IIS Server Variables

IIS服务器变量提供了关于服务器的信息、与客户端连接的信息、以及有关连接的当前请求的信息。IIS服务器就量不同于环境变量。

安全性

有些服务器变量从HTTP头取得它们的信息。建议你不要信任HTTP头中的信息,因为这些恶意用户可能会伪造这数据。欲进一步了解,请参阅编写更安全的IIS应用程序

取得服务器变量

可以用以下方式之一取得服务器变量:
  • 在ASP中,使用Request.ServerVariables集合。
  • 在ASP.NET中,使用ServerVariables属性。ServerVariable还返回一些额外的服务器变量,只与ASP.NEt有关。
  • 在针对ASP的COM+组件中,使用IRequest::get_ServerVariables方法。
  • 在ISAPI应用程序中,使用GetServerVraiable回调函数。在ISAPI中,通过对服务器变量名加前缀“UNICODE_”可获得服务器变量的Unicode版本。欲进一步了解关于Unicode服务器变量的信息,请参阅GetServerVariable主题的“备注”部分。
变量描述
ALL_HTTP客户端发送的所有的HTTP头。
ALL_RAWRetrieves all headers in raw form. The difference between ALL_RAW and ALL_HTTP is that ALL_HTTP places an HTTP_ prefix before the header name and the header name is always capitalized. In ALL_RAW the header name and values appear as they are sent by the client.
APP_POOL_ID
IIS 5.1及更早版本:此服务器变量不可用。
Returns the name of the application pool that is running in the IIS worker process that is handling the request.
There is also an APP_POOL_ID environment variable that is available to applications that are running in the IIS worker process.
APPL_MD_PATH检索应用程序的元数据路径。
APPL_PHYSICAL_PATH检索对应到APPL_MD_PATH中的元数据路么的物理路径。
AUTH_PASSWORDThe value entered in the client's authentication dialog. This variable is available only if Basic authentication is used.
AUTH_TYPEThe authentication method that the server uses to validate users when they attempt to access a protected script.
It does not mean that the user was authenticated if AUTH_TYPE contains a value and the authentication scheme is not Basic or integrated Windows authentication. The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme.
AUTH_USERThe name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from REMOTE_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
CACHE_URL
IIS 5.1及更早版本:此服务器变量不可用。
For use in ISAPI applications only. Returns the unambiguous name for the current URL. It is necessary to use the Unicode version of this variable in conjunction with the kernel mode cache invalidation function to evict entries placed in the cache by HSE_REQ_VECTOR_SEND.
Note:The server variable "UNICODE_CACHE_URL" is used in conjunction with the cache invalidation function retrieved by theHSE_REQ_GET_CACHE_INVALIDATION_CALLBACK function. This function invalidates responses cached in HTTP.SYS, whether those responses are produced by requests or by ISAPIs calling HSE_REQ_VECTOR_SEND.
CERT_COOKIEUnique ID for the client certificate, returned as a string. This can be used as a signature for the whole client certificate.
CERT_FLAGS如果出现了客户端证书,bit0被设置为1。
bit1 is set to 1 if the certification authority of the client certificate is invalid (that is, it is not in the list of recognized certification authorities on the server).
If bit 1 of CERT_FLAGS is set to 1, indicating that the certificate is invalid, IIS version 4.0 and later will reject the certificate. Earlier versions of IIS will not reject the certificate.
CERT_ISSUER客户端证书的颁发者字段。 (O=MS, OU=IAS, CN=user name, C=USA).
CERT_KEYSIZE安全套接层(SSL)连接密钥大小的位数。例如,128。
CERT_SECRETKEYSIZE服务器证书密钥的位数。例如:1024。
CERT_SERIALNUMBER客户端证书的序列号。
CERT_SERVER_ISSUER服务器证书的颁发者字段。
CERT_SERVER_SUBJECT服务器证书的主题字段。
CERT_SUBJECT客户端证书的主题字段。
CONTENT_LENGTH客户端给定的内容的长度。
CONTENT_TYPE内容的数据类型。与具有附加信息的查询配合使用,比如说HTTP查询GETPOSTPUT
GATEWAY_INTERFACE服务器所用的CGI规范文档的版本。格式是CGI/version。
HEADER_<HeaderName>
IIS 5.1及更早版本:此服务器变量不可用。
The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HEADER_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers.
Note:Unlike HTTP_<HeaderName>, all characters in HEADER_<HeaderName> are interpreted as-is. For example, if you specify HEADER_MY_HEADER, the server searches for a request header named MY_HEADER.
HTTP_<HeaderName>The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HTTP_" in order for the ServerVariables collection to retrieve its value. 这对检索自定义头很有用。
Note:The server interprets any underscore (_) characters in <HeaderName> as dashes in the actual header. For example, if you specify HTTP_MY_HEADER, the server searches for a request header named MY-HEADER.
