

Some environment variables are set by the system or in run command files.
Environment variables corresponding to HTTP metainformation can be set by CGI programs on the basis of HTTP request headers sent by the client.
Variables can be set on a per-object basis using the PassEnv and SetEnv directives.
Variables can be set conditionally, based on any request criteria, using the SetEnvIf and SetEnvIfNoCase directives.
The special environment variable UNIQUE_ID is set by mod_unique_id, which assigns a unique identifier to every request.
Variables can be set by programs themselves.

This appendix divides environment variables into three categories:

server variables
client request variables
SSL/TLS security variables

Server Variables

These variables pertain to the server software and its current configuration.

SERVER_SOFTWARE

Syntax: SERVER_SOFTWARE=Stronghold/3.0 Apache/1.3.1
Context: server

The name and version number of the server software, including its Apache core

GATEWAY_INTERFACE

Syntax: GATEWAY_INTERFACE=CGI/1.1
Context: server

The name and version number of your CGI gateway, which does not change unless you switch to a different version of the CGI module

SERVER_ADMIN

Syntax: SERVER_ADMIN=email-address
Context: server

The server administrator's email address or other information, from httpd.conf

SERVER_ROOT

Syntax: SERVER_ROOT=path
Context: server

The path to the ServerRoot directory, from httpd.conf

DOCUMENT_ROOT

Syntax: DOCUMENT_ROOT=path
Context: server

The root directory for Web documents, from httpd.conf

Client Request Variables

These variables are derived from the HTTP headers of client requests. Their values vary with the client software and the nature of the request.

UNIQUE_ID

Syntax: UNIQUE_ID IP, PID, time_stamp, counter
Context: client request

The unique identifier for this request, set by the module mod_unique_id and consisting of the requested IP number, the process ID of the child HTTPD process handling the request, the UNIX time stamp, and the value of a 16-bit counter (to distinguish requests received during the same second in time), with a possible 65,536 unique identifiers per second per HTTPD process

SERVER_NAME

Syntax: SERVER_NAME=host
Context: client request

The host being addressed in this request, which may be the main host or a virtual host, either as a fully-qualified domain name or an IP address

HTTP_HOST

Syntax: HTTP_HOST=host
Context: client request
Same as SERVER_NAME

HTTP_ACCEPT

Syntax: HTTP_ACCEPT=MIME-type[, MIME-type, MIME-type ...]
Context: client request

One or more MIME types that the client can accept

HTTP_COOKIE

Syntax: HTTP_COOKIE=cookie
Context: client request
The cookie presented in the Cookie header of the client request, if any.

HTTP_USER_AGENT

Syntax: HTTP_USER_AGENT=name/version (platform)
Context: client request
The name, version number, and platform of the client software

SERVER_PORT

Syntax: SERVER_PORT=port
Context: client request
The port number to which the request was sent

REMOTE_HOST

Syntax: REMOTE_HOST=host
Context: client request
The hostname or IP address of the client host or proxy server that originated the request.

	This is only set if Stronghold is `not` compiled with MINIMAL_DNS, or if `HostnameLookups` is set to "off."

REMOTE_PORT

Syntax: REMOTE_PORT=port
Context: client request
The client-side port number that originated the request

REMOTE_ADDR

Syntax: REMOTE_ADDR=IP
Context: client request
The IP number of the client host

REMOTE_USER

Syntax: REMOTE_USER=username
Context: client request
The remote username, if the script is subject to basic authentication

REMOTE_IDENT

Syntax: REMOTE_IDENT=ident
Context: client request
The remote username as supplied by identd, if available

	This is only set if `IdentityCheck` is set to "on."

SERVER_PROTOCOL

Syntax: SERVER_PROTOCOL=protocol/version
Context: client request
The protocol and version number used to send the request, which Stronghold also uses in its response in order to ensure compatibility with the client

REQUEST_METHOD

Syntax: REQUEST_METHOD=method
Context: client request
The method used in this request, such as GET or POST

AUTH_TYPE

Syntax: AUTH_TYPE=method
Context: client request
The authentication method used in this request, if any

CONTENT_TYPE

Syntax: CONTENT_TYPE=MIME-type
Context: client request
The MIMN type of any data attached to the request header

CONTENT_LENGTH

Syntax:   CONTENT_LENGTH=n
Context:   client request
Module:
The size, in bytes of any data attached to the request header

SCRIPT_NAME

Syntax: SCRIPT_NAME=path/to/script
Context: client request
The URI of the requested script

SCRIPT_FILENAME

Syntax: SCRIPT_FILENAME=absolute/path/to/script
Context: client request
The absolute path to the requested script

SCRIPT_URI

Syntax: SCRIPT_URI=method://host/path/to/script
Context: client request
The URI of the requested script

SCRIPT_URL

Syntax: SCRIPT_URL=path/to/script
Context: client request
The URL of the requested script

QUERY_STRING

Syntax: QUERY_STRING=string
Context: client request
The query-string for this transaction, embedded in the requested URL

PATH_INFO

Syntax: PATH_INFO=info
Context: client request
Extra path information submitted in the request URL and used as input to a CGI program

PATH_TRANSLATED

Syntax: PATH_TRANSLATED=path
Context: client request
The absolute path of the requested file, if the value of PATH_INFO can be translated to a file

ERROR_NOTES

Syntax: ERROR_NOTES notes
Context: client request
Information about errors that occur during the fulfillment of a client request, such as

malformed header from script. Bad header=test bad header output Premature end of script headers

	In the error document CGI, this variable is actually called REDIRECT_ERROR_NOTES because it relates to the requested document, not the error document.

