>Number: 2256 >Category: mod_env >Synopsis: SetEnv can not over ride variables like SERVER_NAME, >HTTP_HOST, etc >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed May 20 03:50:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.6 >Environment: SunOS duck 5.5.1 Generic_103640-08 sun4u sparc SUNW,Ultra-1 Built using gcc 2.7.2 >Description: For various reasons we need to be able to set the variables SERVER_NAME and HTTP_HOST on a per-virtual host basis so that CGI scripts actually get what they expect. The main reason for this is that the name of a web site served as seen from the outside world is not the same as used by Apache. Naturally we'd like to ensure that CGI scripts don't see the internal name which will probably be a non-routable address. I thought that I could use SetEnv to set the SERVER_NAME and HTTP_HOST to the correct values, but this did not work. >How-To-Repeat: The easiest way to repeat this problem is to use something like the following in the httpd.conf file:
<VirtualHost 158.43.134.52> ServerName web2-real.syseng.uk.uu.net ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/www/virtual-servers/web2-real/htdocs SetEnv HTTP_HOST web2.syseng.uk.uu.net SetEnv SERVER_NAME web2.syseng.uk.uu.net </VirtualHost> And run a CGI script which displays the environment variables. >Fix: I've actually made some minor changes to mod_cgi.c and alloc.[ch] which fixes this problem. I added a simple function table_set_if_empty() to alloc.c which only sets the value if it doesn't exist in the table already. I then changed most of the table_set() calls to the environment variable table in mod_cgi.c to use table_set_if_empty() instead. This appears to work fine as the SetEnv statements in the server config given above replace the server provided ones. Looking at the patch database, the problem with passing the PATH variable in PR 370 could be fixed by this as well. I've built a patch for this which I can make available if you are interested in it. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
