CGI Variables include server defined values commonly shared with CGI scripts and the HTTP request headers from the web request. The server variables include the following (note that depending upon the request and type of resource the URL refers to, not all values may exist for every request):
- "AUTH_TYPE" - If the server supports user authentication, and the script is protected, this is the protocol-specific authentication method used to validate the user.
- "CONTENT_LENGTH" - The length of the content itself as given by the client.
- "CONTENT_TYPE" - For queries which have attached information, such as HTTP POST and PUT, this is the content type of the data.
- "DOCUMENT_ROOT" - the real directory on the server that corresponds to a DOCUMENT_URI of "/". This is the first directory which contains files or sub-directories which are served by the web server.
- "DOCUMENT_URI" - the path portion of the HTTP URL requested
- "GATEWAY_INTERFACE" - The revision of the CGI specification to which this server complies. Format: CGI/revision
- "PATH_INFO" - The extra path information, as given by the client. In other words, scripts can be accessed by their virtual pathname, followed by extra information at the end of this path. The extra information is sent as PATH_INFO. This information should be decoded by the server if it comes from a URL before it is passed to the CGI script.
- "PATH_TRANSLATED" - The server provides a translated version of PATH_INFO, which takes the path and does any virtual-to-physical mapping to it.
- "QUERY_STRING" - The information which follows the "?" in the URL which referenced this script. This is the query information. It should not be decoded in any fashion. This variable should always be set when there is query information, regardless of command line decoding.
- "REMOTE_ADDR" - The IP address of the remote host making the request.
- "REMOTE_HOST" - The hostname making the request. If the server does not have this information, it should set REMOTE_ADDR and leave this unset.
- "REMOTE_IDENT" - If the HTTP server supports RFC 931 identification, then this variable will be set to the remote user name retrieved from the server. Usage of this variable should be limited to logging only.
- "REMOTE_USER" - If the server supports user authentication, and the script is protected, this is the username they have authenticated as.
- "REQUEST_METHOD" - The method with which the request was made. For HTTP, this is "GET", "HEAD", "POST", etc.
- "REQUEST_TIME" - the time the server received the request represented as the number of seconds since 00:00:00 UTC on 1 January 1970. Usable with
os.date to provide the date and time in whatever format you require.
- "REQUEST_URI" - the DOCUMENT_URI with any query string present in the request appended. Usually this corresponds to the URL without the scheme or host information.
- "SCRIPT_FILENAME" - the actual path to the script being executed.
- "SCRIPT_NAME" - A virtual path to the script being executed, used for self-referencing URLs.
- "SERVER_NAME" - The server's hostname, DNS alias, or IP address as it would appear in self-referencing URLs.
- "SERVER_PORT" - The port number to which the request was sent.
- "SERVER_PROTOCOL" - The name and revision of the information protcol this request came in with. Format: protocol/revision
- "SERVER_SOFTWARE" - The name and version of the web server software answering the request (and running the gateway). Format: name/version
The HTTP Request header names are prefixed with "HTTP_", converted to all uppercase, and have all hyphens converted into underscores. Common headers (converted to their CGI format) might include, but are not limited to:
- HTTP_ACCEPT, HTTP_ACCEPT_ENCODING, HTTP_ACCEPT_LANGUAGE, HTTP_CACHE_CONTROL, HTTP_CONNECTION, HTTP_DNT, HTTP_HOST, HTTP_USER_AGENT
This server also defines the following (which are replicated in the CGI variables above, so those should be used for portability):
- HTTP_X_REMOTE_ADDR, HTTP_X_REMOTE_PORT, HTTP_X_SERVER_ADDR, HTTP_X_SERVER_PORT
A list of common request headers and their definitions can be found at https://en.wikipedia.org/wiki/List_of_HTTP_header_fields