Jump to content

HTTP Header confusion...


NoComment

Recommended Posts

Hi all.

 

This is my first post on this forum, so please bear with me. :)

 

I've got a question concerning the headers sent by the client accessing your page. I have found there are several variables accessible in PHP:

 

$_SERVER['REMOTE_ADDR'] (which should not be determined by any HTTP headers, but by the web server reading the TCP/IP headers, right?)

$_SERVER['HTTP_VIA'] (which will be filled if there is a transparent proxy)

 

the above are pretty clear and cause no problems. But when you continue to search for headers that can possibly be sent by a client (may it be a proxy or not), it's getting very confusing:

 

$_SERVER['HTTP_X_FORWARDED_FOR']

$_SERVER['HTTP_CLIENT_IP']

$_SERVER['HTTP_PROXY_CONNECTION']

$_SERVER['FORWARDED_FOR']

$_SERVER['X_FORWARDED_FOR']

$_SERVER['X_HTTP_FORWARDED_FOR']

$_SERVER['HTTP_FORWARDED']

 

I mean, they all seem to denote the SAME thing. Why use SEVEN different headers for that? Were the guys who wrote the RFCs bored? Why confuse people with so much possible headers, when it could be in ONE SINGLE header?

 

Apparently this is not a PHP problem, since PHP just fills these variables by reading the HTTP header lines (X-Forwarded-for: , X-Forwarded: , ...) sent by the client.

 

I have googled for all of those, but opinions seem to differ on what header line should be taken into account and what header line shouldn't.

 

So,

1) Why are there so many possible headers? Are some of them obsolete?

2) What is the difference between those headers with a 'X' and those which lack the 'X'?

3) What is the difference between "FORWARDED_FOR" and just "FORWARDED"?

 

Any help would be appreciated :)

 

Thank you.

Link to comment
https://forums.phpfreaks.com/topic/57438-http-header-confusion/
Share on other sites

Ok... a little update on my problem...

 

I found just ANOTHER variable that could be used:

 

$_SERVER['X_COMING_FROM'].

 

I also found out that some of these header lines (those with a 'X') are probably not supported by the official RFC, but are still widely used.

 

Anyone got an idea yet (or an answer to my above questions)?

Link to comment
https://forums.phpfreaks.com/topic/57438-http-header-confusion/#findComment-284345
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.