Valid HTTP Variables for IIS and Apache on iSeries

Date:November 2007
Product/Release:LANSA for the Web - All Versions
Abstract:Valid HTTP Variables for IIS and Apache on iSeries
Submitted By:LANSA Technical Support

List of Valid HTTP Variables:

IIS:

VariableDescription
ALL_HTTPAll HTTP headers sent by the client.
ALL_RAWRetrieves all headers in raw form. The difference between ALL_RAW and ALL_HTTP is that ALL_HTTP places an HTTP_ prefix before the header name and the header name is always capitalized. In ALL_RAW the header name and values appear as they are sent by the client.
APP_POOL_IDReturns the name of the application pool that is running in the IIS worker process that is handling the request. There is also an APP_POOL_ID environment variable that is available to applications that are running in the IIS worker process.
IIS 5.1 and earlier: This server variable is not available.
APPL_MD_PATHRetrieves the metabase path of the application.
APPL_PHYSICAL_PATHRetrieves the physical path corresponding to the metabase path in APPL_MD_PATH.
AUTH_PASSWORDThe value entered in the client's authentication dialog. This variable is available only if Basic authentication is used.
AUTH_TYPEThe authentication method that the server uses to validate users when they attempt to access a protected script.

It does not mean that the user was authenticated if AUTH_TYPE contains a value and the authentication scheme is not Basic or integrated Windows authentication. The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme.
AUTH_USERThe name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from REMOTE_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
CACHE_URLFor use in ISAPI applications only. Returns the unambiguous name for the current URL. It is necessary to use the Unicode version of this variable in conjunction with the kernel mode cache invalidation function to evict entries placed in the cache by HSE_REQ_VECTOR_SEND.

Note:
The server variable "UNICODE_CACHE_URL" is used in conjunction with the cach invalidation function retrieved by the HSE_REQ_GET_CACHE_INVALIDATION_CALLBACK function. This function invalidates responses cached in HTTP.SYS, whether those responses are produced by requests or by ISAPIs calling HSE_REQ_VECTOR_SEND.
CERT_COOKIEUnique ID for the client certificate, returned as a string. This can be used as a signature for the whole client certificate.
CERT_FLAGSbit0 is set to 1 if the client certificate is present.
 
bit1 is set to 1 if the certification authority of the client certificate is invalid (that is, it is not in the list of recognized certification authorities on the server).
 
If bit 1 of CERT_FLAGS is set to 1, indicating that the certificate is invalid, IIS version 4.0 and later will reject the certificate. Earlier versions of IIS will not reject the certificate.
CERT_ISSUERIssuer field of the client certificate (O=MS, OU=IAS, CN=user name, C=USA).
CERT_KEYSIZENumber of bits in the Secure Sockets Layer (SSL) connection key size. For example, 128.
CERT_SECRETKEYSIZENumber of bits in server certificate private key. For example, 1024.
CERT_SERIALNUMBERSerial number field of the client certificate.
CERT_SERVER_ISSUERIssuer field of the server certificate.
CERT_SERVER_SUBJECTSubject field of the server certificate.
CERT_SUBJECTSubject field of the client certificate.
CONTENT_LENGTHThe length of the content as given by the client.
CONTENT_TYPEThe data type of the content. Used with queries that have attached information, such as the HTTP queries GET, POST, and PUT.
GATEWAY_INTERFACEThe revision of the CGI specification used by the server. The format is CGI/revision.
HEADER_<HeaderName>The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HEADER_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers. 
 
Note: Unlike HTTP_<HeaderName>, all characters in HEADER_<HeaderName> are interpreted as-is. For example, if you specify HEADER_MY_HEADER, the server searches for a request header named MY_HEADER.
IIS 5.1 and earlier: This server variable is not available.
HTTP_<HeaderName>The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HTTP_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers.
 
