.htaccess tutorial

htaccess Elite


SetEnvIf Examples

The use of these awesome and useful mod_env directives and mod_setenvif directives setenvif

SetEnvIf Examples

Postby produke » 28 Nov 2006 03:55

Syntax examples
Code: Select all
SetEnvIf Request_URI "\.gif$" object_is_image=gif
SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
SetEnvIf Referer www\.mydomain\.com intra_site_referral
SetEnvIf object_is_image xbm XBIT_PROCESSING=1
SetEnvIf ^TS* ^[a-z].* HAVE_TS


The first three will set the environment variable object_is_image if the request was for an image file, and the fourth sets intra_site_referral if the referring page was somewhere on the http://www.mydomain.com Web site.

The last example will set environment variable HAVE_TS if the request contains any headers that begin with "TS" whose values begins with any character in the set [a-z].


Do not log requests for images in the access log

Code: Select all
SetEnvIf Request_URI \.gif image-request
SetEnvIf Request_URI \.jpg image-request
SetEnvIf Request_URI \.png image-request
CustomLog logs/access_log common env=!image-request



Prevent Image Theft/hotlinking
Code: Select all
SetEnvIf Referer "^http://www.example.com/" local_referal
# Allow browsers that do not send Referer info
SetEnvIf Referer "^$" local_referal
Order Deny,Allow
Deny from all
Allow from env=local_referal



Missing Host: Header Fields

Code: Select all
SetEnvIf Host "^$" no_host=1
Order Allow,Deny
Allow from all
Deny from env=no_host
RewriteCond "%{HTTP_HOST}" "^$"
RewriteRule ".*" - [F,L]



All modern browsers automatically include this field, so only custom-written or very old clients are likely to encounter this issue.

This will send a 403 Forbidden status to any requests without the host header


Prevent requesting partial downloads

Code: Select all
SetEnvIf "Range" "." partial_req
Order Allow,Deny
Allow from all
Deny from env=partial_req
RewriteCond "%{HTTP:RANGE}" "."
RewriteRule ".*" - [F,L]

This sets the partial_req variable if the request header includes a Range field. The Deny directive causes the request to be answered with a 403 Forbidden status if set.




Example:

Code: Select all
SetEnvIf Referer ^82\.$ banned
SetEnvIf Referer ^199\.$ bannned
<Files *>
Order Deny,Allow
Deny from env=banned
</Files>



If you use a custom 403 page, then you'll need to allow these guys to get it, Example:

Code: Select all
SetEnvIf Referer ^82\.$ banned
SetEnvIf Referer ^199\.$ banned
SetEnvIf Request_URI ^forbidden\.html$ allowed
<Files *>
Order Deny,Allow
Deny from env=banned
Allow from env=allowed
</Files>




These are the operators:

SetEnvIf Referer - the IP address of the client making the request
SetEnvIf Remote_Host - the hostname of client making the request
SetEnvIf Remote_Addr - the website having the link
SetEnvIf Remote_User - the authenticated username (if available)
SetEnvIf Request_Method - the name of the method being used (GET, POST, et cetera)
SetEnvIf Request_URI - the portion of the URL following the scheme and host portion



http://httpd.apache.org/docs/1.3/mod/mod_setenvif.html
User avatar
produke
 
Posts: 242
Joined: 25 Sep 2006 04:48

Postby mod_rewrite » 14 Aug 2007 06:21

Code: Select all
errordocument 401 /error-subdirectory/401.html
AuthType Basic
AuthName "site"
AuthUserFile <path to .htpasswd>
AuthGroupFile /dev/null
Require valid-user
SetEnvIf Request_URI "^/(error-subdirectory/401\.html¦robots\.txt)$" allow_all
Order allow,deny
Allow from env=allow_all
Satisfy any
mod_rewrite
 
Posts: 102
Joined: 30 Oct 2006 19:55


Return to SetEnvIf, SetEnv, PassEnv, UnsetEnv