Sideway
output.to from Sideway
Draft for Information Only

Content

Request Object
 Request.ServerVariables Collection
   Syntax:
   Parameters:
   Remarks:
  Examples:

Request Object

Another function of Request object is the retrieving of HTTP server variables, and client variables from the client.

Request.ServerVariables Collection

Request.ServerVariables Collection retrieves the values of predetermined environment variable.

Syntax:

Request.ServerVariables( server environment variable )

 Or in an ASP file. Imply

<% Request.ServerVariables( server environment variable ) %>

Parameters:

server environment variable

The parameter "server environment variable" is the name of the server environment variable to be retrieved. The data type of "server environment variable" is string and is enclosed by quotation marks (" "). The possible values of server environment variable are

Variable Name Description
ALL_HTTP All HTTP headers sent by client.
ALL_RAW All raw data of headers sent by client
APP_POOL_ID The name of the application pool of the IIS worker process that handling the request. (Not available in IIS 5.1 and earlier). There is also an APP_POOL_ID environment variable.
APPL_MD_PATH The metabase path of the application
APPL_PHYSICAL_PATH The physical path of the path specified in APPL_MD_PATH
AUTH_PASSWORD The value in the authentication dialog entered by the client. Variable only available when Basic authentication is used.
AUTH_TYPE The authentication method that the server uses to validate users when attempting to access a protected scipt.
The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme. Therefore AUTH_TYPE contains a value and the authentication scheme is not Basic or integrated Windows authentication does not mean that the user was authenticated.
AUTH_USER The user name derived from the authorization header sent by the client, before the user name is mapped to a Windows account. The variable is same as REMOTE_USER.
If an authentication filter is installed on the web server for mapping incoming users to accounts, the mapped user name can be retrieved by LOGON_USER
CACHE_URL For use in ISAPI applications only. (Not available in IIS 5.1 and earlier). The unambiguous name for the current URL. It is necessary to use the Unicode version of this variable in conjuntion with teh kernel mode cache invalidation function to evict entries placed in the cache by HSE_REQ_VECTOR_SEND.
The server variable "UNICODE_CACHE_URL" is used in conjunction with teh cache invalidation function retrieved by the HSE_REQ_GET_CACHE_INVALIDATION_CALLBACK function which invalidates responses cached in HTTP.SYS, whether those responses are produced by requests or by ISAPIs calling HSE_REQ_VECTOR_SEND
CERT_COOKIE Unique ID of data type string for the client certificate. This ID can be used as a signature for the whole client certificate.
CERT_FLAGS Certificate flags.
bit0 is set to 1 if the client certificate is present.
bit1 is set to 1 if the certifcation authority of the client certificate is invalid. (or it is not in the list of recognized certification authorities on the server)
For an invalid certificate with bit1 is set to 1:
IIS 4.0 and later will reject the certificate while earlier IIS versions will not reject the certificate.
CERT_ISSUER The issuer field of the client certificate (O=MS, OU=IAS, CN=user name, C=USA)
CERT_KEYSIZE The number of bits in the Secure Sockets Layer (SSL) connection key size. For example, 128.
CERT_SECRETKEYSIZE The number of bits in server certificate private key. For example, 1024
CERT_SERIALNUMBER The serial number field of the client certificate.
CERT_SERVER_ISSUER The issuer field of the server certificate.
CERT_SERVER_SUBJECT The subject field of the server certificate.
CERT_SUBJECT The subject field of the client certificate.
CONTENT_LENGTH The length of the content as given by the client.
CONTENT_TYPE The data type of the content. Used with queries that have attached information for further processing , such as the HTTP queries GET, POST, and PUT.
GATEWAY_INTERFACE The revision of the CGI specification used by the server with format CGI/revision.
HEADER_<HeaderName> The value stored in the header <HeaderName>. This is used to retrieve custom headers other than those header listed in the table. Those header not listed in the table must be preceded by "HEADER_" in order to be retrieved by the ServerVariables collection. (Not available in IIS 5.1 and earlier).
Unlike HTTP_<HeaderName> all characters in HEADER_<HeaderName> are interpreted as-is. For example  request header name MY_HEADER is specified by HEADER_MY_HEADER
HTTP_<HeaderName> The value stored in the header <HeaderName>. This is used to retrieve custom headers other than those header listed in the table. Those header not listed in the table must be preceded by "HTTP_" in order to be retrieved by the ServerVariables collection.
Unlike HEADER_<HeaderName> The character underscore in <HeaderName> are interpreted as dash "-" in the actual header name by the server. For example  request header name MY-HEADER is specified by HTTP_MY_HEADER
HTTP_ACCEPT The list of the accepted format in the Accept header. For example, "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel". Values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,).
HTTP_ACCEPT_ENCODING The list of the accepted encoding types in accept-encoding. For example, "gzip, deflate"
HTTP_ACCEPT_LANGUAGE A string describing the language to use for displaying content in accept-language header.
HTTP_CONNECTION A string describing the connection type in connection header. For example, "Keep-Alive"
HTTP_COOKIE The cookie string in cookie header
