Retrieving CloudFront-Forwarded-Proto with PHP - php

How can I retrieve CloudFront-Forwarded-Proto using PHP? It appears as a header in the AWS documentation: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#RequestCustomRemovedHeaders
I tried using $_SERVER['CLOUDFRONT_FORWARDED_PROTO'] or $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'], among others, but without success.
How can I do it? What am I missing? I can't find any information or examples on this at all.

Have you configured ClouldFront to forward the header? It doesn't forward it by default.
CloudFront-Forwarded-Proto
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-protocol

Related

PHP HTTP_X_FILE_NAME removed, what alternatives do I have

Good day,
I use filedrop to upload images in my application.
Recently I moved to PHP 7.1 on my development location and I found out that HTTP_X_FILE_NAME has been removed.
Searching the web I found out that this key has been removed as "unnecessary"
However I do not know what to substitute it with?
I used to fetch the uploaded file with the following code :
$name = urldecode($_SERVER['HTTP_X_FILE_NAME']);
$data = file_get_contents("php://input");
$_SERVER['HTTP_X_FILE_NAME'] is not something standard in any version of PHP, but it is available when an 'X-file-name' request header was set. For example, you can see filedrop.js setting this request header here: https://github.com/ProgerXP/FileDrop/blob/33f85ce84a1df890ab5d9dcf6d105c457b2f18b0/filedrop.js#L2033.
Please see what headers are available in the $_SERVER super-global (e.g. by doing a var_dump($_SERVER)). It may happen that 'HTTP_X_FILE_NAME' got prefixed with a REDIRECT_ prefix because of your current server configuration and then you should use $_SERVER['REDIRECT_HTTP_X_FILE_NAME'].

file_get_contents not working when parameters included in a relative url

I am trying to create a simple web service that will give a result depending on parameters passed.
I would like to use file_get_contents but am having difficulties getting it to work. I have researched many of the other questions relating to the file_get_contents issues but none have been exactly the situation I seem to having.
I have a webpage:
example.com/xdirectory/index.php
I am attempting to get the value of the output of that page using:
file_get_contents(urlencode('https://www.example.com/xdirectory/index.php'));*
That does not work due to some issue with the https. Since the requesting page and the target are both on the same server I try again with a relative path:
file_get_contents(urlencode('../xdirectory/index.php'));
That does work and retrieves the html output of the page as expected.
Now if I try:
file_get_contents(urlencode('../xdirectory/index.php?id=100'));
The html output is (should be): Hello World.
The result retrieved by the command is blank. I check the error log and have an error:
[Fri Dec 04 12:22:54 2015] [error] [client 10.50.0.12] PHP Warning: file_get_contents(../xdirectory/index.php?id=100): failed to open stream: No such file or directory in /var/www/html/inventory/index.php on line 40, referer: https://www.example.com/inventory/index.php
The php.ini has these set:
allow_url_fopen, On local and On master
allow_url_include, On local and On master
Since I can get the content properly using only the url and NOT when using it with parameters I'm guessing that there is an issue with parameters and file_get_contents. I cannot find any notice against using parameters in the documentation so am at a loss and asking for your help.
Additional Notes:
I have tried this using urlencode and not using urlencode. Also, I am not trying to retrieve a file but dynamically created html output depending on parameters passed (just as much of the html output at index.php is dynamically created).
** There are several folks giving me all kind of good suggestions and it has been suggested that I must use the full blown absolute path. I just completed an experiment using file_get_contents to get http://www.duckduckgo.com, that worked, and then with a urlencoded parameter (http://www.duckduckgo.com/?q=php+is+cool)... that worked too.
It was when I tried the secure side of things, https://www.duckduckgo.com that it failed, and, with the same error message in the log as I have been receiving with my other queries.
So, now I have a refined question and I may need to update the question title to reflect it.
Does anyone know how to get a parameterized relative url to work with file_get_contents? (i.e. 'file_get_contents(urlencode('../xdirectory/index.php?id=' . urlencode('100'))); )
Unless you provide a full-blown absolute protocol://host/path-type url to file_get_contents, it WILL assume you're dealing with a local filesystem path.
That means your urlencode() version is wrongly doing
file_get_contents('..%2Fxdirectory%2Findex.php');
and you are HIGHLY unlikely to have a hidden file named ..%2Fetc....
call url with domain, try this
file_get_contents('https://www.example.com/inventory/index.php?id=100');
From reading your comments and additional notes, I think you don't want file_get_contents but you want include.
see How to execute and get content of a .php file in a variable?
Several of these answers give you useful pointers on what it looks like you're trying to achieve.
file_get_contents will return the contents of a file rather than the output of a file, unless it's a URL, but as you seem to have other issues with passing the URI absolutely....
So; you can construct something like:
$_GET['id'] = 100;
//this will pass the variable into the index.php file to use as if it was
// a GET value passed in the URI.
$output = include $_SERVER['DOCUMENT_ROOT']."/file/address/index.php";
unset($_GET['id']);
//$output holds the HTML code as a string,
The above feels hacky trying to incorporate $_GET values into the index.php page, but if you can edit the index.php page you can use plain PHP passed values and also get the output returned with a specific return $output; statement at the end of the included file.
It has been two years since I used PHP so I am just speculating about what I might try in your situation.
Instead of trying fetching the parsed file contents with arguments as a query string, I might try to set the variables directly within the php script and then include it (that is if the framework you use allows this).
To achive this I would use pattern:
ob_start -> set the variable, include the file that uses the variable -> ob_get_contents -> ob_end_clean
It is like opening your terminal and running the php file with arguments.
Anyway, I would not be surprised if there are better ways to achieve the same results. Happy hacking :o)
EDIT:
I like to emphasize that I am just speculating. I don't know if there are any security issues with this approach. You could of course ask and see if anyone knows here on stackoverflow.
EDIT2:
Hmm, scrap what I said last. I would check if you can use argv instead.
'argv' Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string. http://php.net/manual/en/reserved.variables.server.php
Then you just call your php script locally but without the query mark indicator "?". This way you can use the php interpreter without the server.
This is likely to be the most general solution because you can also use argv for get requests if I am understanding the manual correctly.

