Solved

HTTP_X_FORWARDED_FOR?

Posted on 2004-08-08
7
3,164 Views
Last Modified: 2008-01-09
i have saw some articles and samples on server_variables.

i have tried some samples on my web site, but i failed a few of them, HTTP_VIA & HTTP_X_FORWARDED_FOR. how can i enable these server variables, is there is setting that i should change or add?... i'm using IIS 5.1 On Windows XP Pro SP2
0
Comment
Question by:khairil
7 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11746886
The PHP to check for proxies is something like this:

/* Is the client behind a proxy? */
  if($HTTP_X_FORWARDED_FOR)
  {
   $ip = $HTTP_X_FORWARDED_FOR;
  }
  elseif($HTTP_VIA)
  {
   $ip = $HTTP_VIA;
  }
  elseif($REMOTE_ADDR)
  {
   $ip = $REMOTE_ADDR;
  }
  else
  {
   die();
  }
 
  $host = gethostbyaddr($ip);

/*
In the case that no-one claimed to hold responsibility for this IP address,
it "might" be spoofed. There are probably other authorities to query. If
anyone knows who they might be, please let me know. Bill
*/

if ( $host == $ip ) {
        $host = "possibly spoofed";
}

Cd&
0
 
LVL 2

Expert Comment

by:amg42
ID: 11747586
Why do you want to "enable" these headers? Like COBOLdinosaur describes, they are added by proxy servers to indicate where a request "really" originates.

If that's what you'd like to figure out for requests to your own site, COBOLdinosaur's script may come in handy. In ASP you'd use

   Request.ServerVariables("HTTP_X_FORWARDED_FOR"),
   Request.ServerVariables("HTTP_VIA")

and

   Request.ServerVariables("REMOTE_ADDR")

instead.

0
 
LVL 10

Expert Comment

by:avidya
ID: 11747949
hi kahril,

If you are useing iis and xp, then you can use ASP.

Here's a little page which requests all the http server vars and displays them.
(don't forget to give it the extention *.asp en view it in Internet Explorer.)

==============

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<TABLE>
<TR>
 <TD><B>Server Variable</B></TD>
 <TD><B>Value</B></TD>
</TR>
<%For Each name In Request.ServerVariables %>
<TR>
 <TD> <%= name %> </TD>
 <TD>  <%= Request.ServerVariables(name) %> </TD>
</TR>
<%Next %>
</TABLE>
</BODY>
</HTML>
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11749605
If you are looking for a way to send a request to a server while ensuring these HTTP Headers have been added to the request I would suggest downloading a copy of Wfetch (included in the IIS 6.0 Resource Kit Tools at http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en).

This utility will allow you to craft tailored requests where you can include any headers you want to include.  Very handy for testing servers and applications for behavior when presented with specific parameters.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
ID: 11759793
hi all,

actually i developing our department web site here, and we like to track (make a statistic).

something make me wonder? when i visit somepage (server variables example page) at www.4guysfromrolla.com, the detail showed detail about where my browser and where i'm from.

i have tried same script they used on their site, but the result is not the same as it was on www.4guysfromrolla.com, my web server report fewer items than they are. HTT_X_FORWARDED_FOR and HTTP_VIA is not exist when using my web server.
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 125 total points
ID: 11759808
That is likely because those headers are added when you request is forwarded though a proxy server (or multiple proxies) on the way to the server.  When browsing to the site mentioned you are going through forwarding devices along the way and when you hit your local server you aren't.

I imagine that if I were to browse to your page I would get different results than you get browsing to it from your local network.

Try hitting it from somewhere your request will go through a proxy and I imagine you will see additional headers in the output.

Dave Dietz
0
 
LVL 13

Author Comment

by:khairil
ID: 11760882
thanks a lot :D
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question