| "<
strong>%{</
strong>" funcname "<
strong>:</
strong>" funcargs "<
strong>}</
strong>"
rebackref ::= "<
strong>$</
strong>" [0-9]
function ::= funcname "<
strong>(</
strong>" word "<
strong>)</
strong>"
listfunction ::= listfuncname "<
strong>(</
strong>" word "<
strong>)</
strong>"
<
p>The expression parser provides a number of variables of the form
<
code>%{HTTP_HOST}</
code>. Note that the value of a variable may depend
on the phase of the request processing in which it is evaluated. For
example, an expression used in an <
directive><If ></
directive>
directive is evaluated before authentication is done. Therefore,
<
code>%{REMOTE_USER}</
code> will not be set in this case.</
p>
<
p>The following variables provide the values of the named HTTP request
headers. The values of other headers can be obtained witht the
<
code>req</
code> <
a href="#functions">function</
a>.</
p>
<
table border="1" style="zebra">
<
columnspec><
column width="1"/></
columnspec>
<
tr><
td><
code>HTTP_ACCEPT</
code></
td></
tr>
<
tr><
td><
code>HTTP_FORWARDED</
code></
td></
tr>
<
tr><
td><
code>HTTP_HOST</
code></
td></
tr>
<
tr><
td><
code>HTTP_PROXY_CONNECTION</
code></
td></
tr>
<
tr><
td><
code>HTTP_REFERER</
code></
td></
tr>
<
tr><
td><
code>HTTP_USER_AGENT</
code></
td></
tr>
<
p>Other request related variables</
p>
<
table border="1" style="zebra">
<
columnspec><
column width=".4"/><
column width=".6"/></
columnspec>
<
tr><
th>Name</
th><
th>Description</
th></
tr>
<
tr><
td><
code>REQUEST_METHOD</
code></
td>
<
td>The HTTP method of the incoming request (
e.g. <
code>GET</
code>)</
td></
tr>
<
tr><
td><
code>REQUEST_SCHEME</
code></
td>
<
td>The scheme part of the request's URI</
td></
tr>
<
tr><
td><
code>REQUEST_URI</
code></
td>
<
td>The path part of the request's URI</
td></
tr>
<
tr><
td><
code>DOCUMENT_URI</
code></
td>
<
td>Same as REQUEST_URI</
td></
tr>
<
tr><
td><
code>REQUEST_FILENAME</
code></
td>
<
td>The full local filesystem path to the file or script matching the
request, if this has already been determined by the server at the
time <
code>REQUEST_FILENAME</
code> is referenced. Otherwise, such
as when used in virtual host context, the same value as
<
code>REQUEST_URI</
code> </
td></
tr>
<
tr><
td><
code>SCRIPT_FILENAME</
code></
td>
<
td>Same as <
code>REQUEST_FILENAME</
code></
td></
tr>
<
tr><
td><
code>LAST_MODIFIED</
code></
td>
<
td>The date and time of last modification of the file in the format
<
code>20101231235959</
code>, if this has already been determined by
the server at the time <
code>LAST_MODIFIED</
code> is referenced.
<
tr><
td><
code>SCRIPT_USER</
code></
td>
<
td>The user name of the owner of the script.</
td></
tr>
<
tr><
td><
code>SCRIPT_GROUP</
code></
td>
<
td>The group name of the group of the script.</
td></
tr>
<
tr><
td><
code>PATH_INFO</
code></
td>
<
td>The trailing path name information, see
<
directive module="core">AcceptPathInfo</
directive></
td></
tr>
<
tr><
td><
code>QUERY_STRING</
code></
td>
<
td>The query string of the current request</
td></
tr>
<
tr><
td><
code>IS_SUBREQ</
code></
td>
<
td>"<
code>true</
code>" if the current request is a subrequest,
"<
code>false</
code>" otherwise</
td></
tr>
<
tr><
td><
code>THE_REQUEST</
code></
td>
<
td>The complete request line (
e.g.,
<
tr><
td><
code>REMOTE_ADDR</
code></
td>
<
td>The IP address of the remote host</
td></
tr>
<
tr><
td><
code>REMOTE_HOST</
code></
td>
<
td>The host name of the remote host</
td></
tr>
<
tr><
td><
code>REMOTE_USER</
code></
td>
<
