Google
A A A A A
WEB ARTICLES
2 bounce or...
Anti Virus Advice
Apache Configuration
Dual booting an Acer Aspire
Fluid Tables
Freeware
HTML e-mail is EVIL
Online Security
Netiquette
RAMpage
Spam Fighting
SSIs & XSSIs
SSI, XSSI & CGI variables
Tips


Follow georgedillon on Twitter







 

Alphabetical list of variables

This is a list of the environment variables available to SSI and XSSI (including CGI variables), with descriptions and examples below:

 

AUTH_TYPE   HTTP_ ACCEPT _LANGUAGE   REMOTE_PORT
COMSPEC   HTTP_CONNECTION   REMOTE_USER
CONFIG TIMEFMT   HTTP_HOST   REQUEST_METHOD
CONTENT_LENGTH   HTTP_REFERER   REQUEST_URI
CONTENT_TYPE   HTTP_USER_AGENT   SCRIPT_FILENAME
DATE_GMT   LAST_MODIFIED   SCRIPT_NAME
DATE_LOCAL   PAGE_COUNT   SERVER_ADDR
DOCUMENT_NAME   PATH   SERVER_ADMIN
DOCUMENT_PATH_INFO   PATH_INFO   SERVER_NAME
DOCUMENT_ROOT   PATH_TRANSLATED   SERVER_PORT
DOCUMENT_URI   PRINTENV   SERVER_PROTOCOL
flastmod   QUERY_STRING   SERVER_SIGNATURE
fsize   QUERY_STRING _UNESCAPED   SERVER_SOFTWARE
GATEWAY_INTERFACE   REMOTE_ADDR   TOTAL_HITS
HTTP_ACCEPT   REMOTE_HOST   UNIQUE_ID
HTTP_ACCEPT _ENCODING   REMOTE_IDENT   USER_INFO



Please note - I'm no guru - I've just collected this stuff together from various sources on and off the web and put it on one page, primarily for my own reference. Feel free to copy, save and/or print this page, but please don't ask me for help ;o)
(?) before a description indicates I have included it without understanding it myself ... so your guess is as good as mine as to what it really means!
In nearly all cases the last line is a live example (but in a few cases where I have been unsure about the security sensitivity of disclosing information about my server, I have put [RISK ?] instead of an active example).



  Back to top    Back to top

SSI environment variables

These are the 6 SSI environment variables


DATE_LOCAL - Current date and time in the local time zone.

<!--#echo var="DATE_LOCAL" -->

 Tuesday, 25-Nov-2014 18:06:03 CST


DATE_GMT - Current date and time in GMT (Greenwich Mean Time).

<!--#echo var="DATE_GMT" -->

 Wednesday, 26-Nov-2014 00:06:03 GMT


LAST_MODIFIED - Last modification date and time for current file.

<!--#echo var="LAST_MODIFIED" -->

 Sunday, 19-Mar-2006 14:24:49 CST


DOCUMENT_URI - Virtual path (i.e.path relative to the site root) to the file.

<!--#echo var="DOCUMENT_URI" -->

 /web/ssivar.shtml


DOCUMENT_NAME - The current filename.

<!--#echo var="DOCUMENT_NAME" -->

 ssivar.shtml


QUERY_STRING_UNESCAPED - Undecoded query string with all shell metacharacters escaped with a "\".

<!--#echo var="QUERY_STRING_UNESCAPED" -->

 (none)



These two are, strictly speaking, SSI directives and not variables, but I have included them here for ease of reference. Note that these do not use 'echo var=' in their arguments.


fsize - Returns the size of specified file, for the example below we have used our home page. Also I have shown the different results acquired using the #config directive.

<!--#fsize virtual="/index.shtml" -->

  11K

<!--#config sizefmt="bytes"-->
<!--#fsize virtual="/index.shtml" -->

 11,630

<!--#config sizefmt="abbrev"-->
<!--#fsize virtual="/index.shtml" -->b

  11Kb


flastmod - Returns the last modifition date of specified file. Again I have used my home page as an example, and illustrated a few of the possibilities of using #config. At the bottom of this page is a table of all the timefmt options.


<!--#flastmod virtual="/index.shtml" -->

 Friday, 16-Dec-2011 09:34:29 CST


<!--#config timefmt="%r %A %B %D"-->
<!--#flastmod virtual="/index.shtml" -->

 09:34:29 AM Friday December 12/16/11


<!--#config timefmt="%T, %a, %b, %d, %Y"-->
<!--#flastmod virtual="/index.shtml" -->

 09:34:29, Fri, Dec, 16, 2011


<!--#config timefmt="(week %U day %w) %y:%j:%H:%M:%S - %Z"-->
<!--#flastmod virtual="/index.shtml" -->

 (week 50 day 5) 11:350:09:34:29 - CST



  Back to top    Back to top

CGI environment variables

All of the CGI environment variables are also available to SSI


The header lines received from the client, if any, are placed into the environment with the prefix HTTP_ followed by the header name. Any '-' characters in the header name are replaced by '_'.


