Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1635
  • Last Modified:

Alternative to apache_request_headers

I need to capture the entire browser header and would normally have used apache_request_headers.  However the server where I need to do this is using suPHP and apache_request_headers is not available.  Are there alternatives that will capture the entire header that I could use?
0
duz
Asked:
duz
  • 5
  • 5
  • 3
1 Solution
 
max-hbCommented:
You can use header_sent() to verify if your script has already sent headers. To find out which headers were sent (or prepared for sending) use headers_list().
0
 
max-hbCommented:
Typo: It should be headers_sent() NOT header_sent() ;-)
0
 
duzAuthor Commented:
I can't use headers_sent() because I need the browser header.  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
max-hbCommented:
O.K., totally misunderstood your question ;-)
To read header info coming from the browser you should have a look at the global var $_SERVER which contains some information about the client side:
<?php
echo "<pre>";
var_dump($_SERVER);
echo "</pre>";
?>

This will not allow to fetch all headers but maybe its enough for your purpose.
0
 
duzAuthor Commented:
Thanks but as I said originally "I need to capture the entire browser header...".
0
 
absxCommented:
Hi,

Here's a slightly modified example from php.net. It fetches only the HTTP header values from the $_SERVER array and tries to format the key names to match apache_request_handlers() format.


if( !function_exists('apache_request_headers') ) {
function apache_request_headers() {
  $arh = array();
  $rx_http = '/\AHTTP_/';

  foreach($_SERVER as $key => $val) {
    if( preg_match($rx_http, $key) ) {
      $arh_key = preg_replace($rx_http, '', $key);
      $rx_matches = array();

      // do some nasty string manipulations to restore the original letter case
      // this should work in most cases
      $rx_matches = explode('_', $arh_key);
      if( count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
        foreach($rx_matches as $ak_key => $ak_val) 
          $rx_matches[$ak_key] = ucfirst(strtolower($ak_val));
        $arh_key = implode('-', $rx_matches);
      }
      $arh[$arh_key] = $val;
    }
  }
  return( $arh );
}
}

Open in new window

0
 
absxCommented:
Typofix: meant to say apache_request_headers(), not apache_request_handlers().
0
 
duzAuthor Commented:
Thank you absx.

I believe that $_SERVER is not as reliable or consistent across servers as apache_request_headers and will often omit data?

Is this the best that can be done, should I look outside PHP for a solution?
0
 
absxCommented:
Hi,

I guess there must be differences in, say, X-FORWARDED-FOR headers and such. It'd probably be best to look up the differences per server, though. There's not too many ways of serving PHP pages, since they only provide modules for IIS and Apache and the rest are served by CGI implementations.

Which parts of the information do you really really need? If it's just user agent, I'd trust the $_SERVER data (and probably do further tests in JS, since it can be easily faked.

There's also rumors of a $GLOBALS["HTTP_RAW_POST_DATA"] being available for HTTP POST requests (see http://us.php.net/manual/en/reserved.variables.httprawpostdata.php), but at least on my Apache/FCGI configuration I couldn't get this populated.

0
 
absxCommented:
Also, you could use Fiddler (http://www.fiddler2.com/fiddler2/version.asp) to test whether all the headers are captured by $_SERVER from different browsers. In my quick test, all the HTTP headers sent by Firefox were indeed displayed by $_SERVER.
0
 
duzAuthor Commented:
Thx absx for your helpful comments.

I am not at liberty to say exactly what information I need from the header but I do need all of it exactly as it was sent. I can say that the data will undergo forensic examination, which is why I need the complete header.
0
 
absxCommented:
Well, that does sound like it'd be best to look at the logging capacities of the HTTP server in question. The server software would be the only thing that knows for sure, unless some transparent proxy/firewall is sat in front of it.
0
 
duzAuthor Commented:
I think you are right absx

Thank you for your help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now