td>The name of the authenticated user (if any)</
td></
tr>
<
tr><
td><
code>REMOTE_IDENT</
code></
td>
<
td>The user name set by <
module>mod_ident</
module></
td></
tr>
<
tr><
td><
code>SERVER_NAME</
code></
td>
<
td>The <
directive module="core">ServerName</
directive> of
the current vhost</
td></
tr>
<
tr><
td><
code>SERVER_PORT</
code></
td>
<
td>The server port of the current vhost, see
<
directive module="core">ServerName</
directive></
td></
tr>
<
tr><
td><
code>SERVER_ADMIN</
code></
td>
<
td>The <
directive module="core">ServerAdmin</
directive> of
the current vhost</
td></
tr>
<
tr><
td><
code>SERVER_PROTOCOL</
code></
td>
<
td>The protocol used by the request</
td></
tr>
<
tr><
td><
code>DOCUMENT_ROOT</
code></
td>
<
td>The <
directive module="core">DocumentRoot</
directive> of
the current vhost</
td></
tr>
<
tr><
td><
code>AUTH_TYPE</
code></
td>
<
td>The configured <
directive module="mod_authn_core">AuthType</
directive>
(
e.g. "<
code>basic</
code>")</
td></
tr>
<
tr><
td><
code>CONTENT_TYPE</
code></
td>
<
td>The content type of the response</
td></
tr>
<
tr><
td><
code>HANDLER</
code></
td>
<
td>The name of the <
a href="handler.html">handler</
a> creating
<
tr><
td><
code>HTTPS</
code></
td>
<
td>"<
code>on</
code>" if the request uses https,
"<
code>off</
code>" otherwise</
td></
tr>
<
tr><
td><
code>IPV6</
code></
td>
<
td>"<
code>on</
code>" if the connection uses IPv6,
"<
code>off</
code>" otherwise</
td></
tr>
<
tr><
td><
code>REQUEST_STATUS</
code></
td>
<
td>The HTTP error status of the request</
td></
tr>
<
tr><
td><
code>REQUEST_LOG_ID</
code></
td>
<
td>The error log id of the request (see
<
directive module="core">ErrorLogFormat</
directive>)</
td></
tr>
<
tr><
td><
code>CONN_LOG_ID</
code></
td>
<
td>The error log id of the connection (see
<
directive module="core">ErrorLogFormat</
directive>)</
td></
tr>
<
tr><
td><
code>CONN_REMOTE_ADDR</
code></
td>
<
td>The raw IP address of the remote host (see the
<
module>mod_remoteip</
module> module)</
td></
tr>
<
table border="1" style="zebra">
<
columnspec><
column width=".4"/><
column width=".6"/></
columnspec>
<
tr><
th>Name</
th><
th>Description</
th></
tr>
<
tr><
td><
code>TIME_YEAR</
code></
td>
<
td>The current year (
e.g. <
code>2010</
code>)</
td></
tr>
<
tr><
td><
code>TIME_MON</
code></
td>
<
td>The current month (<
code>1</
code>, ..., <
code>12</
code>)</
td></
tr>
<
tr><
td><
code>TIME_DAY</
code></
td>
<
td>The current day of the month</
td></
tr>
<
tr><
td><
code>TIME_HOUR</
code></
td>
<
td>The hour part of the current time
(<
code>0</
code>, ..., <
code>23</
code>)</
td></
tr>
<
tr><
td><
code>TIME_MIN</
code></
td>
<
td>The minute part of the current time </
td></
tr>
<
tr><
td><
code>TIME_SEC</
code></
td>
<
td>The second part of the current time </
td></
tr>
<
tr><
td><
code>TIME_WDAY</
code></
td>
<
td>The day of the week (starting with <
code>0</
code>
<
tr><
td><
code>TIME</
code></
td>
<
td>The date and time in the format <
code>20101231235959</
code></
td></
tr>
<
tr><
td><
code>SERVER_SOFTWARE</
code></
td>
<
td>The server version string</
td></
tr>
<
tr><
td><
code>API_VERSION</
code></
td>
<
td>The date of the API version (module magic number)</
td></
tr>
<
p>Some modules register additional variables, see
e.g. <
module>mod_ssl</
module>.</
p>
<
title>Binary operators</
title>
<
p>With the exception of some built-in comparison operators, binary
operators have the form "<
code>-[a-zA-Z][a-zA-Z0-9_]+</
code>",
i.e. a
minus and at least two characters. The name is not case sensitive.
