Scott Forsyth's Blog

Postings on IIS, ASP.NET, SQL Server, Webfarms and general system admin.

.

  • Scott Forsyth

Hosting Needs

Training and Dev Labs

Viewing all Server Variables for a Site

I often do development, testing or troubleshooting where I want to see all server variables available to a site.  For example, when using a reverse proxy for load balancing, SERVER_ADDR, HTTP_HOST and other variables can change.

Whenever I run into that situation, I write out a simple script that displays all server variables.  I thought I would share it here.

Create a file on your server called serversvariables.aspx, test.aspx or whatever you want to call it.  Place the following in it:

<%
For Each var as String in Request.ServerVariables
  Response.Write(var & " " & Request(var) & "<br>")
Next
%>

Or if you prefer C#, use the following:

<% @ Page Language="C#" %>
<%
foreach (string var in Request.ServerVariables)
{
  Response.Write(var + " " + Request[var] + "<br>");
}
%>

Then simply call the page from a web browser and it will list all server variables. 

The top two variables are worth noting.  They are ALL_HTTP and ALL_RAW which contain all server variables and are repeated with the specific server variables.  Since they contain everything, they can clutter up the page.  You can wrap the Response.Write line in an ‘if’ condition to exclude ALL_HTTP and ALL_RAW if you want, but I find for a quick testing page, I don’t bother, and it gives me every server variable.

The output will look something like this:

{ALL_HTTP and ALL_RAW have been removed from this example.}
APPL_MD_PATH: /LM/W3SVC/2/ROOT
APPL_PHYSICAL_PATH: C:\domains\example.com\
AUTH_TYPE: Forms
AUTH_USER: Scott
AUTH_PASSWORD: 
LOGON_USER: Scott
REMOTE_USER: Scott
CERT_COOKIE: 
CERT_FLAGS: 
CERT_ISSUER: 
CERT_KEYSIZE: 
CERT_SECRETKEYSIZE: 
CERT_SERIALNUMBER: 
CERT_SERVER_ISSUER: 
CERT_SERVER_SUBJECT: 
CERT_SUBJECT: 
CONTENT_LENGTH: 0
CONTENT_TYPE: 
GATEWAY_INTERFACE: CGI/1.1
HTTPS: off
HTTPS_KEYSIZE: 
HTTPS_SECRETKEYSIZE: 
HTTPS_SERVER_ISSUER: 
HTTPS_SERVER_SUBJECT: 
INSTANCE_ID: 2
INSTANCE_META_PATH: /LM/W3SVC/2
LOCAL_ADDR: 206.72.119.72
PATH_INFO: /ServerVariables.aspx
PATH_TRANSLATED: C:\domains\example.com\ServerVariables.aspx
QUERY_STRING: 
REMOTE_ADDR: 192.168.168.29
REMOTE_HOST: 192.168.168.29
REMOTE_PORT: 60137
REQUEST_METHOD: GET
SCRIPT_NAME: /ServerVariables.aspx
SERVER_NAME: www.example.com
SERVER_PORT: 80
SERVER_PORT_SECURE: 0
SERVER_PROTOCOL: HTTP/1.1
SERVER_SOFTWARE: Microsoft-IIS/7.5
URL: /ServerVariables.aspx
HTTP_CACHE_CONTROL: max-age=0
HTTP_CONNECTION: Keep-Alive
HTTP_ACCEPT: application/xml,application/xhtml+xml,text/html;q=0.9...HTTP_ACCEPT_CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_ACCEPT_ENCODING: gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
HTTP_COOKIE: {removed}
HTTP_HOST: www.example.com
HTTP_MAX_FORWARDS: 10
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) ...HTTP_X_ORIGINAL_HOST: www.example.com
HTTP_X_ORIGINAL_SERVER_PORT: 80
HTTP_X_ORIGINAL_URL: /ServerVariables.aspx
HTTP_X_FORWARDED_FOR: 192.168.168.29:60137
HTTP_X_ARR_LOG_ID: 3dc509e5-5da8-4b6b-91ee-f084c308e2ce
HTTP_X_SITE_INSTANCE: 01

Hope you find this useful. Happy coding / troubleshooting!

Posted: Mar 09 2010, 08:59 AM by OWScott | with 20 comment(s)
Filed under: ,

Comments

Elijah Manor said:

Nice post.

Adding trace to your page can also give you this information and much more.

