A rewrite variable is an object that stores a dynamic value like a entry path of an request or a session id. Rewrite variables are represented as strings in the format %<variable name>% or %<variable name>[argument]%. They are, for example, useful to define generic rewrite rules that are independent of the selected mapping, virtual host, or back-end group.
Rewrite variables are available in the following areas. For variable specific exceptions see table list of rewrite variables.
Pattern and substitution fields in:
- ●Request Actions
- ●Response Actions
- ●URL Encryption
- ●CSRF Tokens
- ●Deny Rules
- ●Allow Rules
Redirect locations fields:
- ●Denied access URL
- ●URL Encryption - Invalid URL redirect location
- ●CSRF Tokens - Invalid token redirect location
Variable name | Description | Not available in |
%ENTRYPROTOCOL% | current request protocol from the client, http or https | Redirect locations |
%ENTRYHOST% | entry host of the current mapping, without port | Redirect locations |
%ENTRYPORT% | entry host port number of the current mapping | Redirect locations |
%ENTRYDIR% | entry path of the current mapping trimmed of trailing slashes, empty for root entry path | Mapping with regex entry path |
%ENTRYPATH% | same as %ENTRYDIR% but also trimmed of leading slashes | Mapping with regex entry path |
%BACKENDDIR% | back-end path of the current mapping trimmed of trailing slashes, empty for root back-end path | Mapping with regex entry path |
%BACKENDPATH% | same as %BACKENDDIR% but also trimmed of leading slashes | Mapping with regex entry path |
%ENTRYDIR[<mapping>]% | same as %ENTRYDIR% of mapping with name "<mapping>" * | – |
%ENTRYPATH[<mapping>]% | same as %ENTRYPATH% of mapping with name "<mapping>" * | – |
%BACKENDDIR[<mapping>]% | same as %BACKENDDIR% of mapping with name "<mapping>" * | – |
%BACKENDPATH[<mapping>]% | same as %BACKENDPATH% of mapping with name "<mapping>" * | – |
%BACKENDPROTOCOL% | back-end protocol, http or https | Redirect locations |
%BACKENDHOSTNAME% | back-end host for this request, dynamically set based on current load balancing back-end host, without port | Redirect locations |
%BACKENDPORT% | port number of back-end host - see above | Redirect locations |
%BACKENDHOST% | combined value of back-end host and port; omitting default ports: 80, 443 | Redirect locations |
%VHCOOKIEDOMAIN% | the cookie domain configured in the virtual host | Redirect locations |
%REQUESTID% | current request id | Patterns, Redirect locations |
%SESSIONID% | current session id; "<n/a>" if no session is available | Patterns, Redirect locations |
%SESSIONTIMINGINFO% | In seconds: {remaining session idle timeout}:{remaining session lifetime} | Patterns, Redirect locations |
%AUDITTOKEN% | current audit token | Patterns, Redirect locations |
%REMOTEADDR% | current IP address of client | Patterns, Redirect locations |
%ROLES% | In seconds: {role1 name}:{remaining role1 idle timeout}:{remaining role1 lifetime},{role2 name}:{remaining role2 idle timeout}:{remaining role2 lifetime},... | Patterns, Redirect locations |
%ENTRYADDR% | IP address of current entry host | Patterns, Redirect locations |
* The referenced mapping must not use a regular expression as entry path.
Incoming URL:
https://example.com/webmail/inbox/index.html
Configured value | Variable value | |
Entry protocol is: https | → | %ENTRYPROTOCOL%: https |
Entry host is: example.com | → | %ENTRYHOST%: example.com |
Entry host port is: 443 | → | %ENTRYPORT%: 443 |
Entry path is: /webmail/inbox/ | → | %ENTRYDIR%: /webmail/inbox |
→ | %ENTRYPATH%: webmail/inbox | |
Back-end protocol is: http | → | %BACKENDPROTOCOL%: http |
Back-end host name is: mserv.net.local | → | %BACKENDHOSTNAME%: mserv.net.local |
Back-end host port is: 8080 | → | %BACKENDPORT%: 8080 |
→ | %BACKENDHOST%: mserv.net.local:8080 | |
Back-end path is: /mailapplication/inbox/ | → | %BACKENDDIR%: /mailapplication/inbox |
→ | %BACKENDPATH%: mailapplication/inbox |
Incoming URL | https://example.com/webmail/inbox/index.html |
Rewrite from | %ENTRYPROTOCOL%://%ENTRYHOST%%ENTRYDIR%(/.*)? |
Rewrite to | %BACKENDPROTOCOL%://%BACKENDHOST%%BACKENDDIR%$1 |
Back-end URL results in | http://mserv.net.local:8080/mailapplication/inbox/index.html |
All variables are treated as literal values - characters do not have any special regular expression significance. This means, that the variable value 'www.example.com' just matches www.example.com and not www-example/com nor wwwXexampleYcom.
Technically this is achieved by internally surrounding all variables by an extra \Q .. \E span.