Solved

HTTP_X_FORWARDED_FOR?

Posted on 2004-08-08
7
3,147 Views
Last Modified: 2008-01-09
i have saw some articles and samples on server_variables.

i have tried some samples on my web site, but i failed a few of them, HTTP_VIA & HTTP_X_FORWARDED_FOR. how can i enable these server variables, is there is setting that i should change or add?... i'm using IIS 5.1 On Windows XP Pro SP2
0
Comment
Question by:khairil
7 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
The PHP to check for proxies is something like this:

/* Is the client behind a proxy? */
  if($HTTP_X_FORWARDED_FOR)
  {
   $ip = $HTTP_X_FORWARDED_FOR;
  }
  elseif($HTTP_VIA)
  {
   $ip = $HTTP_VIA;
  }
  elseif($REMOTE_ADDR)
  {
   $ip = $REMOTE_ADDR;
  }
  else
  {
   die();
  }
 
  $host = gethostbyaddr($ip);

/*
In the case that no-one claimed to hold responsibility for this IP address,
it "might" be spoofed. There are probably other authorities to query. If
anyone knows who they might be, please let me know. Bill
*/

if ( $host == $ip ) {
        $host = "possibly spoofed";
}

Cd&
0
 
LVL 2

Expert Comment

by:amg42
Comment Utility
Why do you want to "enable" these headers? Like COBOLdinosaur describes, they are added by proxy servers to indicate where a request "really" originates.

If that's what you'd like to figure out for requests to your own site, COBOLdinosaur's script may come in handy. In ASP you'd use

   Request.ServerVariables("HTTP_X_FORWARDED_FOR"),
   Request.ServerVariables("HTTP_VIA")

and

   Request.ServerVariables("REMOTE_ADDR")

instead.

0
 
LVL 10

Expert Comment

by:avidya
Comment Utility
hi kahril,

If you are useing iis and xp, then you can use ASP.

Here's a little page which requests all the http server vars and displays them.
(don't forget to give it the extention *.asp en view it in Internet Explorer.)

==============

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<TABLE>
<TR>
 <TD><B>Server Variable</B></TD>
 <TD><B>Value</B></TD>
</TR>
<%For Each name In Request.ServerVariables %>
<TR>
 <TD> <%= name %> </TD>
 <TD>  <%= Request.ServerVariables(name) %> </TD>
</TR>
<%Next %>
</TABLE>
</BODY>
</HTML>
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 34

Expert Comment

by:Dave_Dietz
Comment Utility
If you are looking for a way to send a request to a server while ensuring these HTTP Headers have been added to the request I would suggest downloading a copy of Wfetch (included in the IIS 6.0 Resource Kit Tools at http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en).

This utility will allow you to craft tailored requests where you can include any headers you want to include.  Very handy for testing servers and applications for behavior when presented with specific parameters.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
Comment Utility
hi all,

actually i developing our department web site here, and we like to track (make a statistic).

something make me wonder? when i visit somepage (server variables example page) at www.4guysfromrolla.com, the detail showed detail about where my browser and where i'm from.

i have tried same script they used on their site, but the result is not the same as it was on www.4guysfromrolla.com, my web server report fewer items than they are. HTT_X_FORWARDED_FOR and HTTP_VIA is not exist when using my web server.
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 125 total points
Comment Utility
That is likely because those headers are added when you request is forwarded though a proxy server (or multiple proxies) on the way to the server.  When browsing to the site mentioned you are going through forwarding devices along the way and when you hit your local server you aren't.

I imagine that if I were to browse to your page I would get different results than you get browsing to it from your local network.

Try hitting it from somewhere your request will go through a proxy and I imagine you will see additional headers in the output.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
Comment Utility
thanks a lot :D
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now