CGI Environment Variables

Once the Web server calls the script, a mechanism is needed for the two processes to communicate. Part of this communication is done through pseudo-environment variables. Before the Web server calls the script, the server creates several pseudo-environment variables from the request headers sent by the browser and some server configuration values. These variables have a name and a string value. The script references the variables by name to obtain their value.

The reason these variables are called pseudo-environment variables is because the AS/400 doesn't have Unix-style process environment variables. Instead, Web Server/400 simulates this environment and provides an API to access the variable from scripts.

Listed below are all the environment variables set prior to calling a script. Any of these can be accessed by making an API call with the name of the environment variable passed in as one of the parameters.

Server Supplied

The following environment variables are specific to the Web server or are configurable by the administrator of the Web server.

The GATEWAY_INTERFACE is the name and version of protocol that is in use for calling scripts. The format is Name/Version. This is currently CGI/1.1.

The SERVER_NAME is the TCP/IP host name of the AS/400 currently running the Web server. This is either obtained from the machine or configured using the Server Host Name configuration directive. For example, this might be

The SERVER_PORT is the TCP/IP socket port the Web server is currently using to communicate with browsers. It is a character string representation of the port number in decimal. For example, by default this is 80-the well known port for HTTP.

The SERVER_SOFTWARE is a product specific string that identifies the name of the Web server currently running and the version of that server. For Web Server/400, this value is WebServer400/1.3. For Commerce Server/400, this value is CommerceServer400/1.0.

Browser Supplied

This is the string that identifies the type of user authentication being used by the browser for this request. If the AUTH_TYPE is set, the HTTP_AUTHORIZATION environment variable should also be set. This has the form auth_type: auth_data. The auth_type is the same as the AUTH_TYPE environment variable. The auth_data is the authorization type specific data.

This is the length, in bytes, of the request body that follows the header. In the case of a POST method, this indicates the length of the form data that is sent by the browser. If this isn't set or is zero, then the browser only sends request headers.

This is the content type of request body sent by the browser.

PATH_INFO is the rest of the URL-path after the script name. For example, if /cgi-bin/cgitest/extra/path was entered, PATH_INFO would be set to /extra/path. This value is also completely unescaped as well. This does not include the query string.

PATH_TRANSLATED is similar to PATH_INFO except the extra path is transformed as if it were entered as the URL-path by itself. Alias substitution, user directory handling, and so forth are all performed on this value. If the extra path is not valid or doesn't exist after this transformation, the PATH_TRANSLATED is set to the PATH_INFO subdirectory of the Document Root of the Default Source Type. For example, if /cgi-bin/cgitest/samples/ is entered, the Default Source Type is *Root, and the Document Root is /WWWServ/WebDocs/, then the PATH_TRANSLATED would be set to . If /cgi-bin/cgitest/~WWWUSER/ is entered, PATH_TRANSLATED would be /WWWServ/WWWUser/PubHTML/ (assuming WWWUSER's home directory is /WWWServ/WWWUser/).

The QUERY_STRING is everything entered after a question mark ("?") in the URL. This data is not converted at all. The leading question mark is not included. For example, if the user enters a URL of /cgi-bin/cgitest?this+is+a+query+string, QUERY_STRING would be set to this+is+a+query+string.

This is the IP address of the browser in dotted decimal notation. This is always available. For instance, this might be

This is the host name of the browser making the request. If this cannot be obtained, it is not set. For example, this might be

This is the user name used to authenticate requests to the server. This is set to the user portion of the Authenticate request header. If this header is not sent, this variable is not set.

This is a hashed version of the password used to authenticate requests to the server. The password portion of the Authenticate request header is hashed using the MD5(*) algorithm. This algorithm creates a message digest of the password. The vital property of this function is that it is very difficult to obtain the original value (the password) if you only know the message digest. This means the REMOTE_PASSWORD_MD5 value does not have to be protected to maintain the integrity of a user's password. If Authenticate the header is not sent, this variable is not set.

(*)Derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

This is the HTTP method of the URL request made by the browser. Some valid methods are GET, POST, and PUT.

This is the name of the currently running script, as it is known by browsers. The name is escaped and does not include any of the PATH_INFO or query strings. For example, the script /cgi-bin/cgitest/extra/path would have a SCRIPT_NAME of /cgi-bin/cgitest.

The SERVER_PROTOCOL is the version of HTTP that is being used for this request. This can be either HTTP/0.9 or HTTP/1.0. HTTP/0.9 is only used if the browser has indicated to use that version.

Other Request Headers
All other request headers that are sent by the browser are made available to the script through environment variables. Each header has a prefix of HTTP_ added to the header name. Any dashes ("-") in the header name are changed to underscores ("_"). If the same header appears more than once, a comma separated list of each of the header's values is created. For example, the header User-Agent: NeatBrowser/1.0 would result in an environment variable of HTTP_USER_AGENT with a value of NeatBrowser/1.0. Another example is receiving the headers Accept: text/html and Accept: text/plain. This would result in one environment variable named HTTP_ACCEPT with a value of text/html, text/plain.

The additional scripts sample page shows examples of retrieving environment variables from different programming languages.