Posted on 2000-02-09
Medium Priority
Last Modified: 2013-12-25
I'm trying to identify visitors to my site .. but would like alittle more info than the standard IP address as it is often incorrect... this is to prevent password theft..
Go to these URLs and check how accurate it is ... then tell me how to do it
I know how to get the environment variables.. but not all the proxy details etc.


Question by:MAVERICK
LVL 51

Expert Comment

ID: 2506736
You got it all.
If you need more detailed information, you need some kind of authentification.
LVL 11

Expert Comment

ID: 2509781
You aren't going to get a lot more than you've actually got. To obtain any more from the HTTP message you are going to have to trap the message in a lower layer.

But even then this assumes that there is more information to obtain. Not all proxies actually pass anything else on that would be useful. There are some that do actually pass the originating IP address but normally this appears in the environment variables. However such proxies are few and far between, which is handy as it is a security risk for them to do that.

As has already been said if you want to tighten your secuirty you will need to utilise authentication of some sort.


Author Comment

ID: 2510912
Guys ... I want the visitor info just like from those URLs nothing more (unless you happen to know how to do a traceroute from a CGI script?? )
This site is one I found that has useful info ... It's not my site
 I want to know how they got it...

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

LVL 11

Accepted Solution

mouatts earned 150 total points
ID: 2510981
This has been determined purely from the environment variables.

HTTP_FORWARDED is indicating the names of the proxy(s) servers involved.

HTTP_CLIENT_IP gives the IP address of the actual machine

REMOTE_HOST gives the IP address of the final proxy server.

If no proxy is onvolved the REMOTE_HOST will be the actual machine and the other to variables won't be present.

But there is a big but here, the first two messages are for the proxy server and nothing else. As a result they are not standardedised. I also have an example where a variable called HTTP-Forwarded-by was set by a proxy server.

So to monitor this yourself you will need to identify if any other variables are issued by other proxys instead of the ones mentioned above (which were a netscape proxy server incidently).


Expert Comment

ID: 2543964
The example that you posted are just productized versions of the env.cgi script which is in the public domain anyway.  They just return all that the server has.  

You would probably be best just asking for someone to send you a copy of that script.  

As to your comment about ip-address not being correct.  I can not agree with that.  If the ip-address in REMOTE_ADDR was not correct then the response would not get there.

Author Comment

ID: 2544021
Jhurst: Thanks for the tip
The IP "not correct" is the one some of the servers return.
My ISP uses a satelite uplink and tend to return the uplink IP rather than the  ISPs. My ISP uses private IPs for dial-ups

My server is down... so I haven't tested out a script for the environment.

Author Comment

ID: 2576339
I found a copy of env.cgi...
thanks ... except for the traceroute part... everything was there I needed....
 its just that when I tested the env.cgi on my local servera while ago .,.. it returned funny results... when executed remotely... no problem...


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question