SSL/TLS Variables

These variables are specific to SSL and TLS:

protocol variables
server security variables
client security variables

Protocol Variables

These variables relate to the SSL and TLS protocols.

SSL_PROTOCOL_VERSION

Syntax: SSL_PROTOCOL_VERSION=2|3
Context: SSL/TLS
The version of SSL/TLS used in this transaction, either TLS version 1 or SSL version 2 or 3

SSLEAY_VERSION

Syntax: SSLEAY_VERSION=n
Context: SSL/TLS
The current version of SSLeay

HTTPS

Syntax: HTTPS=on|off
Context: SSL/TLS
"On" or "off," depending on whether SSL/TLS is turned on

HTTPS_SECRETKEYSIZE

Syntax: HTTPS_SECRETKEYSIZE=n
Context: SSL/TLS
The size, in bytes of the server's private key

HTTPS_KEYSIZE

Syntax: HTTPS_KEYSIZE=n
Context: SSL/TLS
The full size, in bytes, of the server's public key

	This is different fro HTTPS_SECRETKEYSIZE only if you are using an exort-crippled cryptography scheme.

HTTPS_CIPHER

Syntax: HTTPS_CIPHER=cipher
Context: SSL/TLS
Same as SSL_CIPHER

HTTPS_EXPORT

Syntax: HTTPS_EXPORT=true|false
Context: SSL/TLS
"False" if the session uses a cipher that is restricted for export, "true" if it uses an exportable (crippled) cipher

SSL_SERVER_SESSIONDIR

Syntax: SSL_SERVER_SESSIONDIR=path
Context: SSL/TLS
The session caching directory, if applicable

SSL_SERVER_CERTIFICATELOGDIR

Syntax: SSL_SERVER_CERTIFICATELOGDIR=path
Context: SSL/TLS
The directory where Stronghold logs client certificates

SSL_CIPHER

Syntax: SSL_CIPHER=cipher
Context: SSL/TLS
The type of cipher used for the current session

Server Security Variables

SSL_SERVER_CERTFILE

Syntax: SSL_SERVER_CERTFILE=filename
Context: SSL/TLS server
The server's certificate file

SSL_SERVER_KEYFILE

Syntax: SSL_SERVER_KEYFILE=filename
Context: SSL/TLS server
The server's private key file

SSL_SERVER_KEYFILETYPE

Syntax: SSL_SERVER_KEYFILETYPE=PEM
Context: SSL/TLS server
The format of the server's public key file; only PEM is supported

SSL_SERVER_KEY_SIZE

Syntax: SSL_SERVER_KEY_SIZE=n
Context: SSL/TLS server
The size, in bytes, of the server's public key

SSL_SERVER_KEY_ALGORITHM

Syntax: SSL_SERVER_KEY_ALGORITHM=algorithm
Context: SSL/TLS server
The algorithm used to generate the server's public key

SSL_SERVER_CERTIFICATE

Syntax: SSL_SERVER_CERTIFICATE=hash
Context: SSL/TLS server
A hash of the certificate

SSL_SERVER_CERT_START

Syntax: SSL_SERVER_CERT_START=date
Context: SSL/TLS server
The date on which the server certificate becomes valid, in ASN1 format

SSL_SERVER_CERT_END

Syntax: SSL_SERVER_CERT_END=date
Context: SSL/TLS server
The date on which the server certificate is no longer valid

SSL_SERVER_EMAIL

Syntax: SSL_SERVER_EMAIL=email-address
Context: SSL/TLS server
The email address of the server administrator

SSL_SERVER_O

Syntax: SSL_SERVER_O=organization
Context: SSL/TLS server
The name of the organization to which the server certificate belongs

SSL_SERVER_C

Syntax: SSL_SERVER_C=country-code
Context: SSL/TLS server
The two-character code for the country in which the server resides; valid country codes are listed in Appendix D

SSL_SERVER_SP

Syntax: SSL_SERVER_SP=state|province
Context: SSL/TLS server
The state or province in which the server resides

SSL_SERVER_L

Syntax: SSL_SERVER_L=locality
Context: SSL/TLS server
The locality, such as a town or city, in which the server resides

SSL_SERVER_SIGNATURE_ALGORITHM

Syntax: SSL_SERVER_SIGNATURE_ALGORITHM=algorithm
Context: SSL/TLS server
The algorithm used the sign the server's certificate