Note: The server interprets any underscore (_) characters in <HeaderName> as dashes in the actual header. For example, if you specify HTTP_MY_HEADER, the server searches for a request header named MY-HEADER.
HTTP_ACCEPT Returns the value of the Accept header that contains a list of accepted formats, for example, "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel". The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,).
HTTP_ACCEPT_ENCODINGReturns a list of accepted encoding types, for example, "gzip, deflate".
HTTP_ACCEPT_LANGUAGEReturns a string describing the language to use for displaying content.
HTTP_CONNECTIONReturns a string describing the connection type, for example, "Keep-Alive".
HTTP_COOKIEReturns the cookie string that was included with the request.
HTTP_HOSTReturns the name of the Web server. This may or may not be the same as SERVER_NAME depending on type of name resolution you are using on your Web server (IP address, host header).
HTTP_METHODThe method used to make the request (same as REQUEST_METHOD).
HTTP_REFERERReturns a string that contains the URL of the page that referred the request to the current page using an HTML <A> tag. Note that the URL is the one that the user typed into the browser address bar, which may not include the name of a default document.
 
If the page is redirected, HTTP_REFERER is empty.
 
HTTP_REFERER is not a mandatory member of the HTTP specification.
HTTP_URLReturns the raw, encoded URL, for example, "/vdir/default.asp?querystring".
HTTP_USER_AGENTReturns a string describing the browser that sent the request.
HTTP_VERSIONThe name and version of the request protocol (the raw form of SERVER_PROTOCOL).
HTTPSReturns ON if the request came in through a secure channel (for example, SSL); or it returns OFF, if the request is for an insecure channel.
HTTPS_KEYSIZENumber of bits in the SSL connection key size. For example, 128.
HTTPS_SECRETKEYSIZENumber of bits in the server certificate private key. For example, 1024.
HTTPS_SERVER_ISSUERIssuer field of the server certificate.
HTTPS_SERVER_SUBJECTSubject field of the server certificate.
INSTANCE_IDThe ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. You can use this variable to retrieve the ID of the Web server instance (in the metabase) to which the request belongs.
INSTANCE_META_PATHThe metabase path for the instance of IIS that responds to the request.
LOCAL_ADDRReturns the server address on which the request came in. This is important on computers where there can be multiple IP addresses bound to the computer, and you want to find out which address the request used.
LOGON_USERThe Windows account that the user is impersonating while connected to your Web server. Use REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed.
PATH_INFOPath information, as given by the client, for example, "/vdir/myisapi.dll/zip". If this information comes from a URL, it is decoded by the server before it is passed to the CGI script or ISAPI filter.

If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI applications such as ASP will break.
PATH_TRANSLATEDThe physical path that maps to the virtual path in PATH_INFO, for example, "c:\inetpub\wwwroot\vdir\myisapi.dll". This variable is used by IIS during the processing of ISAPI applications. If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI applications such as ASP will break.
QUERY_STRINGQuery information stored in the string following the question mark (?) in the HTTP request.
REMOTE_ADDRThe IP address of the remote host that is making the request.
REMOTE_HOSTThe name of the host that is making the request. If the server does not have this information, it will set REMOTE_ADDR and leave this empty.
REMOTE_PORTThe client port number of the TCP connection.
REMOTE_USERThe name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
REQUEST_METHODThe method used to make the request. For HTTP, this can be GET, HEAD, POST, and so on.
SCRIPT_NAMEA virtual path to the script being executed, for example, "/vdir/default.asp". This is used for self-referencing URLs.
SCRIPT_TRANSLATEDThe canonical physical path to the script listed in SCRIPT_NAME, for example:
"\\?\c:\inetpub\wwwroot\vdir\default.asp".
IIS 5.1 and earlier: This server variable is not available.
SERVER_NAMEThe server's host name, DNS alias, or IP address as it would appear in self-referencing URLs.
SERVER_PORTThe server port number to which the request was sent.
SERVER_PORT_SECUREA string that contains either 0 or 1. If the request is being handled on the secure port, then this is 1. Otherwise, it is 0.
SERVER_PROTOCOLThe name and revision of the request information protocol. The format is protocol/revision. (The canonicalized form of HTTP_VERSION.)
SERVER_SOFTWAREThe name and version of the server software that answers the request and runs the gateway. The format is name/version.
SSI_EXEC_DISABLEDReturns a 1 if the server-side include directive, #exec, is disabled. Otherwise, SSI_EXE_DISABLED returns a 0. To enable or disable #exec, use the SSIExecDisablemetabase property.
IIS 5.1 and earlier: This server variable is not available.
UNENCODED_URLReturns the raw, unencoded URL, for example, "/vdir/default.asp?querystring.
IIS 4.0 and earlier: This server variable is not available.
UNICODE_<ServerVariable Name>In unicode ISAPI applications only, it is possible to retrieve server variable values as unicode values by prepending "UNICODE_" to the name of the server variable, unless the variable starts with "HTTP_" or "HEADER_".
IIS 5.1 and earlier: This server variable is not available.
UNMAPPED_REMOTE_USERThe name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account (same as REMOTE_USER). If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
URLGives the base portion of the URL, without any querystring or extra path information, for example, "/vdir/default.asp".
For the raw URL, use HTTP_URL or UNENCODED_URL.
URL_PATH_INFOUse PATH_INFO instead.
Note: This server variable is only available on IIS 5.0.

