IIS Server Variables
安全性
有些服务器变量从HTTP头取得它们的信息。建议你不要信任HTTP头中的信息,因为这些恶意用户可能会伪造这数据。欲进一步了解,请参阅编写更安全的IIS应用程序。取得服务器变量
可以用以下方式之一取得服务器变量:- 在ASP中,使用Request.ServerVariables集合。
- 在ASP.NET中,使用ServerVariables属性。ServerVariable还返回一些额外的服务器变量,只与ASP.NEt有关。
- 在针对ASP的COM+组件中,使用IRequest::get_ServerVariables方法。
- 在ISAPI应用程序中,使用GetServerVraiable回调函数。在ISAPI中,通过对服务器变量名加前缀“UNICODE_”可获得服务器变量的Unicode版本。欲进一步了解关于Unicode服务器变量的信息,请参阅GetServerVariable主题的“备注”部分。
变量 | 描述 |
---|---|
ALL_HTTP | 客户端发送的所有的HTTP头。 |
ALL_RAW | Retrieves all headers in raw form. The difference between ALL_RAW and ALL_HTTP is that ALL_HTTP places an HTTP_ prefix before the header name and the header name is always capitalized. In ALL_RAW the header name and values appear as they are sent by the client. |
APP_POOL_ID IIS 5.1及更早版本:此服务器变量不可用。 | Returns the name of the application pool that is running in the IIS worker process that is handling the request. There is also an APP_POOL_ID environment variable that is available to applications that are running in the IIS worker process. |
APPL_MD_PATH | 检索应用程序的元数据路径。 |
APPL_PHYSICAL_PATH | 检索对应到APPL_MD_PATH中的元数据路么的物理路径。 |
AUTH_PASSWORD | The value entered in the client's authentication dialog. This variable is available only if Basic authentication is used. |
AUTH_TYPE | The authentication method that the server uses to validate users when they attempt to access a protected script. It does not mean that the user was authenticated if AUTH_TYPE contains a value and the authentication scheme is not Basic or integrated Windows authentication. The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme. |
AUTH_USER | The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from REMOTE_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name. |
CACHE_URL IIS 5.1及更早版本:此服务器变量不可用。 | For use in ISAPI applications only. Returns the unambiguous name for the current URL. It is necessary to use the Unicode version of this variable in conjunction with the kernel mode cache invalidation function to evict entries placed in the cache by HSE_REQ_VECTOR_SEND. Note:The server variable "UNICODE_CACHE_URL" is used in conjunction with the cache invalidation function retrieved by theHSE_REQ_GET_CACHE_INVALIDATION_CALLBACK function. This function invalidates responses cached in HTTP.SYS, whether those responses are produced by requests or by ISAPIs calling HSE_REQ_VECTOR_SEND. |
CERT_COOKIE | Unique ID for the client certificate, returned as a string. This can be used as a signature for the whole client certificate. |
CERT_FLAGS | 如果出现了客户端证书,bit0被设置为1。 bit1 is set to 1 if the certification authority of the client certificate is invalid (that is, it is not in the list of recognized certification authorities on the server). If bit 1 of CERT_FLAGS is set to 1, indicating that the certificate is invalid, IIS version 4.0 and later will reject the certificate. Earlier versions of IIS will not reject the certificate. |
CERT_ISSUER | 客户端证书的颁发者字段。 (O=MS, OU=IAS, CN=user name, C=USA). |
CERT_KEYSIZE | 安全套接层(SSL)连接密钥大小的位数。例如,128。 |
CERT_SECRETKEYSIZE | 服务器证书密钥的位数。例如:1024。 |
CERT_SERIALNUMBER | 客户端证书的序列号。 |
CERT_SERVER_ISSUER | 服务器证书的颁发者字段。 |
CERT_SERVER_SUBJECT | 服务器证书的主题字段。 |
CERT_SUBJECT | 客户端证书的主题字段。 |
CONTENT_LENGTH | 客户端给定的内容的长度。 |
CONTENT_TYPE | 内容的数据类型。与具有附加信息的查询配合使用,比如说HTTP查询GET、POST和PUT。 |
GATEWAY_INTERFACE | 服务器所用的CGI规范文档的版本。格式是CGI/version。 |
HEADER_<HeaderName> IIS 5.1及更早版本:此服务器变量不可用。 | The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HEADER_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers. Note:Unlike HTTP_<HeaderName>, all characters in HEADER_<HeaderName> are interpreted as-is. For example, if you specify HEADER_MY_HEADER, the server searches for a request header named MY_HEADER. |
HTTP_<HeaderName> | The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HTTP_" in order for the ServerVariables collection to retrieve its value. 这对检索自定义头很有用。 Note:The server interprets any underscore (_) characters in <HeaderName> as dashes in the actual header. For example, if you specify HTTP_MY_HEADER, the server searches for a request header named MY-HEADER. |