Modules may register additional binary operators.</
p>
<
title>Comparison operators</
title>
<
table border="1" style="zebra">
<
columnspec><
column width=".2"/><
column width=".2"/><
column width=".6"/></
columnspec>
<
tr><
th>Name</
th><
th>Alternative</
th> <
th>Description</
th></
tr>
<
tr><
td><
code>==</
code></
td>
<
td>String equality</
td></
tr>
<
tr><
td><
code>!=</
code></
td>
<
td>String inequality</
td></
tr>
<
tr><
td><
code><</
code></
td>
<
td>String less than</
td></
tr>
<
tr><
td><
code><=</
code></
td>
<
td>String less than or equal</
td></
tr>
<
tr><
td><
code>></
code></
td>
<
td>String greater than</
td></
tr>
<
tr><
td><
code>>=</
code></
td>
<
td>String greater than or equal</
td></
tr>
<
tr><
td><
code>-eq</
code></
td>
<
td>Integer equality</
td></
tr>
<
tr><
td><
code>-ne</
code></
td>
<
td>Integer inequality</
td></
tr>
<
tr><
td><
code>-lt</
code></
td>
<
td>Integer less than</
td></
tr>
<
tr><
td><
code>-le</
code></
td>
<
td>Integer less than or equal</
td></
tr>
<
tr><
td><
code>-gt</
code></
td>
<
td>Integer greater than</
td></
tr>
<
tr><
td><
code>-ge</
code></
td>
<
td>Integer greater than or equal</
td></
tr>
<
section id="binaryother">
<
title>Other binary operators</
title>
<
table border="1" style="zebra">
<
columnspec><
column width=".2"/><
column width=".8"/></
columnspec>
<
tr><
th>Name</
th><
th>Description</
th></
tr>
<
tr><
td><
code>-ipmatch</
code></
td>
<
tr><
td><
code>-strmatch</
code></
td>
<
td>left string matches pattern given by right string (containing
wildcards *, ?, [])</
td></
tr>
<
tr><
td><
code>-strcmatch</
code></
td>
<
td>same as <
code>-strmatch</
code>, but case insensitive</
td></
tr>
<
tr><
td><
code>-fnmatch</
code></
td>
<
td>same as <
code>-strmatch</
code>, but slashes are not matched by
<
title>Unary operators</
title>
<
p>Unary operators take one argument and have the form
"<
code>-[a-zA-Z]</
code>",
i.e. a minus and one character.
The name <
em>is</
em> case sensitive.
Modules may register additional unary operators.</
p>
<
table border="1" style="zebra">
<
columnspec><
column width=".2"/><
column width=".2"/><
column width=".6"/></
columnspec>
<
tr><
th>Name</
th><
th>Description</
th><
th>Restricted</
th></
tr>
<
tr><
td><
code>-d</
code></
td>
<
td>The argument is treated as a filename.
True if the file exists and is a directory</
td><
td>yes</
td></
tr>
<
tr><
td><
code>-e</
code></
td>
<
td>The argument is treated as a filename.
True if the file (or dir or special) exists</
td><
td>yes</
td></
tr>
<
tr><
td><
code>-f</
code></
td>
<
td>The argument is treated as a filename.
True if the file exists and is regular file</
td><
td>yes</
td></
tr>
<
tr><
td><
code>-L</
code></
td>
<
td>The argument is treated as a filename.
True if the file exists and is symlink</
td><
td>yes</
td></
tr>
<
tr><
td><
code>-h</
code></
td>
<
td>The argument is treated as a filename.
True if the file exists and is symlink
(same as <
code>-L</
code>)</
td><
td>yes</
td></
tr>
<
tr><
td><
code>-F</
code></
td>
<
td>True if string is a valid file, accessible via all the server's
currently-configured access controls for that path. This uses an
internal subrequest to do the check, so use it with care - it can
impact your server's performance!</
td><
td></
td></
tr>
<
tr><
td><
code>-U</
code></
td>
<
td>True if string is a valid URL, accessible via all the server's
currently-configured access controls for that path. This uses an
internal subrequest to do the check, so use it with care - it can
impact your server's performance!</
td><
td></
td></
tr>
<
tr><
td><
code>-A</
code></
td>
<
td>Alias for <
code>-U</
code></
td><
td></
td></
tr>
<
tr><
td><
code>-n</
code></
td>
<
td>True if string is not empty</
td><
td></
td></
tr>
<
tr><
td><
code>-z</
code></
td>
<
td>True if string is empty</
td><
td></
td></
tr>
<
tr><
td><
code>-T</
code></
td>
<
td>False if string is empty, "<
code>0</
code>", "<
code>off</
code>",
"<
code>false</
code>", or "<
code>no</
code>" (case insensitive).
