Server variables script

This script can be used to get a quick overview of all ASP serverside variables, including application and session variables.

Any arrays in the variables are automatically looped to show contents, and HTML content is encoded before output.

Warning: Do not put the script on a publicly accessible server unless you know what you are doing. Use password access restrictions on the web server and/or the build-in IP filter (edit the strAllowedIPs string). Security sensitive data like database connection strings and server environment parameters will be revealed by the script.

The sourcecode is below the screenshot:

IIS 6.0 server variables screenshot

<%
Option Explicit

Dim strAllowedIPs
strAllowedIPs = "10.0.0.|192.168.0.|11.22.33.44" ' Use "|" as separator.

If CheckAccess(Request.ServerVariables("REMOTE_ADDR"), strAllowedIPs) Then
  Call ShowPage()
Else
  Response.Write("Access denied")
  Response.End
End If

Sub ShowPage()
  %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />
  <meta name="robots" content="noindex,nofollow" />
  <title>Server info</title>
  <style>
  body, td { font-family: Verdana;
             font-size: 9pt;
             padding-left: 5px;
             }
  hr      { border: solid 1px green;
            }
  td.name { color: blue;
            }
  td.data { color: green;
            }
  </style>
  </head>
  <body>
  <%
  Response.Write("<h2>Server info</h2>" & vbcrlf & _
    "Server date/time and format: " & Now() & "<br />" & vbcrlf & _
    "Session ID: " & Session.SessionID & "<br />" & vbcrlf & _
    "<table>" & vbcrlf & _
    "<tr><td><b><br>Server variables</b></td><td></td></td>" & vbcrlf)
  Dim item, strContent, itemArray, arrCurrent, i
  For Each item In Request.ServerVariables
    If (item = "ALL_HTTP" Or item = "ALL_RAW") And _
      (Request.QueryString("showall") <> "true") Then
      strContent = "<a href=""" & _
        Request.ServerVariables("SCRIPT_NAME") & _
        "?showall=true"">Click to show</a>"
    Else
      strContent = Encode(Request.ServerVariables(item))
    End If
    Response.Write("<tr><td class=""name"" valign=""top"">" & _
      Encode(item) & "</td><td class=""data"" valign=""top"">" & _
      strContent & "</td></tr>" & vbcrlf)
  Next
  Response.Write("<tr><td><b><br>Application variables</b></td><td></td></td>" & vbcrlf)
  For Each item In Application.Contents
    If IsArray(Application(item)) Then
      ItemArray = Application(item)
      Response.Write("<tr><td class=""name"" valign=""top"">" & _
        Encode(item) & _
        "&nbsp;<b>(array)</b></td><td class=""data"" valign=""top""><hr />")
      On Error Resume Next
      For i = 0 to uBound(ItemArray)
        Response.Write(Encode(ItemArray(i)) & "<br /><hr />" & vbcrlf)
        If Err <> 0 Then
          Response.Write("<i>Multidimensional array column " & i & "</i><br /><hr />" & vbcrlf)
        End If
      Next
      On Error Goto 0
      Response.Write("</td></tr>" & vbcrlf)
    ElseIf IsObject(Application(item)) Then
      Response.Write("<tr><td class=""name"" valign=""top"">" & _
        Encode(item) & _
        "&nbsp;<b>(object)</b></td><td class=""data"" valign=""top""><i>" & _
        Encode(TypeName(Application(item))) & "</i></td></tr>" & vbcrlf)
    Else
      Response.Write("<tr><td class=""name"" valign=""top"">" & _
      Encode(item) & "</td><td class=""data"" valign=""top"">" & _
      Encode(Application(item)) & "</td></tr>" & vbcrlf)
    End If
  Next
  Response.Write("<tr><td><b><br>Session variables</b></td><td></td></td>" & vbcrlf)
  For Each item In Session.Contents
    If IsArray(Session(item)) Then
      ItemArray = Session(item)
      Response.Write("<tr><td class=""name"" valign=""top"">" & _
        Encode(item) & _
        "&nbsp;<b>(array)</b></td><td class=""data"" valign=""top""><hr />")
      On Error Resume Next
      For i = 0 to uBound(ItemArray)
        Response.Write(Encode(ItemArray(i)) & "<br /><hr />" & vbcrlf)
        If Err <> 0 Then
          Response.Write("<i>Multidimensional array column " & i & "</i><br /><hr />" & vbcrlf)
        End If
      Next
      On Error Goto 0
      Response.Write("</td></tr>" & vbcrlf)
    ElseIf IsObject(Session(item)) Then
      Response.Write("<tr><td class=""name"" valign=""top"">" & _
        Encode(item) & _
        "&nbsp;<b>(object)</b></td><td class=""data"" valign=""top""><i>" & _
        Encode(TypeName(Session(item))) & "</i></td></tr>" & vbcrlf)
    Else
      Response.Write("<tr><td class=""name"" valign=""top"">" & _
        Encode(item) & "</td><td class=""data"" valign=""top"">" & _
        Encode(Session(item)) & "</td></tr>" & vbcrlf)
    End If
  Next
  Response.Write("</table>" & vbcrlf & "</body>" & vbcrlf & "</html>")
End Sub

