The only documentation I can find for the REQUEST_URI environment variable is in mod_rewrite’s documentation, which states: ----- REQUEST_URI The path component of the requested URI, such as "/index.html". This notably excludes the query string which is available as its own variable named QUERY_STRING. (https://httpd.apache.org/docs/current/mod/mod_rewrite.html) ----- Yet when I print environment variables from a CGI, this variable clearly includes the query string: ----- --- CONTEXT_DOCUMENT_ROOT: /usr/local/cpanel/3rdparty/mailman/cgi-bin/ CONTEXT_PREFIX: /mailman DOCUMENT_ROOT: /var/www/html GATEWAY_INTERFACE: CGI/1.1 HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_ENCODING: gzip, deflate HTTP_ACCEPT_LANGUAGE: en-CA,en-US;q=0.7,en;q=0.3 HTTP_CONNECTION: keep-alive HTTP_DNT: 1 HTTP_HOST: felipe64 HTTP_UPGRADE_INSECURE_REQUESTS: 1 HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:62.0) Gecko/20100101 Firefox/62.0 PATH: /usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin QUERY_STRING: 12%C3%A93 REMOTE_ADDR: 10.1.4.84 REMOTE_PORT: 57231 REQUEST_METHOD: GET REQUEST_SCHEME: http REQUEST_URI: /mailman/env.pl?12%C3%A93 SCRIPT_FILENAME: /usr/local/cpanel/3rdparty/mailman/cgi-bin/env.pl SCRIPT_NAME: /mailman/env.pl SERVER_ADDR: 10.215.218.116 SERVER_ADMIN: felipe@cpanel.net SERVER_NAME: felipe64 SERVER_PORT: 80 SERVER_PROTOCOL: HTTP/1.1 SERVER_SIGNATURE: '' SERVER_SOFTWARE: Apache TZ: America/Chicago UNIQUE_ID: W4gNJQdsM-OMFF6C6rRjCQAAAAA ----- This isn’t actually operating from behind mod_rewrite, so I’m not really sure why REQUEST_URI is being added to the environment. Regardless, should the documentation be updated? This would seem to be well-established behavior, such that I’d think altering REQUEST_URI’s value would do more harm than just updating the docs.
It looks like REQUEST_URI the internal environment variable (which gets copied to the environment for a CGI or is accessible as 'reqenv' in expressions) is the actual URI, whereas REQUEST_URI is the path component only. e.g. these give different results: # not even in the env w/o CGI Header always set "X-URI" "expr=%{reqenv:REQUEST_URI}" # path only Header always set "X-URI2" "expr=%{REQUEST_URI}" I think it's worth a caveat a few places where directives can read "special" variables and similar "environment variables" (ap_expr, rewritecond, setenvif)
Note that the CGI RFC doesn't define REQUEST_URI. This is what it does define, Script-URI; https://tools.ietf.org/html/rfc3875#section-3.3 This apparently includes path info and query string.
The query string is also included when REQUEST_URI is used in a RewriteRule substitution parameter. The mod_rewrite documentation states that "The server-variables are the same as for the TestString of a RewriteCond directive" and the definitions of those variables under RewriteCond include the assertion that REQUEST_URI does not include QUERY_STRING. This seems unambiguously incorrect. We would like to know whether the documentation or the behavior of REQUEST_URI inside RewriteRule is going to be changed in future versions.