Send a $_GET request with special characters in the HTTP header (escaping)

I'm trying to work on my new wordpress plugin, and I encountered an issue.
I'm setting a variable to contain something like this:
esc_html('likeit'.wp_generate_password(4))
And then - I want to call another function via GET, but it's sometimes breaking.
For example if I have: likeitA9&n, it will break at &.
Can you please tell me what's the best (and most secured) but simple way to handle this in my plugin?
Examples would be appreciated!
Thanks a lot!
P.S. - I did try to look at previous posts, but nothing that actually solved this :(
urlencode('likeit'.wp_generate_password(4));
or
rawurlencode('likeit'.wp_generate_password(4));

Get Message in PHP

I'm trying very simple in PHP and not very sure what to search here or on google.
Problem is -
In PHP function I want to call/get a URL
http://www.example.com/message?Name=MyNameIsX
and like to read the return value (body) at this URL (which may contain "Your Name is MyNameIsX")
I tried
$data = file_get_contents($url)
This is timing out; although I'm able to open the $url in the browser.
Yes, file_get_contents normal use for files on this server and base on support and setting this perhaps is not allow.
See PHP CUrl http://php.net/manual/en/curl.examples.php or example
http://php.net/manual/en/curl.examples.php, http://php.net/manual/en/curl.examples-basic.php
You could use cUrl as suggested by FIG-GHD742 but I find the HTTP extension a lot easier to use. It's newer and has a neat OOP api.
Another method is that you can actually do an include/require with these, but it's generally a bad idea to do so if you don't control the source from which the data is coming
It sounds like you need to enable loopback calls on the server (self-calls). It would be better to get the data on the backend if you need it on the same server. Via a PHP API or calls to a database.
**
This will help you lot : http://php.net/manual/en/curl.examples.php
http://php.net/manual/en/curl.examples.php,
http://php.net/manual/en/curl.examples-basic.php
**
Yes the above answers is right. some hosting providers disable it for security purpose. You may also try fopen(php) if you are not looking for Curl way. Read documentation here http://php.net/manual/en/function.fopen.php

How to get Apache's running request at a specific moment?

I need to find a way to get all Apache running request at a given moment. I need to list the vhost, cpu, request ip address and some other information.
This information will be consumed by a PHP script.
I have mod_status installed and it has all the information I need. So I tried to use file_get_contents to get the report, generating a request from the server (http://localhost/server-status). It worked perfectly. Then I tried to parse the report, converting it to XML using simplexml_load_string. The problem is that the HTML outputted by mod_status is not well formed.
Here is the HTL from the table I need to parse:
<table border="0"><tr><th>Srv</th><th>PID</th><th>Acc</th><th>M</th><th>CPU
</th><th>SS</th><th>Req</th><th>Conn</th><th>Child</th><th>Slot</th><th>Client</th><th>VHost</th><th>Request</th></tr>
<tr><td><b>0-1</b></td><td>-</td><td>0/0/70</td><td>.
</td><td>0.00</td><td>107</td><td>0</td><td>0.0</td><td>0.00</td><td>0.34
</td><td>127.0.0.1</td><td nowrap>zsce</td><td nowrap>OPTIONS * HTTP/1.0</td></tr>
<tr><td><b>1-1</b></td><td>-</td><td>0/0/55</td><td>.
</td><td>0.04</td><td>108</td><td>0</td><td>0.0</td><td>0.00</td><td>0.70
</td><td>127.0.0.1</td><td nowrap>zsce</td><td nowrap>OPTIONS * HTTP/1.0</td></tr>
</table>
I'm sure someone has tried to do something like this before.
1) Is there another way to access the information I need?
2) Has anybody tried other tools / modules?
Thanks in advance.
I can't see the problem with the HTML. What's wrong with it?
Does PHP not have a liberal HTML parser; something like Python's BeautifulSoup or Ruby's Nokogiri?
Also, remember that mod_status has 'auto' mode for producing machine-readable output.
http://www.apache.org/server-status?auto
http://httpd.apache.org/docs/2.2/mod/mod_status.html#machinereadable
I just found that if I remove "nowrap" from the HTML before parsing it, it works.

Categories