HTTP_X_FORWARDED_FOR?

i have saw some articles and samples on server_variables.

i have tried some samples on my web site, but i failed a few of them, HTTP_VIA & HTTP_X_FORWARDED_FOR. how can i enable these server variables, is there is setting that i should change or add?... i'm using IIS 5.1 On Windows XP Pro SP2
LVL 13
khairilAsked:
Who is Participating?
 
Dave_DietzConnect With a Mentor Commented:
That is likely because those headers are added when you request is forwarded though a proxy server (or multiple proxies) on the way to the server.  When browsing to the site mentioned you are going through forwarding devices along the way and when you hit your local server you aren't.

I imagine that if I were to browse to your page I would get different results than you get browsing to it from your local network.

Try hitting it from somewhere your request will go through a proxy and I imagine you will see additional headers in the output.

Dave Dietz
0
 
COBOLdinosaurCommented:
The PHP to check for proxies is something like this:

/* Is the client behind a proxy? */
  if($HTTP_X_FORWARDED_FOR)
  {
   $ip = $HTTP_X_FORWARDED_FOR;
  }
  elseif($HTTP_VIA)
  {
   $ip = $HTTP_VIA;
  }
  elseif($REMOTE_ADDR)
  {
   $ip = $REMOTE_ADDR;
  }
  else
  {
   die();
  }
 
  $host = gethostbyaddr($ip);

/*
In the case that no-one claimed to hold responsibility for this IP address,
it "might" be spoofed. There are probably other authorities to query. If
anyone knows who they might be, please let me know. Bill
*/

if ( $host == $ip ) {
        $host = "possibly spoofed";
}

Cd&
0
 
amg42Commented:
Why do you want to "enable" these headers? Like COBOLdinosaur describes, they are added by proxy servers to indicate where a request "really" originates.

If that's what you'd like to figure out for requests to your own site, COBOLdinosaur's script may come in handy. In ASP you'd use

   Request.ServerVariables("HTTP_X_FORWARDED_FOR"),
   Request.ServerVariables("HTTP_VIA")

and

   Request.ServerVariables("REMOTE_ADDR")

instead.

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
avidyaCommented:
hi kahril,

If you are useing iis and xp, then you can use ASP.

Here's a little page which requests all the http server vars and displays them.
(don't forget to give it the extention *.asp en view it in Internet Explorer.)

==============

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<TABLE>
<TR>
 <TD><B>Server Variable</B></TD>
 <TD><B>Value</B></TD>
</TR>
<%For Each name In Request.ServerVariables %>
<TR>
 <TD> <%= name %> </TD>
 <TD>  <%= Request.ServerVariables(name) %> </TD>
</TR>
<%Next %>
</TABLE>
</BODY>
</HTML>
0
 
Dave_DietzCommented:
If you are looking for a way to send a request to a server while ensuring these HTTP Headers have been added to the request I would suggest downloading a copy of Wfetch (included in the IIS 6.0 Resource Kit Tools at http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en).

This utility will allow you to craft tailored requests where you can include any headers you want to include.  Very handy for testing servers and applications for behavior when presented with specific parameters.

Dave Dietz
0
 
khairilAuthor Commented:
hi all,

actually i developing our department web site here, and we like to track (make a statistic).

something make me wonder? when i visit somepage (server variables example page) at www.4guysfromrolla.com, the detail showed detail about where my browser and where i'm from.

i have tried same script they used on their site, but the result is not the same as it was on www.4guysfromrolla.com, my web server report fewer items than they are. HTT_X_FORWARDED_FOR and HTTP_VIA is not exist when using my web server.
0
 
khairilAuthor Commented:
thanks a lot :D
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.