Apache environment variables (often called "mod_rewrite variables" or "server variables") are special tokens that provide access to HTTP request information and server configuration. These variables are commonly used in:
- .htaccess files
- Apache configuration files
- mod_rewrite rules
- CGI scripts
While Apache's documentation doesn't provide a single comprehensive list, these resources cover most variables:
- mod_rewrite documentation - Covers rewrite-specific variables
- Environment Variables in Apache - General environment variables
- mod_ssl variables - SSL-specific variables
Method 1: Using PHP to Dump All Variables
Create a PHP file (e.g., env.php) with this code:
<?php
// Display all server variables
echo '<pre>';
print_r($_SERVER);
echo '</pre>';
?>
Method 2: mod_rewrite Logging
Add to your .htaccess:
RewriteEngine On
RewriteLog "/path/to/rewrite.log"
RewriteLogLevel 3
Here's a categorized list of frequently used variables:
HTTP Headers
%{HTTP_USER_AGENT}- Client browser information%{HTTP_REFERER}- Referring URL%{HTTP_HOST}- Requested hostname%{HTTP_ACCEPT}- Accept header content
Connection Information
%{REMOTE_ADDR}- Client IP address%{REMOTE_USER}- Authenticated username%{REQUEST_METHOD}- GET, POST, etc.
Practical Example: Blocking Bad Bots
Here's how to use these variables in a .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (badbot1|badbot2) [NC]
RewriteRule ^ - [F,L]
Example using multiple variables:
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When variables don't work as expected:
- Check for typos in variable names
- Verify the module providing the variable is loaded
- Test with different request methods
- Check Apache error logs
Remember that some variables are only available:
- After certain processing phases
- With specific modules enabled
- For certain request methods
Apache environment variables are essential for server configuration, logging, and conditional logic. They appear in formats like %{Referer} or %{User-agent} and are used in directives such as RewriteCond, SetEnvIf, and Header.
Apache's core docs don't provide a single exhaustive list, but variables are documented across multiple pages:
Here are three methods to find available variables:
1. Using mod_info
Enable mod_info and visit http://yourserver/server-info to see all loaded modules and their variables:
<Location /server-info>
SetHandler server-info
Require host example.com
</Location>
2. Logging All Variables
Create a test handler to dump variables:
<Location /dumpvars>
SetHandler default-handler
RewriteEngine On
RewriteRule .* - [E=DUMP_ALL_VARS:1]
Header set X-Vars "%{DUMP_ALL_VARS}e" env=DUMP_ALL_VARS
</Location>
3. Command Line Inspection
For compiled-in variables, use:
apachectl -t -D DUMP_MODULES 2>&1 | grep -E 'mod_|_module'
| Variable Type | Examples | Module |
|---|---|---|
| HTTP Headers | %{HTTP_USER_AGENT}, %{HTTP_REFERER} | core |
| Request Metadata | %{REQUEST_URI}, %{QUERY_STRING} | core |
| Server Config | %{DOCUMENT_ROOT}, %{SERVER_PORT} | core |
| Special Rewrite | %{REQUEST_FILENAME}, %{IS_SUBREQ} | mod_rewrite |
Conditional Redirect Based on User Agent
RewriteCond %{HTTP_USER_AGENT} "android"
RewriteRule ^(.*)$ /mobile/$1 [R=302,L]
Custom Log Format Including Variables
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" custom_log
CustomLog logs/access_log custom_log
Environment-Based Header Setting
SetEnvIf Request_URI "^/secure/" secure_area
Header set X-Frame-Options "DENY" env=secure_area
When variables don't work as expected:
- Check if the required module is loaded
- Verify variable syntax (%{VAR}e vs %{VAR}s)
- Test with simple echo first
- Check error logs for hints