change $_SERVER variables in client-side

Question

according to this site $_SERVER['HTTP_HOST'] can be changed by client.
is it really possible? if yes, how? and can client change other parameters of $_SERVER?

https://stackoverflow.com/questions/1459739/php-serverhttp-host-vs-serverserver-name-am-i-understanding-the-ma — CD001, Feb 22 '18 at 16:55

score 1 · Answer 1 · answered Feb 22 '18 at 17:30

1

I found this answer very useful for my question https://stackoverflow.com/a/6474936/6934036

variables that start with HTTP are not reliable

answered Feb 22 '18 at 17:30

Mohammad Salehi

565
1
12
33

score 0 · Accepted Answer · answered Feb 22 '18 at 16:55

0

HTTP request headers are sent by the client and so are determined by the client, so of course it can, as can any other HTTP request header.

Naturally, this is with the proviso that the HTTP server may make use of the Host header and thus decide the request was intended for a different virtual name host and not run the PHP script at all.

answered Feb 22 '18 at 16:55

Quentin

914,110
126
1,211
1,335

how can I see if my HTTP server(Apache) reject fake requests? – Mohammad Salehi Feb 22 '18 at 17:06

change $_SERVER variables in client-side

2 Answers2