在.htaccess中设置一个环境变量,并在PHP中检索它

时间:2023-01-06 23:19:44

I am trying to set an environment variable in an .htaccess file and retrieve it in PHP. I've looked through a bunch of other threads here on SO but everything I've tried so far has failed.

我试图在.htaccess文件中设置一个环境变量,并在PHP中检索它。我已经查过了这里的一些其他的线程,但是到目前为止我所尝试的一切都失败了。

I've added this line to the .htaccess file:

我在。htaccess文件中添加了这一行:

SetEnv SPECIAL_PATH /foo/bin

I have tried retrieving this value using the getenv() PHP function:

我尝试使用getenv() PHP函数检索这个值:

<?php $specialPath = getenv('SPECIAL_PATH'); ?>

I have runned phpinfo() to see the list of available environment variables, SPECIAL_PATH is not there. I am puzzled as to why this is not working.

我已经运行了phpinfo()以查看可用环境变量的列表,SPECIAL_PATH不存在。我搞不懂这为什么不起作用。

Thank you!

谢谢你!

2 个解决方案

#1


24  

Assuming your configuration has AllowOverrides with .htaccess, you must enable mod_env in Apache for this to work.

假设您的配置具有.htaccess的AllowOverrides,您必须在Apache中启用mod_env才能让它发挥作用。

Apache - mod_env

Apache - mod_env

#2


6  

Apache Docs custom-error.html covers environment variables passed to error handling pages

Apache文档自定义错误。html包含传递给错误处理页面的环境变量

Says "REDIRECT_ environment variables are created from the environment variables which existed prior to the redirect. They are renamed with a REDIRECT_ prefix, i.e., HTTP_USER_AGENT becomes REDIRECT_HTTP_USER_AGENT."

表示“REDIRECT_环境变量是从重定向之前存在的环境变量创建的。它们被重命名为REDIRECT_前缀,即。,HTTP_USER_AGENT REDIRECT_HTTP_USER_AGENT。”

Says "None of these will be set if the ErrorDocument target is an external redirect (anything starting with a scheme name like http:, even if it refers to the same host as the server)."

说“如果ErrorDocument目标是一个外部重定向(任何以http:这样的方案名称开头的东西,即使它引用的主机与服务器相同),这些都不会被设置。”

Says about SetEnv: "The internal environment variables set by this directive are set after most early request processing directives are run, such as access control and URI-to-filename mapping. If the environment variable you're setting is meant as input into this early phase of processing such as the RewriteRule directive, you should instead set the environment variable with SetEnvIf."

说到SetEnv:“这个指令设置的内部环境变量是在运行大多数早期请求处理指令之后设置的,比如访问控制和uri到文件名映射。如果您正在设置的环境变量是作为处理的早期阶段(如RewriteRule指令)的输入,那么您应该使用SetEnvIf设置环境变量。

On some servers, user-declared environment variables must start with 'HTTP_' for security purposes, e.g.: SetEnv HTTP_MY_VARIABLE "my value"

在某些服务器上,出于安全目的,用户声明的环境变量必须以“HTTP_”开头,例如:SetEnv HTTP_MY_VARIABLE“my value”

Here are some .htaccess ways of setting and using server environment variables, taken from my modifying the Perishable Press 5G Blacklist/Firewall http://perishablepress.com/5g-blacklist-2013/ to use environment variable reporting:

以下是一些设置和使用服务器环境变量的.htaccess方法,取自我对易坏的Press 5G黑名单/防火墙http://perishablepress.com/5g-blacklist-2013/的修改,用于使用环境变量报告:

SetEnv myServerName %{SERVER_NAME}

RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig|open_basedir) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [E=badQueryString:%0--%1--%2,F,L]

SetEnvIfNoCase User-Agent ^$ noUserAgent
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) badUserAgent=$1

<limit GET POST PUT>
  Order Allow,Deny
  Allow from all
  Deny from env=badUserAgent
</limit>

Notice the use of paramters, e.g. $0--%1--%2. %0 gives the full string, %1 gives the match from the 1st parenthesized statement, %2 the 2nd. The hyphens are literal display characters, to visually separate parameter results (don't think is any way to put spaces in there).