HTTP_ACCEPT | Returns the value of the Accept header that contains a list of accepted formats, for example, "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel". The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,). |
HTTP_ACCEPT_ENCODING | 返回接受的编码类型的列表,例如,“gzip、deflate”。 |
HTTP_ACCEPT_LANGUAGE | 返回用来描述显示内容的语言的字符串。 |
HTTP_CONNECTION | 返回描述连接类型的字符串,例如,“Keep-Alive”。 |
HTTP_COOKIE | 返回请求所包含的cookie字符串。 |
HTTP_HOST | 返回Web服务器的名称。This may or may not be the same as SERVER_NAME depending on type of name resolution you are using on your Web server (IP address, host header). |
HTTP_METHOD | 用来产生请求的方法(与REQUEST_METHOD相同) |
HTTP_REFERER | Returns a string that contains the URL of the page that referred the request to the current page using an HTML <A> tag. Note that the URL is the one that the user typed into the browser address bar, which may not include the name of a default document. 如果网页被重定向了,HTTP_REFERER是空。 HTTP_REFERER不是HTTP参考的法定成员。 |
HTTP_URL | 返回生的、编码的URL,例如,“/vdir/default.asp?querystring”。 |
HTTP_USER_AGENT | 返回描述发送请求的浏览器的字符串。 |
HTTP_VERSION | 请求协议的名称和版本(the raw form of SERVER_PROTOCOL). |
HTTPS | Returns ON if the request came in through a secure channel (for example, SSL); or it returns OFF, if the request is for an insecure channel. |
HTTPS_KEYSIZE | SSL连接密钥的位数。例如,128。 |
HTTPS_SECRETKEYSIZE | 服务器证书私钥的位数。例如,1024。 |
HTTPS_SERVER_ISSUER | 服务器证书的颁发者字段。 |
HTTPS_SERVER_SUBJECT | 服务器证书的主题字段。 |
INSTANCE_ID | The ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. You can use this variable to retrieve the ID of the Web server instance (in the metabase) to which the request belongs. |
INSTANCE_META_PATH | 响应请求的IIS实例的元数据路径。 |
LOCAL_ADDR | 返回请求来自的服务器地址。对于多个IP地址绑定到一台电脑的计算机,这一点很重要,你可能想要找出请求用了哪个地址。 |
LOGON_USER | The Windows account that the user is impersonating while connected to your Web server. Use REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed. |
PATH_INFO | 客户端给定的路径信息,例如,“/vdir/myisapi.dll/zip”。如果此信息来自于URL,服务器会在把它传递给CGI脚本或ISAPI筛选器之前先解码它。 If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI applications such as ASP will break. |
PATH_TRANSLATED | 映射到PATH_INFO中的虚拟路径的物理路径,例如,“c:\inetpub\wwwroot\vdir\myisapi.dll”。在处理ISAPI应用程序过程中,IIS使用了此变量。 If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI applications such as ASP will break. |
QUERY_STRING | 查询存储在HTTP请求中跟在问号(?)后面的字符串中的信息, |
REMOTE_ADDR | 制作此请求的远程主机的IP地址。 |
REMOTE_HOST | 制用请求的主机名。如果服务器没有此信息,它会发送REMOTE_ADDR并留此变量为空。 |
REMOTE_PORT | TCP连接的客户端端口号。 |
REMOTE_USER | The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name. |
REQUEST_METHOD | 用来制作请求的方法。对于HTTP,这可以是GET、HEAD、POST等等。 |
SCRIPT_NAME | 被执行的脚本的虚拟路径,例如,“/vdir/default.asp”。这是用于自引用的URL。 |
SCRIPT_TRANSLATED IIS 5.1及更早版本:此服务器变量不可用。 | The canonical physical path to the script listed in SCRIPT_NAME, for example, "\\?\c:\inetpub\wwwroot\vdir\default.asp". |
SERVER_NAME | 服务器的主机名、DNS别名或IP地址,它将出现在自引用URL中。 |
SERVER_PORT | 发送请求的服务器端口号。 |
SERVER_PORT_SECURE | 包含0或1的字符串。如果在安全端口上处理请求,此变量是1。否则就是0。 |
SERVER_PROTOCOL | 请求信息协议的名称和版本。格式是protocol/version。(The canonicalized form of HTTP_VERSION.) |
SERVER_SOFTWARE | 应答请求和运行网关的服务器软件的名称和版本。格式是name/version。 |
SSI_EXEC_DISABLED IIS 5.1及更早版本:此服务器变量不可用。 | Returns a 1 if the server-side include directive, #exec, is disabled. Otherwise, SSI_EXE_DISABLED returns a 0. To enable or disable #exec, use the SSIExecDisablemetabase property. |
UNENCODED_URL IIS 4.0及更早版本:此服务器变量不可用。 | 返回生的、未编码的URL,例如,"/vdir/default.asp?querystring" |
UNICODE_<ServerVariable Name> IIS 5.1及更早版本:此服务器变量不可用。 | In unicode ISAPI applications only, it is possible to retrieve server variable values as unicode values by prepending "UNICODE_" to the name of the server variable, unless the variable starts with "HTTP_" or "HEADER_". |
UNMAPPED_REMOTE_USER | The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account (same as REMOTE_USER). If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name. |
URL | Gives the base portion of the URL, without any querystring or extra path information, for example, "/vdir/default.asp". 对于生URL,使用HTTP_URL或UNENCODED_URL。 |
URL_PATH_INFO Note: 此服务器变量只在IIS 5.0上可用。 | 使用PATH_INFO代替。 |