True otherwise.</
td><
td></
td></
tr>
<
tr><
td><
code>-R</
code></
td>
<
td>Same as "<
code>%{REMOTE_ADDR} -ipmatch ...</
code>", but more efficient
<
p>The operators marked as "restricted" are not available in some modules
like <
module>mod_include</
module>.</
p>
<
p>Normal string-valued functions take one string as argument and return
a string. Functions names are not case sensitive.
Modules may register additional functions.</
p>
<
table border="1" style="zebra">
<
columnspec><
column width=".2"/><
column width=".8"/></
columnspec>
<
tr><
th>Name</
th><
th>Description</
th><
th>Restricted</
th></
tr>
<
tr><
td><
code>req</
code>, <
code>http</
code></
td>
<
td>Get HTTP request header</
td><
td></
td></
tr>
<
tr><
td><
code>resp</
code></
td>
<
td>Get HTTP response header</
td><
td></
td></
tr>
<
tr><
td><
code>reqenv</
code></
td>
<
td>Lookup request environment variable</
td><
td></
td></
tr>
<
tr><
td><
code>osenv</
code></
td>
<
td>Lookup operating system environment variable</
td><
td></
td></
tr>
<
tr><
td><
code>note</
code></
td>
<
td>Lookup request note</
td><
td></
td></
tr>
<
tr><
td><
code>env</
code></
td>
<
td>Return first match of <
code>note</
code>, <
code>reqenv</
code>,
<
code>osenv</
code></
td><
td></
td></
tr>
<
tr><
td><
code>tolower</
code></
td>
<
td>Convert string to lower case</
td><
td></
td></
tr>
<
tr><
td><
code>toupper</
code></
td>
<
td>Convert string to uppser case</
td><
td></
td></
tr>
<
tr><
td><
code>escape</
code></
td>
<
td>Escape special characters in %hex encoding</
td><
td></
td></
tr>
<
tr><
td><
code>unescape</
code></
td>
<
td>Unescape %hex encoded string, leaving encoded slashes alone;
return empty string if %00 is found</
td><
td></
td></
tr>
<
tr><
td><
code>file</
code></
td>
<
td>Read contents from a file</
td><
td>yes</
td></
tr>
<
tr><
td><
code>filesize</
code></
td>
<
td>Return size of a file (or 0 if file does not exist or is not
regular file)</
td><
td>yes</
td></
tr>
<
p>The functions marked as "restricted" are not available in some modules
like <
module>mod_include</
module>.</
p>
<
p>In addition to string-valued functions, there are also list-valued functions which
take one string as argument and return a wordlist,
i.e. a list of strings. The wordlist
can be used with the special <
code>-in</
code> operator.
Functions names are not case sensitive.
Modules may register additional functions.</
p>
<
p>There are no built-in list-valued functions. <
module>mod_ssl</
module>
provides <
code>PeerExtList</
code>. See the description of
<
directive module="mod_ssl">SSLRequire</
directive> for details
(but <
code>PeerExtList</
code> is also usable outside
of <
directive module="mod_ssl">SSLRequire</
directive>).</
p>
<
table border="1" style="zebra">
<
columnspec><
column width=".2"/><
column width=".2"/><
column width=".6"/></
columnspec>
<
tr><
th>Name</
th><
th>Alternative</
th> <
th>Description</
th></
tr>
<
tr><
td><
code>-in</
code></
td>
<
td>string contained in string list</
td></
tr>
<
tr><
td><
code>/regexp/</
code></
td>
<
td><
code>m#regexp#</
code></
td>
<
td>Regular expression (the second form allows different delimiters than /)</
td></
tr>
<
tr><
td><
code>/regexp/i</
code></
td>
<
td><
code>m#regexp#i</
code></
td>
<
td>Case insensitive regular expression</
td></
tr>
<
tr><
td><
code>$0 ... $9</
code></
td>
<
td>Regular expression backreferences</
td></
tr>
<
title>Regular expression backreferences</
title>
<
p>The strings <
code>$0</
code> ... <
code>$9</
code> allow to reference
the capture groups from a previously executed, successfully
matching regular expressions. They can normally only be used in the
same expression as the matching regex, but some modules allow special
<
section id="sslrequire">
<
title>Comparison with SSLRequire</
title>
<
p>The <
em>ap_expr</
em> syntax is mostly a superset of the syntax of the
deprecated <
directive module="mod_ssl">SSLRequire</
directive> directive.
The differences are described in <
directive module="mod_ssl">SSLRequire</
directive>'s documentation.</
p>