Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

$_SERVER['HTTP_HOST'] not set

Tags:

php

apache

I am getting lot of traffic to my php pages but without the variable $_SERVER['HTTP_HOST'] set.

This traffic is like 1 hit per second. I don't know what it could be, but for reducing server load i am doing this at the top of every php pages:

if (!isset($_SERVER['HTTP_HOST']))
    exit;

Do you know what could cause this? Is it safe to exit whenever HTTP_HOST is not set?

Can a normal user visit my pages without setting HTTP_HOST?

  • PHP version: 5.2.0-8
  • Apache: 2.2.3
like image 273
dynamic Avatar asked Jan 01 '11 12:01

dynamic


People also ask

What is $_ server [' HTTP_HOST '] in PHP?

$_SERVER['HTTP_HOST'] Returns the Host header from the current request. $_SERVER['HTTP_REFERER']

What is HTTP_HOST?

The HTTP_HOST is obtained from the HTTP request header and this is what the client actually used as "target host" of the request. The SERVER_NAME is defined in server config.

How can I get host in PHP?

The gethostname() function returns the host name for the local machine.

How can I know my server name in PHP?

PHP: $_SERVER['PHP_SELF'] You can find the filename of the currently executing script by using $_SERVER['PHP_SELF']. Filename shown as output is relative to the root of the document.


2 Answers

Mmm, might be as well the "apache dummy connections". Check you access logs for "internal dummy connection", theses are used by the master apache process to send orders to his child processes (like suicide yourself, or we need to reload conf). And theses connections are made in HTTP/1.0 without HOST set.

http://wiki.apache.org/httpd/InternalDummyConnection

Theses #$!"#sh#f#ck*$! connections are making a lot of bugs around there, (cache things, no HTTP/1.1, etc). One 'simple' solution is not having your hostname based Virtuahost serving you main application as the default virtualhost. Keep a very simple default virtualhost with the 'it works' page, or something very simple "if you get this page you might try to get a browser with HTTP/1.1 support somewhere", as a static page. Then all HTTP/1.0 traffic or people accessing your server by IP only, will not be in your real application.

To be complete I've seen a company this year with bad proxies removing the Host header from all their outgoing HTTP traffic. But theses bad guys are dumbs, I don't think there's a lot of people still browsing in HTTP/1.0 without hosts.

like image 166
regilero Avatar answered Sep 19 '22 21:09

regilero


HTTP_HOST is a part of the client's HTTP request and specifies which host name the request is to be directed to. It is necessary to tell apart the right site in a multi-site setup.

If HTTP_HOST is not set, the client is either very, very old (HTTP 1.0 doesn't support HTTP_HOST) or has made a request directly to your web site's IP.

I can't see any harm in blocking that the way you do. However if you are worried about traffic, it might be wiser to fix this on web server level.

like image 42
Pekka Avatar answered Sep 19 '22 21:09

Pekka