HTTP_ACCEPT - The MIME types which the client will accept, as given by HTTP headers. Other protocols may need to get this information from elsewhere. Each item in this list should be separated by commas as per the HTTP spec.

Format: type/subtype, type/subtype

<!--#echo var="HTTP_ACCEPT" -->

 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8


HTTP_ACCEPT_ENCODING - (?)

<!--#echo var="HTTP_ACCEPT_ENCODING" -->

 x-gzip, gzip, deflate


HTTP_ACCEPT_LANGUAGE - Lists the human languages acceptable to the client e.g. 'en-gb' is English (British).

<!--#echo var="HTTP_ACCEPT_LANGUAGE" -->

 en-us,en-gb,en;q=0.7,*;q=0.3


HTTP_CONNECTION - (?).

<!--#echo var="HTTP_CONNECTION" -->

 (none)


HTTP_HOST - (?) Name of the requesting server.

<!--#echo var="HTTP_HOST" -->

 www.georgedillon.com


HTTP_REFERER - URL of the page from which a link to the current document was followed.

<!--#echo var="HTTP_REFERER" -->

 (none)


HTTP_USER_AGENT - The browser the client is using to send the request. General format: software/version library/version.

<!--#echo var="HTTP_USER_AGENT" -->

 CCBot/2.0 (http://commoncrawl.org/faq/)


CONTENT_TYPE - For queries which have attached information, such as HTTP POST and PUT, this is the content type of the data.

<!--#echo var="CONTENT_TYPE" -->

 (none)


CONTENT_LENGTH - The length of the said content as given by the client.

<!--#echo var="CONTENT_LENGTH" -->

 (none)


The following environment variables are not request-specific and are set for all requests:


PATH - (?) The active PATH on the server.

<!--#echo var="PATH" -->

[RISK ?]


PATH_INFO - The extra path information, as given by the client. In other words, scripts can be accessed by their virtual pathname, followed by extra information at the end of this path. The extra information is sent as PATH_INFO. This information should be decoded by the server if it comes from a URL before it is passed to the CGI script.

<!--#echo var="PATH_INFO" -->

 (none)


PATH_TRANSLATED - The server provides a translated version of PATH_INFO, which takes the path and does any virtual-to-physical mapping to it.

<!--#echo var="PATH_TRANSLATED" -->

 (none)


REMOTE_HOST - The hostname making the request. If the server does not have this information, it should set REMOTE_ADDR and leave this unset.

<!--#echo var="REMOTE_HOST" -->

 (none)


REMOTE_ADDR - The IP address of the remote host making the request.

<!--#echo var="REMOTE_ADDR" -->

 54.197.211.197


REMOTE_PORT - (?) The port number at which the request was received.

<!--#echo var="REMOTE_PORT" -->

 57129


REMOTE_USER - If the server supports user authentication, and the script is protected, this is the username they have authenticated as.

<!--#echo var="REMOTE_USER" -->

 (none)


REMOTE_IDENT - If the HTTP server supports RFC 931 identification, then this variable will be set to the remote user name retrieved from the server. Usage of this variable should be limited to logging only.

<!--#echo var="REMOTE_IDENT" -->

 (none)


AUTH_TYPE - If the server supports user authentication, and the script is protects, this is the protocol-specific authentication method used to validate the user.

<!--#echo var="AUTH_TYPE" -->

 (none)


SCRIPT_FILENAME - The full path on the server to the requested script. i.e. SCRIPT_NAME plus the server path.

<!--#echo var="SCRIPT_FILENAME" -->

[RISK ?]


SERVER_ADDR - The server's DNS address.

<!--#echo var="SERVER_ADDR" -->

 192.155.204.82


SERVER_ADMIN - The server administrator's email address.

<!--#echo var="SERVER_ADMIN" -->

 webmaster@georgedillon.com


SERVER_NAME - The server's hostname, DNS alias, or IP address as it would appear in self-referencing URLs.

<!--#echo var="SERVER_NAME" -->

 www.georgedillon.com


SERVER_PORT - The port number to which the request was sent.

<!--#echo var="SERVER_PORT" -->

 80


SERVER_SIGNATURE - (?) Used server error messages.

