Full Article:
SetEnvIf Advance Examples
mod_setenvif Variables
These can be used for attribute.
Remote_Host
the hostname (if available) of the client making the request - crawl-66-249-70-24.googlebot.com
Remote_Addr
IP address of the client making the request - 66.249.70.24
Server_Addr
IP address of the server on which the request was received - 208.113.183.103
Request_Method
name of the method being used - GET
Request_Protocol
name and version of the protocol with which the request was made - HTTP/1.1
Request_URI
the resource requested on the HTTP request line -- generally the portion of the URL following the scheme and host portion without the query string - /robots.txt
Populates HTTP_MY_ Variables with mod_setenvif variable values
Code:
SetEnvIfNoCase Remote_Host "(.*)" HTTP_MY_REMOTE_HOST=$1
SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1
SetEnvIfNoCase Server_Addr "(.*)" HTTP_MY_SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.*)" HTTP_MY_REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.*)" HTTP_MY_REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.*)" HTTP_MY_REQUEST_URI=$1
Set REMOTE_HOST to HTTP_HOST
Sets REMOTE_HOST to
http://www.askapache.com if Remote_Addr=208.113.183.103. This can be useful if your server doesn't automatically do a reverse lookup on a remote address, so this way you can tell if the request was internal/from your server.
Code:
SetEnvIf Remote_Addr 208\.113\.183\.103 REMOTE_HOST=www.askapache.com
Allows only if HOST Header is present in request
Code:
SetEnvIfNoCase ^HOST$ .+ HTTP_MY_HAS_HOST
Order Deny,Allow
Deny from All
Allow from env=HTTP_MY_HAS_HOST
or
Code:
SetEnvIfNoCase Host .+ HTTP_MY_HAS_HOST
Order Deny,Allow
Deny from All
Allow from env=HTTP_MY_HAS_HOST
Add values from HTTP Headers
Code:
SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1
Set the REDIRECT_STATUS for Interpreter Security
This is useful in disallowing direct access to interpreters like shell scripts, cgi scripts, and other interpreters. Only works this way if you have a static IP for your server. So the only way to access these files is by instructing the server itself to request the file, using an Action directive or by requesting the file through a .php or other script using curl or wget, or something like fsockopen.
Code:
<FilesMatch "\.(cgi|sh|pl)$">
SetEnvIfNoCase Remote_Addr 208\.113\.183\.103 REDIRECT_STATUS
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>
Block Bad Bots
Can be useful if your site is getting hammered by spambots. Some nice examples from around the net are at Fight Blog Spam With Apache
Keep in mind the HTTP_USER_AGENT is directly from the client, so its easy to spoof / change. Instead use mod_security for a much better solution.
Code:
SetEnvIfNoCase User-Agent "^Bandit" bad_bot
SetEnvIfNoCase User-Agent "^Baiduspider" bad_bot
SetEnvIfNoCase User-Agent "^BatchFTP" bad_bot
SetEnvIfNoCase User-Agent "^Bigfoot" bad_bot
SetEnvIfNoCase User-Agent "^Black.Hole" bad_bot
Order Allow,Deny
Allow from All
Deny from env=bad_bot
Allow Search robots
This does the opposite of above, allowing ONLY these web robots access. Other than rogue robots, configuring your robots.txt file correctly will keep most robots where you want them.
Code:
SetEnvIfNoCase User-Agent .*google.* search_robot
SetEnvIfNoCase User-Agent .*yahoo.* search_robot
SetEnvIfNoCase User-Agent .*bot.* search_robot
SetEnvIfNoCase User-Agent .*ask.* search_robot
Order Deny,Allow
Deny from All
Allow from env=search_robot
Register
Login