HTTP_ACCEPTReturns the value of the Accept header that contains a list of accepted formats, for example, "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel".
The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,).
HTTP_ACCEPT_ENCODING返回接受的编码类型的列表,例如,“gzip、deflate”。
HTTP_ACCEPT_LANGUAGE返回用来描述显示内容的语言的字符串。
HTTP_CONNECTION返回描述连接类型的字符串,例如,“Keep-Alive”。
HTTP_COOKIE返回请求所包含的cookie字符串。
HTTP_HOST返回Web服务器的名称。This may or may not be the same as SERVER_NAME depending on type of name resolution you are using on your Web server (IP address, host header).
HTTP_METHOD用来产生请求的方法(与REQUEST_METHOD相同)
HTTP_REFERERReturns a string that contains the URL of the page that referred the request to the current page using an HTML <A> tag. Note that the URL is the one that the user typed into the browser address bar, which may not include the name of a default document.
如果网页被重定向了,HTTP_REFERER是空。
HTTP_REFERER不是HTTP参考的法定成员。
HTTP_URL返回生的、编码的URL,例如,“/vdir/default.asp?querystring”。
HTTP_USER_AGENT返回描述发送请求的浏览器的字符串。
HTTP_VERSION请求协议的名称和版本(the raw form of SERVER_PROTOCOL).
HTTPSReturns ON if the request came in through a secure channel (for example, SSL); or it returns OFF, if the request is for an insecure channel.
HTTPS_KEYSIZESSL连接密钥的位数。例如,128。
HTTPS_SECRETKEYSIZE服务器证书私钥的位数。例如,1024。
HTTPS_SERVER_ISSUER服务器证书的颁发者字段。
HTTPS_SERVER_SUBJECT服务器证书的主题字段。
INSTANCE_IDThe ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. You can use this variable to retrieve the ID of the Web server instance (in the metabase) to which the request belongs.
INSTANCE_META_PATH响应请求的IIS实例的元数据路径。
LOCAL_ADDR返回请求来自的服务器地址。对于多个IP地址绑定到一台电脑的计算机,这一点很重要,你可能想要找出请求用了哪个地址。
LOGON_USERThe Windows account that the user is impersonating while connected to your Web server. Use REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed.
PATH_INFO客户端给定的路径信息,例如,“/vdir/myisapi.dll/zip”。如果此信息来自于URL,服务器会在把它传递给CGI脚本或ISAPI筛选器之前先解码它。
If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI applications such as ASP will break.
PATH_TRANSLATED映射到PATH_INFO中的虚拟路径的物理路径,例如,“c:\inetpub\wwwroot\vdir\myisapi.dll”。在处理ISAPI应用程序过程中,IIS使用了此变量。
If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI applications such as ASP will break.
QUERY_STRING查询存储在HTTP请求中跟在问号(?)后面的字符串中的信息,
REMOTE_ADDR制作此请求的远程主机的IP地址。
REMOTE_HOST制用请求的主机名。如果服务器没有此信息,它会发送REMOTE_ADDR并留此变量为空。
REMOTE_PORTTCP连接的客户端端口号。
REMOTE_USERThe name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
REQUEST_METHOD用来制作请求的方法。对于HTTP,这可以是GETHEADPOST等等。
SCRIPT_NAME被执行的脚本的虚拟路径,例如,“/vdir/default.asp”。这是用于自引用的URL。
SCRIPT_TRANSLATED
IIS 5.1及更早版本:此服务器变量不可用。
The canonical physical path to the script listed in SCRIPT_NAME, for example, "\\?\c:\inetpub\wwwroot\vdir\default.asp".
SERVER_NAME服务器的主机名、DNS别名或IP地址,它将出现在自引用URL中。
SERVER_PORT发送请求的服务器端口号。
SERVER_PORT_SECURE包含0或1的字符串。如果在安全端口上处理请求,此变量是1。否则就是0。
SERVER_PROTOCOL请求信息协议的名称和版本。格式是protocol/version。(The canonicalized form of HTTP_VERSION.)
SERVER_SOFTWARE应答请求和运行网关的服务器软件的名称和版本。格式是name/version。
SSI_EXEC_DISABLED
IIS 5.1及更早版本:此服务器变量不可用。
Returns a 1 if the server-side include directive, #exec, is disabled. Otherwise, SSI_EXE_DISABLED returns a 0. To enable or disable #exec, use the SSIExecDisablemetabase property.
UNENCODED_URL
IIS 4.0及更早版本:此服务器变量不可用。
返回生的、未编码的URL,例如,"/vdir/default.asp?querystring"
UNICODE_<ServerVariable Name>
IIS 5.1及更早版本:此服务器变量不可用。
In unicode ISAPI applications only, it is possible to retrieve server variable values as unicode values by prepending "UNICODE_" to the name of the server variable, unless the variable starts with "HTTP_" or "HEADER_".
UNMAPPED_REMOTE_USERThe name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account (same as REMOTE_USER). If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
URLGives the base portion of the URL, without any querystring or extra path information, for example, "/vdir/default.asp".
对于生URL,使用HTTP_URL或UNENCODED_URL。
URL_PATH_INFO
Note: 此服务器变量只在IIS 5.0上可用。
使用PATH_INFO代替。

如果你喜欢这篇文章,敬请给站长打赏↑

除特别注明外,本站所有文章均为本站站长原译,转载请注明出处。