HTTP_HOST The name of the web server. This may or may not be the same as SERVER_NAME depending on type of name resolution using on the Web server (IP address, host header).
HTTP_METHOD The method name used to make the request. (Same as REQUEST_METHOD)
HTTP_REFERER The string containing the URL of the page that referred the request to the current page using an HTML <A> tag. URL is the one that typing in the browser address bar, which may not include the name of a default document.
If the page is redirected, HTTP_REFERER is empty.
HTTP_REFERER is not a mandatory member of the HTTP specification.
HTTP_URL The string containing the raw, encoded URL, for example, "/dir/default.asp?querystring"
HTTP_USER_AGENT The string describing the browser that sent the request
HTTP_VERSION The name and version of the request protocol. The raw form of SERVER_PROTOCOL
HTTPS The flag to indicate the request channel. Return ON if the request come in through a secure channel (for example, SSL). Or return OFF if the request come in through an insecure channel. 
HTTPS_KEYSIZE The number of bits in the SSL connection key size. For example, 128
HTTPS_SECRETKEYSIZE The number of bits in the server certificate private key. For example, 1024
HTTPS_SERVER_ISSUER The issuer field of the server certificate.
HTTPS_SERVER_SUBJECT The subject field of the server certificate
INSTANCE_ID The ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. This variable can be used to retrieve the ID of the Web SERVER instance (in the metabase) to which the request belongs.
INSTANCE_META_PATH The metabase path for the instance of IIS that responds to the request.
LOCAL_ADDR The server address on which the request came in. This is important on computers where there can be multiple IP addresses bound to the computer for identifying by which address the request used.
LOGON_USER The Windows account that the user is impersonating while connected to the web server. While REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER can be used to retrieve the raw user name that is contained in the request header. The LOGON_USER holds a different value than these other variables only if an authentication filter is installed.
PATH_INFO Path information specified by the client. for example, "/dir/myisapi.dll/zip". If this information comes from a URL, it is decoded by the server before it is passed to the CGI script or ISAPI filter.
If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI application, such as ASP will break.
PATH_TRANSLATED The physical path that maps to the virtual path in PATH_INFO, for example, " c:\inetpub\wwwrot\dir\myisapi.dll". This variable is used by IIS during the processing of ISAPI applications.
If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain "/zip" and ISAPI application, such as ASP will break.
QUERY_STRING The query information stored in the string following the question mark (?) in the HTTP request.
REMOTE_ADDR The IP address of the remote host that is making the request.
REMOTE_HOST The name of the host that is making the request. If the server does not have this information, the server will set REMOTE_ADDR and leave the REMOTE_HOST empty.
REMOTE_PORT The client port number of the TCP connection.
REMOTE_USER The user name derived from the authorization header sent by the client, before the user name is mapped to a Windows account. The variable is same as AUTH_USER.
If an authentication filter is installed on the web server for mapping incoming users to accounts, the mapped user name can be retrieved by LOGON_USER
REQUEST_METHOD The method used to make th request. For HTTP, this can be GET, HEAD, POST, and so on.
SCRIPT_NAME A virtual path to the script being executed, for example, "/dir/default.asp". This is used for self-referencing URLs.
SCRIPT_TRANSLATED The canonical physical path to the script listed in SCRIPT_NAME, for example, "\\?\c:\inetpub\wwwroot\dir\default.asp.". (Not available in IIS 5.1 and earlier)
SERVER_NAME The server's host name, DNS alias, or IP address as it would appear in self-referencing URLs.
SERVER_PORT The server port number to which the request was sent.
SERVER_PORT_SECURE A string that contains either 0 or 1 to indicate whether the connection is handled by a secure port. If the request being handled on the secure poth, the string is 1. Otherwise the string is 0.
SERVER_PROTOCOL The name and revision of the request information protocol. The format is protocol/revision. (The canonicalized form of HTTP_VERSION.)
SERVER_SOFTWARE The name and version of the server software that answers the request and runs the gateway. The format is name/version.
SSI_EXEC_DISABLED Returns a 1 if the server-side include directive, #exec, is disabled. Otherwise, SSI_EXEC_DISABLED returns a 0. To enable or disable, #exec, use the SSIExecDisable metabase property. (Not available in IIS 5.1 and earlier)
UNENCODED_URL The string contains the raw, unencoded URL, for example, "/dir/default.asp?querystring" (Not available in IIS 4.0 and earlier)
UNICODE_<ServerVariableName> In unicode ISAPI applications only, it is possible to retrieve server variable values as unicode values by prepending "UNICODE_" to the name of the server variable, unless the variable starts with "HTTP_" or "HEADER_". (Not available in IIS 5.1 and earlier)
UNMAPPED_REMOTE_USER The user name derived from the authorization header sent by the client, before the user name is mapped to a Windos account (same as REMOTE_USER).  If an authentication filter is installed on the web server for mapping incoming users to accounts, the mapped user name can be retrieved by LOGON_USER
URL Gives the base portion of the URL, without any querystring or extra path information, for example, "/dir/default.asp".
For the raw URL, use HTTP_URL or UNENCODED_URL.
URL_PATH_INFO Use PATH_INFO instead. (Only available in IIS 5.0)