注意参数的使用,例如$0—%1—%2。%0给出了完整的字符串,%1给出了与第一个圆括号声明的匹配,%2第2个。连字符是文字显示字符,以视觉上单独的参数结果(不认为是任何方式在那里放空格)。


Here are some PHP methods of accessing the environment variables (in my case from 403.php and 404.php). Note that you don't look in phpinfo(), but in $SERVER, and that your variables get prefixed with REDIRECT Note also that with a 403/404 redirect, the QUERY_STRING becomes REDIRECT_QUERY_STRING This is stuff that could easily be server dependent, so check $_SERVER for your actual values. For example,

下面是一些访问环境变量的PHP方法(在我的例子中是403)。php和404. php)。注意,您没有在phpinfo()中查找,而是在$SERVER中,并且您的变量以REDIRECT作为前缀,还注意到,在403/404重定向中,QUERY_STRING变成REDIRECT_QUERY_STRING,这是很容易与服务器相关的东西,所以请检查$_SERVER的实际值。例如,

if (getenv("HTTP_REFERER") !== FALSE) {
    $httpref = getenv("HTTP_REFERER");
} else {
    $httpref = '';
}
if (isset($_SERVER['REDIRECT_STATUS'])) {
    $status = $_SERVER['REDIRECT_STATUS'];
} else {
    $status = '';
}
if (isset($_SERVER['REMOTE_HOST'])) {
    $remoteHost = $_SERVER['REMOTE_HOST'];
} else {
    $remoteHost = '';
}

if (isset($_SERVER['REDIRECT_QUERY_STRING'])) {
    $querystring = $_SERVER['REDIRECT_QUERY_STRING'];
} else {
    $querystring = '';
}

if (isset($_SERVER['REDIRECT_noUserAgent']) ) {
    $htaccessErrors[] = 'NoUserAgent';
}
if (getenv("REDIRECT_badQueryString") !== FALSE) {
/* must exactly match what shows up in $_SERVER, is case sensitive (e.g. badQueryString not BadQueryString) */
    $htaccessErrors[] = 'badQueryString:'.getenv("REDIRECT_badQueryString");
}

I cover in some depth in http://lcblog.lernerconsult.com/2013-server-alert-you-file-not-found-errors/

我将在http://lcblog.lernerconsult.com/2013-server-alert-you-file-not found-errors/中深入介绍

#1


24  

Assuming your configuration has AllowOverrides with .htaccess, you must enable mod_env in Apache for this to work.

假设您的配置具有.htaccess的AllowOverrides,您必须在Apache中启用mod_env才能让它发挥作用。

Apache - mod_env

Apache - mod_env

#2


6  

Apache Docs custom-error.html covers environment variables passed to error handling pages

Apache文档自定义错误。html包含传递给错误处理页面的环境变量

Says "REDIRECT_ environment variables are created from the environment variables which existed prior to the redirect. They are renamed with a REDIRECT_ prefix, i.e., HTTP_USER_AGENT becomes REDIRECT_HTTP_USER_AGENT."

表示“REDIRECT_环境变量是从重定向之前存在的环境变量创建的。它们被重命名为REDIRECT_前缀,即。,HTTP_USER_AGENT REDIRECT_HTTP_USER_AGENT。”

Says "None of these will be set if the ErrorDocument target is an external redirect (anything starting with a scheme name like http:, even if it refers to the same host as the server)."

说“如果ErrorDocument目标是一个外部重定向(任何以http:这样的方案名称开头的东西,即使它引用的主机与服务器相同),这些都不会被设置。”

Says about SetEnv: "The internal environment variables set by this directive are set after most early request processing directives are run, such as access control and URI-to-filename mapping. If the environment variable you're setting is meant as input into this early phase of processing such as the RewriteRule directive, you should instead set the environment variable with SetEnvIf."

