Solved

Alternative to apache_request_headers

Posted on 2010-11-30
13
1,539 Views
Last Modified: 2012-05-10
I need to capture the entire browser header and would normally have used apache_request_headers.  However the server where I need to do this is using suPHP and apache_request_headers is not available.  Are there alternatives that will capture the entire header that I could use?
0
Comment
Question by:duz
  • 5
  • 5
  • 3
13 Comments
 
LVL 4

Expert Comment

by:max-hb
ID: 34240130
You can use header_sent() to verify if your script has already sent headers. To find out which headers were sent (or prepared for sending) use headers_list().
0
 
LVL 4

Expert Comment

by:max-hb
ID: 34240139
Typo: It should be headers_sent() NOT header_sent() ;-)
0
 
LVL 24

Author Comment

by:duz
ID: 34240308
I can't use headers_sent() because I need the browser header.  
0
 
LVL 4

Expert Comment

by:max-hb
ID: 34241006
O.K., totally misunderstood your question ;-)
To read header info coming from the browser you should have a look at the global var $_SERVER which contains some information about the client side:
<?php
echo "<pre>";
var_dump($_SERVER);
echo "</pre>";
?>

This will not allow to fetch all headers but maybe its enough for your purpose.
0
 
LVL 24

Author Comment

by:duz
ID: 34242283
Thanks but as I said originally "I need to capture the entire browser header...".
0
 
LVL 9

Expert Comment

by:absx
ID: 34246600
Hi,

Here's a slightly modified example from php.net. It fetches only the HTTP header values from the $_SERVER array and tries to format the key names to match apache_request_handlers() format.


if( !function_exists('apache_request_headers') ) {
function apache_request_headers() {
  $arh = array();
  $rx_http = '/\AHTTP_/';

  foreach($_SERVER as $key => $val) {
    if( preg_match($rx_http, $key) ) {
      $arh_key = preg_replace($rx_http, '', $key);
      $rx_matches = array();

      // do some nasty string manipulations to restore the original letter case
      // this should work in most cases
      $rx_matches = explode('_', $arh_key);
      if( count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
        foreach($rx_matches as $ak_key => $ak_val) 
          $rx_matches[$ak_key] = ucfirst(strtolower($ak_val));
        $arh_key = implode('-', $rx_matches);
      }
      $arh[$arh_key] = $val;
    }
  }
  return( $arh );
}
}

Open in new window

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 9

Expert Comment

by:absx
ID: 34246604
Typofix: meant to say apache_request_headers(), not apache_request_handlers().
0
 
LVL 24

Author Comment

by:duz
ID: 34246779
Thank you absx.

I believe that $_SERVER is not as reliable or consistent across servers as apache_request_headers and will often omit data?

Is this the best that can be done, should I look outside PHP for a solution?
0
 
LVL 9

Expert Comment

by:absx
ID: 34246911
Hi,

I guess there must be differences in, say, X-FORWARDED-FOR headers and such. It'd probably be best to look up the differences per server, though. There's not too many ways of serving PHP pages, since they only provide modules for IIS and Apache and the rest are served by CGI implementations.

Which parts of the information do you really really need? If it's just user agent, I'd trust the $_SERVER data (and probably do further tests in JS, since it can be easily faked.

There's also rumors of a $GLOBALS["HTTP_RAW_POST_DATA"] being available for HTTP POST requests (see http://us.php.net/manual/en/reserved.variables.httprawpostdata.php), but at least on my Apache/FCGI configuration I couldn't get this populated.

0
 
LVL 9

Expert Comment

by:absx
ID: 34246930
Also, you could use Fiddler (http://www.fiddler2.com/fiddler2/version.asp) to test whether all the headers are captured by $_SERVER from different browsers. In my quick test, all the HTTP headers sent by Firefox were indeed displayed by $_SERVER.
0
 
LVL 24

Author Comment

by:duz
ID: 34247064
Thx absx for your helpful comments.

I am not at liberty to say exactly what information I need from the header but I do need all of it exactly as it was sent. I can say that the data will undergo forensic examination, which is why I need the complete header.
0
 
LVL 9

Accepted Solution

by:
absx earned 500 total points
ID: 34247211
Well, that does sound like it'd be best to look at the logging capacities of the HTTP server in question. The server software would be the only thing that knows for sure, unless some transparent proxy/firewall is sat in front of it.
0
 
LVL 24

Author Comment

by:duz
ID: 34275202
I think you are right absx

Thank you for your help.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

This article discusses four methods for overlaying images in a container on a web page
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now