Remarks:

Server variables collection are only strings contained in an request headers. The values of Server variables collection can also be generated by any user. Therefore Server variables data in the HTTP header is not a secure way to identify a user. And header data or user input should be encoded or be validated before using..

There are two ways to retrieve the values of headers that are not specified in the list of server variables. They are the using of "HEADER_<HeaderName>" and "HTTP_<HeaderName>" as the variable name by preceding the new header with "HEADER_" or "HTTP_". They are only different in the interpretation of the header name as described in the variable name table.

Unlike QueryString Collection, Form collection and Cookies collection, the server variables collection can only be used to retrieve available information from the client the header and the web server because IIS cannot create client headers.

Since the multiple values of cookie dictionary or cookies collection is in the form of an collection, the values of the keys of a cookie dictionary or the values of the cookie elements of a cookies collection should be retrieved using a for each element loop in order to get the name of the element.

Examples:

  • Retrieve of all HTTP headers sent by client in a string

    ASP script command:

    <%
    Response.Write Request.ServerVariables("ALL_HTTP") & "<br />"
    %>

  • Retrieve of all raw data of headers sent by client in a string

    ASP script command:

    <%
    Response.Write Request.ServerVariables("ALL_RAW") & "<br />"
    %>

  • Retrieve value of custom headers with name "HeaderName" sent by client

    ASP script command:

    <%
    Response.Write Request.ServerVariables("HEADER_HeaderName") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write Request.ServerVariables("HTTP_HeaderName") & "<br />"
    %>

  • Retrieve client header by name of ServerVariables in ServerVariables Collection

    ASP script command:

    <%
    Response.Write "CONTENT-LENGTH: " & _
    Request.ServerVariables("CONTENT_LENGTH") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "CONTENT-TYPE: " & _
    Request.ServerVariables("CONTENT_TYPE") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "ACCEPT: " & _
    Request.ServerVariables("HTTP_ACCEPT") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "ACCEPT-ENCODING: " & _
    Request.ServerVariables("HTTP_ACCEPT_ENCODING") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "ACCEPT-LANGUAGE: " & _
    Request.ServerVariables("HTTP_ACCEPT_LANGUAGE") & "<br />"
    %>

    ASP script command:

    <%
    %Response.Write "CONNECTION: " & _
    Request.ServerVariables("HTTP_CONNECTION") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "COOKIE: " & _
    Request.ServerVariables("HTTP_COOKIE") & "<br />"
    %>

    ASP script command:mmand:

