Secure Sockets Layer environment variables
The mod_ibm_ssl parameter provides access to information about an Secure Sockets Layer (SSL) session by setting variables in the Apache API subprocess_env table for the active request. These variables are considered environment variables because of how information is accessed when the variables are passed to CGI applications.
You can categorize SSL environment variables into three types based
on the type of information that is accessed when the variable is passed
to the application.
- Variables for information regarding the SSL handshake
- Variables for exposing the server certificate information
- Variables for exposing client certificate information, when client authentication is enabled.
The following table provides the types of access to information
as well as the mechanisms used to access information using SSL environment
variables.
Access type | Mechanism |
---|---|
access from a CGI or FastCGI application | The information is passed to the CGI application
as an environment variable. Use the method provided by the implementation
language for accessing environments, such as getenv ("HTTPS") in
C or $ENV{'HTTPS'} in Perl. For a SSL environment
variable to be used in CGI or FastCGI, there must be a corresponding
PassEnv directive. |
access from a plug-in module | The information is available in the subprocess_env
table after the quick handler has run. Access it with a call such
as apr_table_lookup (r->subprocess_env,"HTTPS") |
logging in the access log with other information about the request | Use the following %{varname}e example. If the information is not available,
mod_log_config logs a dash (-) for the field. |
use with the setenvif variable | # Silly example, don't compress SSL connections
|
use as part of a mod_rewrite rule variable |
|
access in an SSI document | In order for an SSL environment variable to
be used in an SSI document, there must be a corresponding PassEnv
directive.
|
access control | Allow from env=HTTPS |