re: IDENTIFYING VISITORS

I'm trying to identify visitors to my site .. but would like alittle more info than the standard IP address as it is often incorrect... this is to prevent password theft..
Go to these URLs and check how accurate it is ... then tell me how to do it
I know how to get the environment variables.. but not all the proxy details etc.

http://www.tamos.com/bin/envir.cgi 
http://www.tamos.com/bin/proxy.cgi 

Thanks
LVL 1
MAVERICKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
You got it all.
If you need more detailed information, you need some kind of authentification.
0
mouattsCommented:
You aren't going to get a lot more than you've actually got. To obtain any more from the HTTP message you are going to have to trap the message in a lower layer.

But even then this assumes that there is more information to obtain. Not all proxies actually pass anything else on that would be useful. There are some that do actually pass the originating IP address but normally this appears in the environment variables. However such proxies are few and far between, which is handy as it is a security risk for them to do that.

As has already been said if you want to tighten your secuirty you will need to utilise authentication of some sort.

HTH
Steve
0
MAVERICKAuthor Commented:
Guys ... I want the visitor info just like from those URLs nothing more (unless you happen to know how to do a traceroute from a CGI script?? )
This site is one I found that has useful info ... It's not my site
 I want to know how they got it...

Thanks
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

mouattsCommented:
This has been determined purely from the environment variables.

HTTP_FORWARDED is indicating the names of the proxy(s) servers involved.

HTTP_CLIENT_IP gives the IP address of the actual machine

REMOTE_HOST gives the IP address of the final proxy server.

If no proxy is onvolved the REMOTE_HOST will be the actual machine and the other to variables won't be present.

But there is a big but here, the first two messages are for the proxy server and nothing else. As a result they are not standardedised. I also have an example where a variable called HTTP-Forwarded-by was set by a proxy server.

So to monitor this yourself you will need to identify if any other variables are issued by other proxys instead of the ones mentioned above (which were a netscape proxy server incidently).

HTH
Steve
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jhurstCommented:
The example that you posted are just productized versions of the env.cgi script which is in the public domain anyway.  They just return all that the server has.  

You would probably be best just asking for someone to send you a copy of that script.  

As to your comment about ip-address not being correct.  I can not agree with that.  If the ip-address in REMOTE_ADDR was not correct then the response would not get there.
0
MAVERICKAuthor Commented:
Jhurst: Thanks for the tip
The IP "not correct" is the one some of the servers return.
My ISP uses a satelite uplink and tend to return the uplink IP rather than the  ISPs. My ISP uses private IPs for dial-ups

My server is down... so I haven't tested out a script for the environment.
0
MAVERICKAuthor Commented:
I found a copy of env.cgi...
thanks ... except for the traceroute part... everything was there I needed....
 its just that when I tested the env.cgi on my local servera while ago .,.. it returned funny results... when executed remotely... no problem...

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.