<!--#echo var="SERVER_SIGNATURE" -->

 


SERVER_SOFTWARE - The name and version of the information server software answering the request (and running the gateway). Format: name/version

<!--#echo var="SERVER_SOFTWARE" -->

 Apache


UNIQUE_ID - (?) Serial no. of the server?

<!--#echo var="SERVER_SOFTWARE" -->

[RISK ?]


GATEWAY_INTERFACE - The revision of the CGI specification to which this server complies. Format: CGI/revision

<!--#echo var="GATEWAY_INTERFACE" -->

 CGI/1.1


SERVER_PROTOCOL - The name and revision of the information protcol this request came in with. Format: protocol/revision

<!--#echo var="SERVER_PROTOCOL" -->

 HTTP/1.0


REQUEST_METHOD - The method with which the request was made. For HTTP, this is "GET", "HEAD", "POST", etc.

<!--#echo var="REQUEST_METHOD" -->

 GET


QUERY_STRING - The information which follows the ? in the URL which referenced this script. This is the query information. It should not be decoded in any fashion. This variable should always be set when there is query information, regardless of command line decoding.

<!--#echo var="QUERY_STRING" -->

 


REQUEST_URI - The full URL of the request (including the query string).

<!--#echo var="REQUEST_URI" -->

 /web/ssivar.shtml


SCRIPT_NAME - A virtual path to the script being executed, used for self-referencing URLs.

<!--#echo var="SCRIPT_NAME" -->

 /web/ssivar.shtml



  Back to top    Back to top

xSSI environment variables

XSSI introduced a special directive which returns a value-paired list of all current environment variables (including ones created using the set directive).


PRINTENV

A special XSSI command which returns ALL environment variables, including those which have been set within the page. Note that, like flastmod and fsize, it is a directive in itself and does not require 'echo var=' in its argument.

<!--#printenv -->

[RISK ?]


While testing in various environments I've noticed that the list retured by the PRINTENV directive has included variables which are not listed above, but which do seem to work when returned individually from the echo directive.


COMSPEC - (?) Reports the path to COMMAND.COM when run locally in Windows.

<!--#echo var="COMSPEC" -->

 (none)


DOCUMENT_ROOT - (?) Local path to this file.

<!--#echo var="DOCUMENT_ROOT" -->

[RISK ?]


DOCUMENT_PATH_INFO - (?) Don't know what this is doing here, but I found it in my printenv return.

<!--#echo var="DOCUMENT_PATH_INFO" -->

 (none)


USER_INFO - (?) Identity of current site as known by the server.

<!--#echo var="DOCUMENT_NAME" -->

[RISK ?]


Finally here's a couple more I found while searching around the web. I don't know if these are SSI, CGI or XSSI or even if they work, but here they are:


PAGE_COUNT - Number of accesses to current document since server was brought on line.

<!--#echo var="PAGE_COUNT" -->

 (none)


TOTAL_HITS - Total pages served by server since brought on line.

<!--#echo var="TOTAL_HITS" -->

 (none)



  Back to top    Back to top

CONFIG TIMEFMT

This table shows all the options which can be used with the config timefmt directive

optiondescriptione.g.
(hard-coded)
e.g.
(using DATE_LOCAL)
DAY
%aabbreviated weekdayTueTue
%AweekdayTuesdayTuesday
%dday of month (01-31)0425
%eday of month (1-31) 425
%wday of week (0-6, Sunday=0)22
%jday of year (001 to 366)186329
WEEK (week 1 starts on first Sunday of year)
%U or %Wweek number (00 to 53)2747
MONTH
%babbreviated monthJulNov
%Bfull monthJulyNovember
%mmonth (01 to 12)0711
YEAR
%ytwo-digit year0014
%Yyear20002014
DATE
%cstandard date and time07/04/00 12:03:21Tue Nov 25 18:06:03 2014
%xstandard date07/04/0011/25/14
%DMM/DD/YY date07/04/0011/25/14
TIME
%Xstandard time12:03:2118:06:03
%rstandard time in local notation12:03:21 PM06:06:03 PM
%Tstandard time (24 hr clock)12:03:2118:06:03
%Hhour (00 to 23)1218
%Ihour (01 to 12)1206
%Mminute (00 to 59)0306
%Sseconds (00 to 59)2103
%pAM or PMPMPM
%Z or %ztime zoneGMT Daylight TimeCST
LAYOUT
%nnew line
 
[ Pop-up a printable version of this page ]
SSI, XSSI & CGI environment variables
http://www.georgedillon.com/web/ssivar.shtml
[Updated - 19 March 2006]
Contact | Home | Kendo | Theatre | Web | Search

  Back to top    Back to top
Make payments with PayPal - it's fast, free and secure!
PageRank Checking Icon
georgedillon.com Webutation