Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

HTTP_X_FORWARDED_FOR?

Posted on 2004-08-08
7
Medium Priority
?
3,200 Views
Last Modified: 2008-01-09
i have saw some articles and samples on server_variables.

i have tried some samples on my web site, but i failed a few of them, HTTP_VIA & HTTP_X_FORWARDED_FOR. how can i enable these server variables, is there is setting that i should change or add?... i'm using IIS 5.1 On Windows XP Pro SP2
0
Comment
Question by:khairil
7 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11746886
The PHP to check for proxies is something like this:

/* Is the client behind a proxy? */
  if($HTTP_X_FORWARDED_FOR)
  {
   $ip = $HTTP_X_FORWARDED_FOR;
  }
  elseif($HTTP_VIA)
  {
   $ip = $HTTP_VIA;
  }
  elseif($REMOTE_ADDR)
  {
   $ip = $REMOTE_ADDR;
  }
  else
  {
   die();
  }
 
  $host = gethostbyaddr($ip);

/*
In the case that no-one claimed to hold responsibility for this IP address,
it "might" be spoofed. There are probably other authorities to query. If
anyone knows who they might be, please let me know. Bill
*/

if ( $host == $ip ) {
        $host = "possibly spoofed";
}

Cd&
0
 
LVL 2

Expert Comment

by:amg42
ID: 11747586
Why do you want to "enable" these headers? Like COBOLdinosaur describes, they are added by proxy servers to indicate where a request "really" originates.

If that's what you'd like to figure out for requests to your own site, COBOLdinosaur's script may come in handy. In ASP you'd use

   Request.ServerVariables("HTTP_X_FORWARDED_FOR"),
   Request.ServerVariables("HTTP_VIA")

and

   Request.ServerVariables("REMOTE_ADDR")

instead.

0
 
LVL 10

Expert Comment

by:avidya
ID: 11747949
hi kahril,

If you are useing iis and xp, then you can use ASP.

Here's a little page which requests all the http server vars and displays them.
(don't forget to give it the extention *.asp en view it in Internet Explorer.)

==============

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<TABLE>
<TR>
 <TD><B>Server Variable</B></TD>
 <TD><B>Value</B></TD>
</TR>
<%For Each name In Request.ServerVariables %>
<TR>
 <TD> <%= name %> </TD>
 <TD>  <%= Request.ServerVariables(name) %> </TD>
</TR>
<%Next %>
</TABLE>
</BODY>
</HTML>
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11749605
If you are looking for a way to send a request to a server while ensuring these HTTP Headers have been added to the request I would suggest downloading a copy of Wfetch (included in the IIS 6.0 Resource Kit Tools at http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en).

This utility will allow you to craft tailored requests where you can include any headers you want to include.  Very handy for testing servers and applications for behavior when presented with specific parameters.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
ID: 11759793
hi all,

actually i developing our department web site here, and we like to track (make a statistic).

something make me wonder? when i visit somepage (server variables example page) at www.4guysfromrolla.com, the detail showed detail about where my browser and where i'm from.

i have tried same script they used on their site, but the result is not the same as it was on www.4guysfromrolla.com, my web server report fewer items than they are. HTT_X_FORWARDED_FOR and HTTP_VIA is not exist when using my web server.
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 11759808
That is likely because those headers are added when you request is forwarded though a proxy server (or multiple proxies) on the way to the server.  When browsing to the site mentioned you are going through forwarding devices along the way and when you hit your local server you aren't.

I imagine that if I were to browse to your page I would get different results than you get browsing to it from your local network.

Try hitting it from somewhere your request will go through a proxy and I imagine you will see additional headers in the output.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
ID: 11760882
thanks a lot :D
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question