Reputation: 552
How to debug request headers?
Apache server running behind proxy server / load balancer. I wan't to access client's IP address with X-Forwarded-For but I can't find it.
I can confirm mod_remoteip loaded and configured.
[root~]# httpd -DDUMP_CONFIG | grep 'Forwarded'
RemoteIPHeader X-Forwarded-For
[root~]# httpd -M | grep remote
remoteip_module (shared)
PHP's $_SERVER global
[USER] => apache
[HOME] => /usr/share/httpd
[FCGI_ROLE] => RESPONDER
[UNIQUE_ID] => XEmuZocZaMSZxKpDrFwvfgAAAAA
[HTTP_HOST] => domain.com
[HTTP_CONNECTION] => keep-alive
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 OPR/57.0.3098.116
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/.*;q=0.8
[HTTP_ACCEPT_ENCODING] => gzip, deflate, br
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.9
[PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => domain.com
[SERVER_ADDR] => 192.168.98.25
[SERVER_PORT] => 80
[REMOTE_ADDR] => 192.168.99.148
[DOCUMENT_ROOT] => /var/www/html
[REQUEST_SCHEME] => http
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => /var/www/html
[SERVER_ADMIN] => root@localhost
[SCRIPT_FILENAME] => /var/www/html/test.php
[REMOTE_PORT] => 11255
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /test.php
[SCRIPT_NAME] => /test.php
[PHP_SELF] => /test.php
[REQUEST_TIME_FLOAT] => 1548332646.3819
[REQUEST_TIME] => 1548332646
My question is, how can I confirm proxy server doesn't forward client's ip address in request header? Should it be in $_SERVER global? If not, how can log all request headers including custom headers?
Upvotes: 0
Views: 1811
Answers (1)
Reputation: 6702
In PHP you can get the request headers as an array by apache_request_headers().
There are rumours circulating, this function would not guarantee to return all headers. I could not verify that yet by finding any missing header, however, I could imagine that malformed lines might not be considered as headers.
Unfortunately there is no way to access the full raw request in PHP. You might want to do so using some CGI script language like Perl instead which provides access to the raw request.
Upvotes: 1
Related Questions
- View response headers from an HTTP get API request using Apache hop
- How to get headers from incoming php request
- Is there a way to remove apaches Reverse Proxy Request Headers?
- How to debug the http response headers from a HTTP call
- PHP curl how to retrieve headers when using Proxy. CURLOPT_HEADERFUNCTION?
- Apache 2.4.25 some headers being stripped in proxied request
- get php virtual() response headers
- Using get_headers with a proxy
- Problem with creating php proxy
- Any Independent Tools to check HTTP Headers