Apache-enviroment variables

Apache-enviroment variables

Post by blai » Tue, 09 Jul 1996 04:00:00



What  process starts the Apache daemon and how would you set enviroment
variables in that process?
Thanks,
Blair

 
 
 

Apache-enviroment variables

Post by ivan pulle » Tue, 09 Jul 1996 04:00:00


: What  process starts the Apache daemon and how would you set enviroment
: variables in that process?
: Thanks,
: Blair

The process that starts up Apache is up to you :) Usually it is in an
/etc/rc* file of some sort. This is irrelevent, however, because Apache
only passes certain specific environment variables on to the CGI processes.
( I am assuming you need this to pass something on to a CGI? ). This practice
was probably adopted for security reasons. Try running a CERN server that
you start from the command line. Then run a script that echoes back the
current environment. You will see much that is not useful, or even dangerous
to advertise, like the user's $PATH, etc. It also could have performance
benefits since getenv() inside a CGI traverses a much smaller search space
each time it is called.

What you want to do is look at the PassEnv and SetEnv directives available in
httpd.conf. For instance, I have:

SetEnv IMAGE_DIR /usr/local/www/ihs_images/

Which is needed by one of my CGI programs. PassEnv is like SetEnv, only it
passes on the current value of the environment variable rather than sets it.

Ivan...

--
Ivan Pulleyn          work: Millennium Computer   home:  44 Anthony Street  

http://www.torpid.com/      Pittsford, NY 14534          716 235-1206        
sle3p                       716 248-0510                                    

 
 
 

Apache-enviroment variables

Post by blai » Wed, 10 Jul 1996 04:00:00




> : What  process starts the Apache daemon and how would you set enviroment
> : variables in that process?
> : Thanks,
> : Blair

> The process that starts up Apache is up to you :) Usually it is in an
> /etc/rc* file of some sort. This is irrelevent, however, because Apache
> only passes certain specific environment variables on to the CGI processes.
> ( I am assuming you need this to pass something on to a CGI? ). This practice
> was probably adopted for security reasons. Try running a CERN server that
> you start from the command line. Then run a script that echoes back the
> current environment. You will see much that is not useful, or even dangerous
> to advertise, like the user's $PATH, etc. It also could have performance
> benefits since getenv() inside a CGI traverses a much smaller search space
> each time it is called.

> What you want to do is look at the PassEnv and SetEnv directives available in
> httpd.conf. For instance, I have:

> SetEnv IMAGE_DIR /usr/local/www/ihs_images/

> Which is needed by one of my CGI programs. PassEnv is like SetEnv, only it
> passes on the current value of the environment variable rather than sets it.

> Ivan...

> --
> Ivan Pulleyn          work: Millennium Computer   home:  44 Anthony Street

> http://www.torpid.com/      Pittsford, NY 14534          716 235-1206
> sle3p                       716 248-0510Great advice thanks.

But Apache version 1.0.5 doesn't support SetEnv or PassEnv.
Currently updating version to 1.1 which supports. But still
curious how this would work if you did not want to update
version to 1.1 or did not know you could.
thanks,
Curious,
Blair
 
 
 

1. Is it possible to spoof Apache enviroment variables?

Hi there,

I have a Perl program that for security reasons I want to have callable
only through an HTTPS (secure) connection and only by me from my IP.  

Now inside the program I check for the Apache environment variable called
HTTPS which only exists if the HTTPS protocol is being used to call the
program.  I also check for my IP in the REMOTE_ADDR variable.  

I guess I am wondering if it is relatively easy to spoof the Apache HTTPS
variable so that a hacker can bypass the need to call my program securely
and whether a hacker could likewise set the REMOTE_ADDR variable to any
value they wanted, regardless of what the requesting IP address was?  

If they can do that how would they go about this?  

Any insight on this would be greatly appreciated.  

Thanks.

---
Carlos

2. Actually....

3. apache enviroment variable for authentication

4. Problems with filenames with blanks in find + while read

5. Help needed setting enviroment variables

6. Swap File Partition Size Limit?

7. Quick question about enviroment variables

8. mac68k: where is kernel and X?

9. How to set TEXINPUTS enviroment variables?

10. Home enviroment variable

11. Help, how to set a enviroment variable

12. KDevelop and enviroment variables

13. Script variable --> enviroment?!