    <%
    Response.Write "METHOD: " & _
    Request.ServerVariables("HTTP_METHOD") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "REFERER: " & _
    Request.ServerVariables("HTTP_REFERER") & "<br />"
    %>

    ASP script command:

    <%
    Response.Write "USER_AGENT: " & _
    Request.ServerVariables("HTTP_USER_AGENT") & "<br />"
    %>

  • Path or URL information in ServerVariables Collection

    ASP script command:

    <%
    ' e.g.;  127.0.0.1
    Response.Write "HOST: " & _
    Request.ServerVariables("HTTP_HOST") & "<br />"
    %>

    ASP script command:

    <%
    ' e.g.;  /dir/default.asp?querystring=value
    Response.Write "HTTP_URL: " & _
    Request.ServerVariables("HTTP_URL") & "<br />"
    %>

    ASP script command:

    <%
    ' e.g.;  /dir/default.asp?querystring=value
    Response.Write "UNENCODED_URL: " & _
    Request.ServerVariables("UNENCODED_URL") & "<br />"
    %>

    ASP script command:

    <%
    ' e.g.;  /dir/default.asp
    Response.Write "URL: " & _
    Request.ServerVariables("URL") & "<br />"
    %>

    ASP script command:

    <%
    ' e.g.;  /dir/default.asp
    Response.Write "PATH_INFO: " & _
    Request.ServerVariables("PATH_INFO") & "<br />"
    %>

    ASP script command:

    <%
    ' e.g.;  c:\webroot\dir\default.asp
    Response.Write "PATH_TRANSLATED: " & _
    Request.ServerVariables("PATH_TRANSLATED") & "<br />"
    %>

    ASP script command:

    <%
    ' e.g.;  querystring=value
    Response.Write "QUERY_STRING: " & _
    Request.ServerVariables("QUERY_STRING") & "<br />"
    %>

  • Loop for all ServerVariables in ServerVariables Collection by item

    ASP script command:

    <%
    For Each item in Request.ServerVariables
    Response.Write item & ": "& Request.ServerVariables(item) & "<br />"
    Next
    %>


©sideway

ID: 120200020 Last Updated: 8/2/2012 Revision: 0 Ref:

close

References

  1. Active Server Pages,  
  2. ASP Overview,  
  3. ASP Best Practices,  
  4. ASP Built-in Objects,  
  5. Response Object,  
  6. Request Object,  
  7. Server Object (IIS),  
  8. Application Object (IIS),  
  9. Session Object (IIS),  
  10. ASPError Object,  
  11. ObjectContext Object (IIS),  
  12. Debugging Global.asa Files,  
  13. How to: Debug Global.asa files,  
  14. Calling COM Components from ASP Pages,  
  15. IIS ASP Scripting Reference,  
  16. ASP Keywords,  
  17. Creating Simple ASP Pages,  
  18. Including Files in ASP Applications,  
  19. ASP Overview,  
  20. FileSystemObject Object,  
  21. http://msdn.microsoft.com/en-us/library/windows/desktop/ms675944(v=vs.85).aspx,  
  22. ADO Fundamentals,  
close

Latest Updated LinksValid XHTML 1.0 Transitional Valid CSS!Nu Html Checker Firefox53 Chromena IExplorerna
IMAGE

Home 5

Business

Management

HBR 3

Information

Recreation

Hobbies 7

Culture

Chinese 1097

English 337

Reference 67

Computer

Hardware 149

Software

Application 187

Digitization 24

Numeric 19

Programming

Web 757

CSS 1

ASP.NET 1

Regular Expression 1

HTML

Knowledge Base

Common Color 1

Html Entity (Unicode) 1

Html 401 Special 1

OS 389

MS Windows

Windows10 1

.NET Framework 1

DeskTop 7

Knowledge

Mathematics

Formulas 8

Algebra 20

Number Theory 206

Trigonometry 18

Geometry 18

Calculus 67

Complex Analysis 21

Engineering

Tables 8

Mechanical

Mechanics 1

Rigid Bodies

Statics 92

Dynamics 37

Fluid 5

Fluid Kinematics 5

Control

Process Control 1

Acoustics 19

FiniteElement 2

Physics

Electric 10

Biology 1

Geography 1


Copyright © 2000-2019 Sideway . All rights reserved Disclaimers last modified on 06 September 2019