What alternative can HTTP_HOST use?

Question

What alternative can HTTP_HOST use?

I need to display the current server host (in PHP, but this is not very important). I don’t know which host I am on. How can I do this without security issues? If I use $_SERVER['HTTP_HOST'] , it comes from the client, so I cannot trust this information (it can be rewritten, I think).

PS: I read this post: How reliable is HTTP_HOST? but I did not find the answer (maybe I did not search correctly ...)

+4

security php apache host

rap-2-h Jun 13 '12 at 14:32

source share

3 answers

If you do not plan to use it for security or authentication purposes, then $_SERVER['HTTP_HOST'] should be in order. You may have the wrong values for your visitors to the kiddie script, but your regular users will use well-managed browsers.

You won’t have security problems if you treat it like any other user. Sanitize it, do not create file names and do not execute commands on it, avoid it before displaying it, etc.

+1

grossvogel Jun 13 '12 at 16:44

source share

You can even give

 php_uname('n');

or maybe even

 `hostname -f`

(pay attention to backlinks here).

0

Hauke haien Jun 13 '12 at 16:31

source share

ilanco · Accepted Answer · 2012-06-13T14:36:45+0000

Use $_SERVER['SERVER_NAME'] for this purpose, from the docs:

The hostname of the server under which the current script is running. If the script is running on a virtual host, this will be the value defined for that virtual host.

What alternative can HTTP_HOST use?

More articles: