CGI Environment Variables

Once the Web server calls the script, a mechanism is needed for the two processes to communicate. Part of this communication is done through pseudo-environment variables. Before the Web server calls the script, the server creates several pseudo-environment variables from the request headers sent by the browser and some server configuration values. These variables have a name and a string value. The script references the variables by name to obtain their value.

The reason these variables are called pseudo-environment variables is because the AS/400 doesn't have Unix-style process environment variables. Instead, Web Server/400 simulates this environment and provides an API to access the variable from scripts.

Listed below are all the environment variables set prior to calling a script. Any of these can be accessed by making an API call with the name of the environment variable passed in as one of the parameters.

Server Supplied

The following environment variables are specific to the Web server or are configurable by the administrator of the Web server.

GATEWAY_INTERFACE

The GATEWAY_INTERFACE is the name and version of protocol that is in use for calling scripts. The format is Name/Version. This is currently CGI/1.1.

SERVER_NAME

The SERVER_NAME is the TCP/IP host name of the AS/400 currently running the Web server. This is either obtained from the machine or configured using the Server Host Name configuration directive. For example, this might be www.inetmi.com.

SERVER_PORT

The SERVER_PORT is the TCP/IP socket port the Web server is currently using to communicate with browsers. It is a character string representation of the port number in decimal. For example, by default this is 80-the well known port for HTTP.

SERVER_SOFTWARE

The SERVER_SOFTWARE is a product specific string that identifies the name of the Web server currently running and the version of that server. For Web Server/400, this value is WebServer400/1.3. For Commerce Server/400, this value is CommerceServer400/1.0.

Browser Supplied

AUTH_TYPE

This is the string that identifies the type of user authentication being used by the browser for this request. If the AUTH_TYPE is set, the HTTP_AUTHORIZATION environment variable should also be set. This has the form auth_type: auth_data. The auth_type is the same as the AUTH_TYPE environment variable. The auth_data is the authorization type specific data.

CONTENT_LENGTH

This is the length, in bytes, of the request body that follows the header. In the case of a POST method, this indicates the length of the form data that is sent by the browser. If this isn't set or is zero, then the browser only sends request headers.

CONTENT_TYPE

This is the content type of request body sent by the browser.

PATH_INFO

PATH_INFO is the rest of the URL-path after the script name. For example, if /cgi-bin/cgitest/extra/path was entered, PATH_INFO would be set to /extra/path. This value is also completely unescaped as well. This does not include the query string.

PATH_TRANSLATED

PATH_TRANSLATED is similar to PATH_INFO except the extra path is transformed as if it were entered as the URL-path by itself. Alias substitution, user directory handling, and so forth are all performed on this value. If the extra path is not valid or doesn't exist after this transformation, the PATH_TRANSLATED is set to the PATH_INFO subdirectory of the Document Root of the Default Source Type. For example, if /cgi-bin/cgitest/samples/ is entered, the Default Source Type is *Root, and the Document Root is /WWWServ/WebDocs/, then the PATH_TRANSLATED would be set to

.  If
/cgi-bin/cgitest/~WWWUSER/ is entered, PATH_TRANSLATED would
be /WWWServ/WWWUser/PubHTML/ (assuming WWWUSER's home
directory is /WWWServ/WWWUser/).

QUERY_STRING

The QUERY_STRING is everything entered after a question mark ("?") in
the URL.  This data is not converted at all.  The leading question mark is
not included.  For example, if the user enters a URL of
/cgi-bin/cgitest?this+is+a+query+string, QUERY_STRING would be
set to this+is+a+query+string.

REMOTE_ADDR

This is the IP address of the browser in dotted decimal notation.
This is always available.  For instance, this might be
12.34.56.78.

REMOTE_HOST

This is the host name of the browser making the request.  If this
cannot be obtained, it is not set.  For example, this might be
joe.company.com.

REMOTE_USER

This is the user name used to authenticate requests to the server.  This
is set to the user portion of the Authenticate request header.  If this header
is not sent, this variable is not set.

REMOTE_PASSWORD_MD5

This is a hashed version of the password used to authenticate requests
to the server.  The password portion of the Authenticate request header is
hashed using the MD5(*) algorithm.  This algorithm creates a message digest
of the password.  The vital property of this function is that it is very
difficult to obtain the original value (the password) if you only know the
message digest.  This means the REMOTE_PASSWORD_MD5 value does not have to be
protected to maintain the integrity of a user's password. If Authenticate the
header is not sent, this variable is not set.

(*)Derived from the RSA Data Security, Inc. MD5
Message-Digest Algorithm.

REQUEST_METHOD

This is the HTTP method of the URL request made by the browser.  Some
valid methods are GET, POST, and
PUT.

SCRIPT_NAME

This is the name of the currently running script, as it is known by
browsers.  The name is escaped and does not include any of the PATH_INFO or
query strings.  For example, the script
/cgi-bin/cgitest/extra/path would have a SCRIPT_NAME of
/cgi-bin/cgitest.

SERVER_PROTOCOL

The SERVER_PROTOCOL is the version of HTTP that is being used for
this request.  This can be either HTTP/0.9 or HTTP/1.0.
HTTP/0.9 is only used if the browser has indicated to use that version.

Other Request Headers

All other request headers that are sent by the browser are made
available to the script through environment variables.  Each header has a
prefix of HTTP_ added to the header name.  Any dashes ("-")
in the header name are changed to underscores ("_").  If the same header
appears more than once, a comma separated list of each of the header's
values is created.  For example, the header User-Agent:
NeatBrowser/1.0 would result in an environment variable of
HTTP_USER_AGENT with a value of NeatBrowser/1.0.
Another example is receiving the headers Accept: text/html and
Accept: text/plain.  This would result in one environment
variable named HTTP_ACCEPT with a value of text/html,
text/plain. 

The additional scripts sample
page shows examples of retrieving environment variables from different
programming languages.