Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

HTTP_X_FORWARDED_FOR?

Posted on 2004-08-08
7
Medium Priority
?
3,198 Views
Last Modified: 2008-01-09
i have saw some articles and samples on server_variables.

i have tried some samples on my web site, but i failed a few of them, HTTP_VIA & HTTP_X_FORWARDED_FOR. how can i enable these server variables, is there is setting that i should change or add?... i'm using IIS 5.1 On Windows XP Pro SP2
0
Comment
Question by:khairil
7 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11746886
The PHP to check for proxies is something like this:

/* Is the client behind a proxy? */
  if($HTTP_X_FORWARDED_FOR)
  {
   $ip = $HTTP_X_FORWARDED_FOR;
  }
  elseif($HTTP_VIA)
  {
   $ip = $HTTP_VIA;
  }
  elseif($REMOTE_ADDR)
  {
   $ip = $REMOTE_ADDR;
  }
  else
  {
   die();
  }
 
  $host = gethostbyaddr($ip);

/*
In the case that no-one claimed to hold responsibility for this IP address,
it "might" be spoofed. There are probably other authorities to query. If
anyone knows who they might be, please let me know. Bill
*/

if ( $host == $ip ) {
        $host = "possibly spoofed";
}

Cd&
0
 
LVL 2

Expert Comment

by:amg42
ID: 11747586
Why do you want to "enable" these headers? Like COBOLdinosaur describes, they are added by proxy servers to indicate where a request "really" originates.

If that's what you'd like to figure out for requests to your own site, COBOLdinosaur's script may come in handy. In ASP you'd use

   Request.ServerVariables("HTTP_X_FORWARDED_FOR"),
   Request.ServerVariables("HTTP_VIA")

and

   Request.ServerVariables("REMOTE_ADDR")

instead.

0
 
LVL 10

Expert Comment

by:avidya
ID: 11747949
hi kahril,

If you are useing iis and xp, then you can use ASP.

Here's a little page which requests all the http server vars and displays them.
(don't forget to give it the extention *.asp en view it in Internet Explorer.)

==============

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<TABLE>
<TR>
 <TD><B>Server Variable</B></TD>
 <TD><B>Value</B></TD>
</TR>
<%For Each name In Request.ServerVariables %>
<TR>
 <TD> <%= name %> </TD>
 <TD>  <%= Request.ServerVariables(name) %> </TD>
</TR>
<%Next %>
</TABLE>
</BODY>
</HTML>
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11749605
If you are looking for a way to send a request to a server while ensuring these HTTP Headers have been added to the request I would suggest downloading a copy of Wfetch (included in the IIS 6.0 Resource Kit Tools at http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en).

This utility will allow you to craft tailored requests where you can include any headers you want to include.  Very handy for testing servers and applications for behavior when presented with specific parameters.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
ID: 11759793
hi all,

actually i developing our department web site here, and we like to track (make a statistic).

something make me wonder? when i visit somepage (server variables example page) at www.4guysfromrolla.com, the detail showed detail about where my browser and where i'm from.

i have tried same script they used on their site, but the result is not the same as it was on www.4guysfromrolla.com, my web server report fewer items than they are. HTT_X_FORWARDED_FOR and HTTP_VIA is not exist when using my web server.
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 11759808
That is likely because those headers are added when you request is forwarded though a proxy server (or multiple proxies) on the way to the server.  When browsing to the site mentioned you are going through forwarding devices along the way and when you hit your local server you aren't.

I imagine that if I were to browse to your page I would get different results than you get browsing to it from your local network.

Try hitting it from somewhere your request will go through a proxy and I imagine you will see additional headers in the output.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
ID: 11760882
thanks a lot :D
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The viewer will learn how to count occurrences of each item in an array.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question