"Tracing in ASP.NET 2.0" http://j.mp/cu4CIS

# March 9, 2010 12:39 PM

Viewing all Server Variables for a Site - Scott Forsyth's Blog said:

Pingback from  Viewing all Server Variables for a Site - Scott Forsyth&#39;s Blog

# March 9, 2010 2:24 PM

Latest Dedicated Server Windows Auctions | World online hosting review said:

Pingback from  Latest Dedicated Server Windows Auctions | World online hosting review

# March 9, 2010 2:59 PM

OWScott said:

Thanks Elijah.  Great link with further details for troubleshooting in ASP.NET.

# March 9, 2010 4:21 PM

kamleshrao said:

Hi,

I have already used this in Classic ASP.

This is good for troubleshooting, but considering the Security Risk on Websites, keeping such file on Production environment would raise high level of risk.

Would advice everyone to use this script wisely.

Thanks,

Kamlesh

# March 10, 2010 1:27 AM

OWScott said:

Hey Kamlesh.  Yes, this is not meant for end users to see.  Usually there isn't "very" incriminating information in the server variables, but things like the site path give a potential attacker more information.  This should be placed in a password protected folder to ensure limited access.

# March 10, 2010 9:43 AM

GreenSands said:

This is very useful, but I want to get INSTANCE_META_PATH for a precompiled site and that won't allow simply placing a aspx file on the server. I don't want to have to re-deploy everything. Is there any way to get IIS to give this directly?

# March 11, 2010 10:27 PM

OWScott said:

GreenSands, sure.  This is a bit dated but IIS7 shows the instance ID similar to IIS6: weblogs.asp.net/.../how-to-find-the-siteid-in-iis5-and-iis6.aspx.

INSTANCE_META_PATH will be /LM/W3SVC/{site id}

Also, you can add a page to a precompiled site if you want to temporarily view the server variables.  It won't fight with the precompiled site.

# March 12, 2010 1:19 AM

Latest Virtual Dedicated Server Auctions | World online hosting review said:

Pingback from  Latest Virtual Dedicated Server Auctions | World online hosting review

# March 17, 2010 9:17 PM

Edevre said:

This is very useful, but I want to get INSTANCE_META_PATH for a precompiled site and that won't allow simply placing a aspx file on the server. I don't want to have to re-deploy everything. Is there any way to get IIS to give this directly?

# April 18, 2010 1:30 PM

OWScott said:

Edevre, I don't know of a way to do this.  IIS is the engine that static or dynamic code runs off.  It doesn't have a direct feedback mechanism.  You would need to use a http handler or code of some sort to get that back.

# April 18, 2010 8:13 PM

Scott Forsyth's Blog said:

For years I’ve wanted to be able to troubleshoot website remotely by seeing the detailed error report

# July 29, 2010 2:04 PM

Wynn Smith said:

How do you view Server Variables in a JavaScript loop?  I'm having trouble interlacing my ASP with JavaScript.

# May 30, 2011 7:21 PM

OWScott said:

Hi Wynn.  The server variables don't change so you can statically assign them to the HTML itself.  If you want them as a variable in the JavaScript logic then you can write them in a hidden field in the html and then call them from JavaScript.  They won't change on each iteration of the loop since they are static so whatever it is the first time, it will remain.

# May 31, 2011 10:04 AM

A said:

I see the REMOTE_USER field in my case as empty on IIS7.5. This value has been set by my application through an authorization header.

Any idea why this field is blank?

# March 1, 2012 3:26 AM

OWScott said:

@A The REMOTE_USER is only there if you have an authenticated user.  If you're using anonymous access then that value is blank and is whatever the anonymous user is for your site.

# March 2, 2012 12:20 PM

Billy said:

I have an old ASP application that accepts attachments for Office 97, but not for Office 2003 upwards (docx, xlsx, etc.) Is there a way to add these extensions to the allowable system varaibles for uploading in the application?

Cheers

# October 12, 2012 1:19 AM

OWScott said:

@Billy, the way to do that is by setting the mime types.  Search the internet for mime types of Office in IIS. This appears to be a good list: www.bram.us/.../office-2007-mime-types-for-iis

# October 12, 2012 10:13 AM

Brett said:

If you dont want your server variable value to be replaced by query string or form post variables of the same name you need to use Response.Write(var + " " + Request.ServerVariables[var] + "<br>");

# November 15, 2012 9:42 AM

OWScott said:

Thanks Brett for pointing that out.  If you do have form or query string variables with the same name as the server variables then you can be more specific to ensure that you're calling just the server variables.

# November 17, 2012 10:53 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)