6

Simple condition, which never match and set variable:

SetEnvIf Request_URI "^/path/to/something*" access_granted

Checking URI by using PHP is giving correct string, however variable is never set.

echo getenv('Request_URI'); --> /path/to/something
echo getenv('access_granted'); --> <<empty>>

Simple as that, but still and always failing to match.

Update: interesting point is, that I can achieve access_granted=1 by string:

SetEnvIf Request_URI "^/path/*" access_granted

/path is also RewriteBase - maybe it's connected somehow, I don't know

Jenny D
  • 27,780
  • 21
  • 75
  • 114
Ivan
  • 195
  • 1
  • 2
  • 8

4 Answers4

5

The issue you are facing is maybe caused by mod_rewrite as explained under. Rewrite rules are applied before applying setenv, so that the rewritten request uri is passed to it. Try to set the env variable on rewrite.

ahrrikis
  • 61
  • 1
  • 2
  • 1
    This correctly explains the problem and should be the accepted answer. – dzuelke Mar 24 '16 at 23:16
  • I am having this problem on a server without mod_rewrite enabled, so it may not be the only explanation for this problem – Jon May 14 '20 at 21:55
3

Second argument to SetEnvIf is supposed to be regexp, so it should read as:

SetEnvIf Request_URI ^/path/to/something.* access_granted

your second attempt:

 SetEnvIf Request_URI "^/path/*" access_granted

works because indeed you have 0 or more "/" symbols following /path

In other words - you've attempted to use shell globs where regexp is expected.

Droopy4096
  • 680
  • 4
  • 8
  • Good point, I did not realized, that dot is missing there. However, now even 2nd attempt does not work, until I simplify regex to `SetEnvIf Request_URI ^/.*$ NotificationUri` . Seems, like there is something else in the URI, as appears to be. Maybe mod_rewrite is screwing things up ? – Ivan Nov 10 '15 at 22:44
1

I know it's an old topic, but I came across it on my current research, maybe others will have related issues...

For me the following code worked fine and the expression was matched after rewrites!

URL: www.example.de/lockthissite/

.htaccess code:

SetEnvIfNoCase Request_URI ^/lockthissite/$ SECURED=yes

AuthType Basic 
AuthName "restricted access" 
AuthUserFile /path/to/my/.htpasswd 
Require valid-user 
Satisfy any 
Order allow,deny 
Allow from all
Deny from env=SECURED
Jenny D
  • 27,780
  • 21
  • 75
  • 114
ToTaTaRi
  • 11
  • 1
0

Simple solution. Request_URI is not the name of the environment variable, you're setting a variable called access_granted.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • OK, seems, that I wrote my question wrong. Sure, I'm checking access_granted also, but it's always unset, therefore I didn't mention it in code. Second line of code is only showing, that Request_URI is exactly same as I whrote to condition. – Ivan Apr 10 '14 at 15:24
  • It isn't exactly unset, it is empty because you don't assign any value to the variable... That would require something like: `SetEnvIf Request_URI "^/path/to/something*" access_granted=` – HBruijn Apr 10 '14 at 18:36
  • I'm affrraid, =XY is not mandatory :) When is not set, apache is assigning 1 by default, according to docs.. But I tried it also, no change unfortunately. Regex simply does not match in my opinion. There must be something changing the URI, maybe mod_rewrite or I don't know. – Ivan Apr 10 '14 at 21:57
  • Maybe `PassEnv access_granted`? – HBruijn Apr 11 '14 at 06:29
  • Not sure if I've got your point :) access_granted is not an shell variable, so does it help anyway ? I've tried that anyway - no change unfortunately – Ivan Apr 11 '14 at 11:49