I am getting lot of traffic to my php pages but without the variable $_SERVER['HTTP_HOST']
set.
This traffic is like 1 hit per second. I don't know what it could be, but for reducing server load i am doing this at the top of every php pages:
if (!isset($_SERVER['HTTP_HOST']))
exit;
Do you know what could cause this? Is it safe to exit whenever HTTP_HOST
is not set?
Can a normal user visit my pages without setting HTTP_HOST
?
$_SERVER['HTTP_HOST'] Returns the Host header from the current request. $_SERVER['HTTP_REFERER']
The HTTP_HOST is obtained from the HTTP request header and this is what the client actually used as "target host" of the request. The SERVER_NAME is defined in server config.
The gethostname() function returns the host name for the local machine.
PHP: $_SERVER['PHP_SELF'] You can find the filename of the currently executing script by using $_SERVER['PHP_SELF']. Filename shown as output is relative to the root of the document.
Mmm, might be as well the "apache dummy connections". Check you access logs for "internal dummy connection", theses are used by the master apache process to send orders to his child processes (like suicide yourself, or we need to reload conf). And theses connections are made in HTTP/1.0 without HOST set.
http://wiki.apache.org/httpd/InternalDummyConnection
Theses #$!"#sh#f#ck*$! connections are making a lot of bugs around there, (cache things, no HTTP/1.1, etc). One 'simple' solution is not having your hostname based Virtuahost serving you main application as the default virtualhost. Keep a very simple default virtualhost with the 'it works' page, or something very simple "if you get this page you might try to get a browser with HTTP/1.1 support somewhere", as a static page. Then all HTTP/1.0 traffic or people accessing your server by IP only, will not be in your real application.
To be complete I've seen a company this year with bad proxies removing the Host header from all their outgoing HTTP traffic. But theses bad guys are dumbs, I don't think there's a lot of people still browsing in HTTP/1.0 without hosts.
HTTP_HOST
is a part of the client's HTTP request and specifies which host name the request is to be directed to. It is necessary to tell apart the right site in a multi-site setup.
If HTTP_HOST
is not set, the client is either very, very old (HTTP 1.0 doesn't support HTTP_HOST) or has made a request directly to your web site's IP.
I can't see any harm in blocking that the way you do. However if you are worried about traffic, it might be wiser to fix this on web server level.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With