SSL_SERVER_IO

Syntax: SSL_SERVER_IO=CA
Context: SSL/TLS server
Issuer Organization, the name of the Certification Authority (CA) that issued the server's certificate

SSL_SERVER_IOU

Syntax: SSL_SERVER_IOU=organizational-unit
Context: SSL server
Issuer Organizational Unit, the name of the organizational unit of the CA that issued the server certificate

SSL_SERVER_IEMAIL

Syntax: SSL_SERVER_IEMAIL=email-address
Context: SSL/TLS server
Issuer Email, the contact email address of the CA that signed the server certificate

SSL_SERVER_ICN

Syntax: SSL_SERVER_ICN=hostname
Context: SSL/TLS server
Issuer Common Name, the hostname of the CA that issued the server certificate

SSL_SERVER_IL

Syntax: SSL_SERVER_IL=locality
Context: SSL/TLS server
Issuer Locality, the locality of the CA that issued the server certificate

SSL_SERVER_ISP

Syntax: SSL_SERVER_ISP=state|province
Context: SSL/TLS server
Issuer State/Province, the state or province of the CA that issued the server certificate

SSL_SERVER_IC

Syntax: SSL_SERVER_IC=country-code
Context: SSL/TLS server
Issuer Country, the two-character code for the country in which the CA that issued the server certificate resides; valid country codes are listed in Appendix DClient Security Variables

SSL_CLIENT_KEY_ALGORITHM

Syntax: SSL_CLIENT_KEY_ALGORITHM=algorithm
Context: SSL/TLS client
The algorithm used to generate the client's public key

SSL_CLIENT_KEY_SIZE

Syntax: SSL_CLIENT_KEY_SIZE=n
Context: SSL/TLS client
The size, in bytes, of the client's public key

SSL_CLIENT_CERTIFICATE

Syntax: SSL_CLIENT_CERTIFICATE=hash
Context: SSL/TLS client
A hash of the client's certificate

SSL_CLIENT_CN

Syntax: SSL_CLIENT_CN=name
Context: SSL/TLS client
The name of the client certificate's bearer

SSL_CLIENT_EMAIL

Syntax: SSL_CLIENT_EMAIL=email-address
Context: SSL/TLS client
The email address of the client certificate's bearer

SSL_CLIENT_OU

Syntax: SSL_CLIENT_OU=organizational-unit
Context: SSL/TLS client
The organizational unit of the client certificate's bearer

SSL_CLIENT_C

Syntax: SSL_CLIENT_C=country-code
Context: SSL/TLS client
The two-character code for the country in which the client resides; valid country codes are listed in Appendix D

SSL_CLIENT_SP

Syntax: SSL_CLIENT_SP=state|province
Context: SSL/TLS client
The state or province in which the client resides

SSL_CLIENT_L

Syntax: SSL_CLIENT_L=locality
Context: SSL/TLS client
The locality, such as a city or town, in which the client resides

SSL_CLIENT_CERT_START

Syntax: SSL_CLIENT_CERT_START=date
Context: SSL/TLS client
The date on which the client's certificate becomes valid, in ASN1 format

SSL_CLIENT_CERT_END

Syntax: SSL_CLIENT_CERT_END=date
Context: SSL/TLS client
The date on which the client's certificate is no longer valid, in ASN1 format

SSL_CLIENT_O

Syntax: SSL_CLIENT_O=organization
Context: SSL/TLS client
The name of the organization to which the client belongs

SSL_CLIENT_IO

Syntax: SSL_CLIENT_IO=CA
Context: SSL/TLS client
The name of the CA that issued the client certificate

SSL_CLIENT_IOU

Syntax: SSL_CLIENT_IOU=organizational-unit
Context: SSL/TLS client
The name of the organizational unit of the CA that issued the client certificate

SSL_CLIENT_IEMAIL

Syntax: SSL_CLIENT_IEMAIL=email-address
Context: SSL/TLS client
The contact email address of the CA that issued the client certificate

SSL_CLIENT_IC

Syntax: SSL_CLIENT_IC=country-code
Context: SSL/TLS client
The country in which the CA that issued the client certificate resides; valid country codes are listed in Appendix D

SSL_CLIENT_IL

Syntax: SSL_CLIENT_IL=locality
Context: SSL/TLS client
The locality, such as a city or town, of the CA that issued the client certificate

SSL_CLIENT_ICN

Syntax: SSL_CLIENT_ICN=hostname
Context: SSL/TLS client
The hostname of the CA that issued the client certificate

SSL_CLIENT_ISP

Syntax: SSL_CLIENT_ISP=state|province
Context: SSL/TLS client
The state or province of the CA that issued the client certificate

SSL_CLIENT_SIGNATURE_ALGORITHM

Syntax: SSL_CLIENT_SIGNATURE_ALGORITHM=algorithm
Context: SSL/TLS client
The algorithm used to sign the client certificate