Function CheckAccess(strCurrentIP, strAllowedIPs)
  Dim i
  Dim arrAllowedIPs
  Dim blnReturnValue
  blnReturnValue = False
  arrAllowedIPs = Split(strAllowedIPs, "|")
  For i = 0 to uBound(arrAllowedIPs)
    If Instr(strCurrentIP, arrAllowedIPs(i)) > 0 Then
      blnReturnValue = True
    End If
  Next
  CheckAccess = blnReturnValue
End Function

Function Encode(strInput)
  Dim strReturn
  If IsNull(strInput) Then
    strReturn = "(Null)"
  Else
    strReturn = strInput
  End If
  strReturn = CStr(strReturn)
  strReturn = Server.HTMLEncode(strReturn)
  strReturn = Replace(strReturn, vbcrlf, "<br />" & vbcrlf)
  strReturn = Replace(strReturn, "  ", "&nbsp;&nbsp;")
  Encode = strReturn
End Function
%>

The server variables made available on a IIS 6.0 running classic ASP are:
  • ALL_HTTP
  • ALL_RAW
  • APPL_MD_PATH
  • APPL_PHYSICAL_PATH
  • AUTH_PASSWORD
  • AUTH_TYPE
  • AUTH_USER
  • CERT_COOKIE
  • CERT_FLAGS
  • CERT_ISSUER
  • CERT_KEYSIZE
  • CERT_SECRETKEYSIZE
  • CERT_SERIALNUMBER
  • CERT_SERVER_ISSUER
  • CERT_SERVER_SUBJECT
  • CERT_SUBJECT
  • CONTENT_LENGTH
  • CONTENT_TYPE
  • GATEWAY_INTERFACE
  • HTTPS
  • HTTPS_KEYSIZE
  • HTTPS_SECRETKEYSIZE
  • HTTPS_SERVER_ISSUER
  • HTTPS_SERVER_SUBJECT
  • INSTANCE_ID
  • INSTANCE_META_PATH
  • LOCAL_ADDR
  • LOGON_USER
  • PATH_INFO
  • PATH_TRANSLATED
  • QUERY_STRING
  • REMOTE_ADDR
  • REMOTE_HOST
  • REMOTE_USER
  • REQUEST_METHOD
  • SCRIPT_NAME
  • SERVER_NAME
  • SERVER_PORT
  • SERVER_PORT_SECURE
  • SERVER_PROTOCOL
  • SERVER_SOFTWARE
  • URL
  • HTTP_CACHE_CONTROL
  • HTTP_CONNECTION
  • HTTP_KEEP_ALIVE
  • HTTP_ACCEPT
  • HTTP_ACCEPT_CHARSET
  • HTTP_ACCEPT_ENCODING
  • HTTP_ACCEPT_LANGUAGE
  • HTTP_COOKIE
  • HTTP_HOST
  • HTTP_USER_AGENT
Tags: asp, html
Page last updated 2008-01-01 18:54. Some rights reserved (CC by 3.0)