Home
SSL environment variables
The mod_ibm_ssl parameter provides access to information about an SSL session by setting variables in the Apache API subprocess_env table for the active request. These variables are considered environment variables because of how information is accessed when the variables are passed to CGI applications. You can categorize SSL environment variables into three types based on the type of information that is accessed when the variable is passed to the application.
- Variables for information regarding the SSL handshake
- Variables for exposing the server certificate information
- Variables for exposing client certificate information, when client authentication is enabled.
The following table provides the types of access to information as well as the mechanisms used to access information using SSL environment variables.
Table 1. Types of access and mechanisms for SSL environment variables
Access type Mechanism access from a CGI or FastCGI application The information is passed to the CGI application as an environment variable. Use the method provided by the implementation language for accessing environments, such as getenv ("HTTPS") in C or $ENV{'HTTPS'} in Perl. For an SSL environment variable to be used in CGI or FastCGI, there must be a corresponding PassEnv directive. access from a plug-in module The information is available in the subprocess_env table after the quick handler has run. Access it with a call such as apr_table_lookup (r->subprocess_env,"HTTPS") logging into the access log with other information about the request Use the following %{varname}e example. LogFormat "%h %l %u %t \ "%r\ " %>s %b %{HTTPS}e" ssl-customIf the information is not available, mod_log_config logs a dash (-) for the field.
use with the setenvif variable # Silly example, don't compress SSL connections SetEnvIf HTTPS no-gzipuse as part of a mod_rewrite rule variable RewriteEngine On RewriteCond %{ENV:HTTPS} ^OFF$ RewriteRule .* /no-sssl.htmlaccess in an SSI document In order for an SSL environment variable to be used in an SSI document, there must be a corresponding PassEnv directive. SSL is <!--#echo var="HTTPS" -->access control Allow from env=HTTPS
Subtopics
SSL handshake environment variables