Information extracted from: http://msdn2.microsoft.com/en-us/library/ms524602.aspx

Apache on iSeries:

The following environment variables are not request-specific and are set for all requests:

  • SERVER_SOFTWARE
    The name and version of the information server software answering the request (and running the gateway). Format: name/version
     
  • SERVER_NAME
    The server's hostname, DNS alias, or IP address as it would appear in self-referencing URLs.
     
  • GATEWAY_INTERFACE
    The revision of the CGI specification to which this server complies. Format: CGI/revision

The following environment variables are specific to the request being fulfilled by the gateway program:

  • SERVER_PROTOCOL
    The name and revision of the information protcol this request came in with. Format: protocol/revision
     
  • SERVER_PORT
    The port number to which the request was sent.
     
  • REQUEST_METHOD
    The method with which the request was made. For HTTP, this is "GET", "HEAD", "POST", etc.
     
  • PATH_INFO
    The extra path information, as given by the client. In other words, scripts can be accessed by their virtual pathname, followed by extra information at the end of this path. The extra information is sent as PATH_INFO. This information should be decoded by the server if it comes from a URL before it is passed to the CGI script.
     
  • PATH_TRANSLATED
    The server provides a translated version of PATH_INFO, which takes the path and does any virtual-to-physical mapping to it.
     
  • SCRIPT_NAME
    A virtual path to the script being executed, used for self-referencing URLs.
     
  • QUERY_STRING
    The information which follows the ? in the URL which referenced this script. This is the query information. It should not be decoded in any fashion. This variable should always be set when there is query information, regardless of command line decoding.
     
  • REMOTE_HOST
    The hostname making the request. If the server does not have this information, it should set REMOTE_ADDR and leave this unset.
     
  • REMOTE_ADDR
    The IP address of the remote host making the request.
     
  • AUTH_TYPE
    If the server supports user authentication, and the script is protects, this is the protocol-specific authentication method used to validate the user.
     
  • REMOTE_USER
    If the server supports user authentication, and the script is protected, this is the username they have authenticated as.
     
  • REMOTE_IDENT
    If the HTTP server supports RFC 931 identification, then this variable will be set to the remote user name retrieved from the server. Usage of this variable should be limited to logging only.
     
  • CONTENT_TYPE
    For queries which have attached information, such as HTTP POST and PUT, this is the content type of the data.
     
  • CONTENT_LENGTH
    The length of the said content as given by the client.

In addition to these, the header lines received from the client, if any, are placed into the environment with the prefix HTTP_ followed by the header name. Any - characters in the header name are changed to _ characters. The server may exclude any headers which it has already processed, such as Authorization, Content-type, and Content-length. If necessary, the server may choose to exclude any or all of these headers if including them would exceed any system environment limits.

An example of this is the HTTP_ACCEPT variable which was defined in CGI/1.0. Another example is the header User-Agent.

  • HTTP_ACCEPT
    The MIME types which the client will accept, as given by HTTP headers. Other protocols may need to get this information from elsewhere. Each item in this list should be separated by commas as per the HTTP spec.

    Format: type/subtype, type/subtype
     
  • HTTP_USER_AGENT
    The browser the client is using to send the request. General format:
    software/version library/version
    .

Information extracted from: http://www-03.ibm.com/systems/i/software/http/