[z/OS][AIX Solaris HP-UX Linux Windows]

Secure Sockets Layer environment variables

The mod_ibm_ssl parameter provides access to information about an Secure Sockets Layer (SSL) session by setting variables in the Apache API subprocess_env table for the active request. These variables are considered environment variables because of how information is accessed when the variables are passed to CGI applications.

You can categorize SSL environment variables into three types based on the type of information that is accessed when the variable is passed to the application.
  • Variables for information regarding the SSL handshake
  • Variables for exposing the server certificate information
  • Variables for exposing client certificate information, when client authentication is enabled.
The following table provides the types of access to information as well as the mechanisms used to access information using SSL environment variables.
Table 1. Types of access and mechanisms for SSL environment variables
Access type Mechanism
access from a CGI or FastCGI application The information is passed to the CGI application as an environment variable. Use the method provided by the implementation language for accessing environments, such as getenv ("HTTPS") in C or $ENV{'HTTPS'} in Perl. For a SSL environment variable to be used in CGI or FastCGI, there must be a corresponding PassEnv directive.
access from a plug-in module The information is available in the subprocess_env table after the quick handler has run. Access it with a call such as apr_table_lookup (r->subprocess_env,"HTTPS")
logging in the access log with other information about the request Use the following %{varname}e example.
LogFormat	"%h %l %u %t \ "%r\ " %>s 
%b %{HTTPS}e" ssl-custom
If the information is not available, mod_log_config logs a dash (-) for the field.
use with the setenvif variable # Silly example, don't compress SSL connections
SetEnvIf	HTTPS	no-gzip
use as part of a mod_rewrite rule variable
RewriteEngine	 On
RewriteCond	 %{ENV:HTTPS}	^OFF$
RewriteRule	 .*	/no-sssl.html
access in an SSI document In order for an SSL environment variable to be used in an SSI document, there must be a corresponding PassEnv directive.
SSL is <!--#echo var="HTTPS" -->
access control Allow from env=HTTPS