说到SetEnv:“这个指令设置的内部环境变量是在运行大多数早期请求处理指令之后设置的,比如访问控制和uri到文件名映射。如果您正在设置的环境变量是作为处理的早期阶段(如RewriteRule指令)的输入,那么您应该使用SetEnvIf设置环境变量。

On some servers, user-declared environment variables must start with 'HTTP_' for security purposes, e.g.: SetEnv HTTP_MY_VARIABLE "my value"

在某些服务器上,出于安全目的,用户声明的环境变量必须以“HTTP_”开头,例如:SetEnv HTTP_MY_VARIABLE“my value”

Here are some .htaccess ways of setting and using server environment variables, taken from my modifying the Perishable Press 5G Blacklist/Firewall http://perishablepress.com/5g-blacklist-2013/ to use environment variable reporting:

以下是一些设置和使用服务器环境变量的.htaccess方法,取自我对易坏的Press 5G黑名单/防火墙http://perishablepress.com/5g-blacklist-2013/的修改,用于使用环境变量报告:

SetEnv myServerName %{SERVER_NAME}

RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig|open_basedir) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [E=badQueryString:%0--%1--%2,F,L]

SetEnvIfNoCase User-Agent ^$ noUserAgent
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) badUserAgent=$1

<limit GET POST PUT>
  Order Allow,Deny
  Allow from all
  Deny from env=badUserAgent
</limit>

Notice the use of paramters, e.g. $0--%1--%2. %0 gives the full string, %1 gives the match from the 1st parenthesized statement, %2 the 2nd. The hyphens are literal display characters, to visually separate parameter results (don't think is any way to put spaces in there).

注意参数的使用,例如$0—%1—%2。%0给出了完整的字符串,%1给出了与第一个圆括号声明的匹配,%2第2个。连字符是文字显示字符,以视觉上单独的参数结果(不认为是任何方式在那里放空格)。


Here are some PHP methods of accessing the environment variables (in my case from 403.php and 404.php). Note that you don't look in phpinfo(), but in $SERVER, and that your variables get prefixed with REDIRECT Note also that with a 403/404 redirect, the QUERY_STRING becomes REDIRECT_QUERY_STRING This is stuff that could easily be server dependent, so check $_SERVER for your actual values. For example,

下面是一些访问环境变量的PHP方法(在我的例子中是403)。php和404. php)。注意,您没有在phpinfo()中查找,而是在$SERVER中,并且您的变量以REDIRECT作为前缀,还注意到,在403/404重定向中,QUERY_STRING变成REDIRECT_QUERY_STRING,这是很容易与服务器相关的东西,所以请检查$_SERVER的实际值。例如,

if (getenv("HTTP_REFERER") !== FALSE) {
    $httpref = getenv("HTTP_REFERER");
} else {
    $httpref = '';
}
if (isset($_SERVER['REDIRECT_STATUS'])) {
    $status = $_SERVER['REDIRECT_STATUS'];
} else {
    $status = '';
}
if (isset($_SERVER['REMOTE_HOST'])) {
    $remoteHost = $_SERVER['REMOTE_HOST'];
} else {
    $remoteHost = '';
}

if (isset($_SERVER['REDIRECT_QUERY_STRING'])) {
    $querystring = $_SERVER['REDIRECT_QUERY_STRING'];
} else {
    $querystring = '';
}

if (isset($_SERVER['REDIRECT_noUserAgent']) ) {
    $htaccessErrors[] = 'NoUserAgent';
}
if (getenv("REDIRECT_badQueryString") !== FALSE) {
/* must exactly match what shows up in $_SERVER, is case sensitive (e.g. badQueryString not BadQueryString) */
    $htaccessErrors[] = 'badQueryString:'.getenv("REDIRECT_badQueryString");
}

I cover in some depth in http://lcblog.lernerconsult.com/2013-server-alert-you-file-not-found-errors/

我将在http://lcblog.lernerconsult.com/2013-server-alert-you-file-not found-errors/中深入介绍