|
|
Posted by Jerry Stuckle on 06/01/07 15:55
Iván Sánchez Ortega wrote:
> e_matthes@hotmail.com wrote:
>
>> I keep reading that $_SERVER['HTTP_REFERER'] can easily be faked. Is
>> that true of all server variables, or just some of them? In
>> particular, I'm wondering if server_port can be faked.
>
> Unless your HTTP server runs in more than one port, that's pretty difficult.
>
>> I'm interested right now because I want to detect whether the current
>> page request is using http or https.
>
> Don't. Set up your web server to serve different pages over HTTP and over
> HTTPS.
>
Why would you ever do that? There's no reason why pages which don't
require security can't still be served over https.
>> I realize there are other ways to ensure the correct delivery of pages
>> over https using directory management and htaccess, but I also want to
>> understand the server variables better.
>
> Server variables are pretty simple: Whenever the web server receives a
> request for a PHP page, it spawns (or dispatches) a thread running the PHP
> interpreter. That thread will receive the complete URL, any posted data,
> and a handful of information. That "handful of information" is the $_SERVER
> variables.
>
Some $_SERVER variables (i.e. HTTP_REFER, HTTP_USER_AGENT) come from the
user. Others (i.e. PATH, SERVER_NAME) are generated by the server.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|