Solved

Alternative to apache_request_headers

Posted on 2010-11-30
13
1,542 Views
Last Modified: 2012-05-10
I need to capture the entire browser header and would normally have used apache_request_headers.  However the server where I need to do this is using suPHP and apache_request_headers is not available.  Are there alternatives that will capture the entire header that I could use?
0
Comment
Question by:duz
  • 5
  • 5
  • 3
13 Comments
 
LVL 4

Expert Comment

by:max-hb
ID: 34240130
You can use header_sent() to verify if your script has already sent headers. To find out which headers were sent (or prepared for sending) use headers_list().
0
 
LVL 4

Expert Comment

by:max-hb
ID: 34240139
Typo: It should be headers_sent() NOT header_sent() ;-)
0
 
LVL 24

Author Comment

by:duz
ID: 34240308
I can't use headers_sent() because I need the browser header.  
0
 
LVL 4

Expert Comment

by:max-hb
ID: 34241006
O.K., totally misunderstood your question ;-)
To read header info coming from the browser you should have a look at the global var $_SERVER which contains some information about the client side:
<?php
echo "<pre>";
var_dump($_SERVER);
echo "</pre>";
?>

This will not allow to fetch all headers but maybe its enough for your purpose.
0
 
LVL 24

Author Comment

by:duz
ID: 34242283
Thanks but as I said originally "I need to capture the entire browser header...".
0
 
LVL 9

Expert Comment

by:absx
ID: 34246600
Hi,

Here's a slightly modified example from php.net. It fetches only the HTTP header values from the $_SERVER array and tries to format the key names to match apache_request_handlers() format.


if( !function_exists('apache_request_headers') ) {
function apache_request_headers() {
  $arh = array();
  $rx_http = '/\AHTTP_/';

  foreach($_SERVER as $key => $val) {
    if( preg_match($rx_http, $key) ) {
      $arh_key = preg_replace($rx_http, '', $key);
      $rx_matches = array();

      // do some nasty string manipulations to restore the original letter case
      // this should work in most cases
      $rx_matches = explode('_', $arh_key);
      if( count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
        foreach($rx_matches as $ak_key => $ak_val) 
          $rx_matches[$ak_key] = ucfirst(strtolower($ak_val));
        $arh_key = implode('-', $rx_matches);
      }
      $arh[$arh_key] = $val;
    }
  }
  return( $arh );
}
}

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 9

Expert Comment

by:absx
ID: 34246604
Typofix: meant to say apache_request_headers(), not apache_request_handlers().
0
 
LVL 24

Author Comment

by:duz
ID: 34246779
Thank you absx.

I believe that $_SERVER is not as reliable or consistent across servers as apache_request_headers and will often omit data?

Is this the best that can be done, should I look outside PHP for a solution?
0
 
LVL 9

Expert Comment

by:absx
ID: 34246911
Hi,

I guess there must be differences in, say, X-FORWARDED-FOR headers and such. It'd probably be best to look up the differences per server, though. There's not too many ways of serving PHP pages, since they only provide modules for IIS and Apache and the rest are served by CGI implementations.

Which parts of the information do you really really need? If it's just user agent, I'd trust the $_SERVER data (and probably do further tests in JS, since it can be easily faked.

There's also rumors of a $GLOBALS["HTTP_RAW_POST_DATA"] being available for HTTP POST requests (see http://us.php.net/manual/en/reserved.variables.httprawpostdata.php), but at least on my Apache/FCGI configuration I couldn't get this populated.

0
 
LVL 9

Expert Comment

by:absx
ID: 34246930
Also, you could use Fiddler (http://www.fiddler2.com/fiddler2/version.asp) to test whether all the headers are captured by $_SERVER from different browsers. In my quick test, all the HTTP headers sent by Firefox were indeed displayed by $_SERVER.
0
 
LVL 24

Author Comment

by:duz
ID: 34247064
Thx absx for your helpful comments.

I am not at liberty to say exactly what information I need from the header but I do need all of it exactly as it was sent. I can say that the data will undergo forensic examination, which is why I need the complete header.
0
 
LVL 9

Accepted Solution

by:
absx earned 500 total points
ID: 34247211
Well, that does sound like it'd be best to look at the logging capacities of the HTTP server in question. The server software would be the only thing that knows for sure, unless some transparent proxy/firewall is sat in front of it.
0
 
LVL 24

Author Comment

by:duz
ID: 34275202
I think you are right absx

Thank you for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now