Server variables script

This script can be used to get a quick overview of all ASP serverside variables, including application and session variables.

Any arrays in the variables are automatically looped to show contents, and HTML content is encoded before output.

Warning: Do not put the script on a publicly accessible server unless you know what you are doing. Use password access restrictions on the web server and/or the build-in IP filter (edit the strAllowedIPs string). Security sensitive data like database connection strings and server environment parameters will be revealed by the script.

The sourcecode is below the screenshot:

IIS 6.0 server variables screenshot

<%
Option Explicit

Dim strAllowedIPs
strAllowedIPs = "10.0.0.|192.168.0.|11.22.33.44" ' Use "|" as separator.

If CheckAccess(Request.ServerVariables("REMOTE_ADDR"), strAllowedIPs) Then
 Call ShowPage()
Else
 Response.Write("Access denied")
 Response.End
End If

Sub ShowPage()
 %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />
 <meta name="robots" content="noindex,nofollow" />
 <title>Server info</title>
 <style>
 body, td { font-family: Verdana;
 font-size: 9pt;
 padding-left: 5px;
 }
 hr { border: solid 1px green;
 }
 td.name { color: blue;
 }
 td.data { color: green;
 }
 </style>
 </head>
 <body>
 <%
 Response.Write("<h2>Server info</h2>" & vbcrlf & _
 "Server date/time and format: " & Now() & " " & vbcrlf & _
 "Session ID: " & Session.SessionID & " " & vbcrlf & _
 "<table>" & vbcrlf & _
 "<tr><td> Server variables</td><td></td></td>" & vbcrlf)
 Dim item, strContent, itemArray, arrCurrent, i
 For Each item In Request.ServerVariables
 If (item = "ALL_HTTP" Or item = "ALL_RAW") And _
 (Request.QueryString("showall") <> "true") Then
 strContent = "<a href=""" & _
 Request.ServerVariables("SCRIPT_NAME") & _
 "?showall=true"">Click to show</a>"
 Else
 strContent = Encode(Request.ServerVariables(item))
 End If
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & "</td><td class=""data"" valign=""top"">" & _
 strContent & "</td></tr>" & vbcrlf)
 Next
 Response.Write("<tr><td> Application variables</td><td></td></td>" & vbcrlf)
 For Each item In Application.Contents
 If IsArray(Application(item)) Then
 ItemArray = Application(item)
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & _
 " (array)</td><td class=""data"" valign=""top""><hr />")
 On Error Resume Next
 For i = 0 to uBound(ItemArray)
 Response.Write(Encode(ItemArray(i)) & " <hr />" & vbcrlf)
 If Err <> 0 Then
 Response.Write("Multidimensional array column " & i & " <hr />" & vbcrlf)
 End If
 Next
 On Error Goto 0
 Response.Write("</td></tr>" & vbcrlf)
 ElseIf IsObject(Application(item)) Then
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & _
 " (object)</td><td class=""data"" valign=""top"">" & _
 Encode(TypeName(Application(item))) & "</td></tr>" & vbcrlf)
 Else
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & "</td><td class=""data"" valign=""top"">" & _
 Encode(Application(item)) & "</td></tr>" & vbcrlf)
 End If
 Next
 Response.Write("<tr><td> Session variables</td><td></td></td>" & vbcrlf)
 For Each item In Session.Contents
 If IsArray(Session(item)) Then
 ItemArray = Session(item)
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & _
 " (array)</td><td class=""data"" valign=""top""><hr />")
 On Error Resume Next
 For i = 0 to uBound(ItemArray)
 Response.Write(Encode(ItemArray(i)) & " <hr />" & vbcrlf)
 If Err <> 0 Then
 Response.Write("Multidimensional array column " & i & " <hr />" & vbcrlf)
 End If
 Next
 On Error Goto 0
 Response.Write("</td></tr>" & vbcrlf)
 ElseIf IsObject(Session(item)) Then
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & _
 " (object)</td><td class=""data"" valign=""top"">" & _
 Encode(TypeName(Session(item))) & "</td></tr>" & vbcrlf)
 Else
 Response.Write("<tr><td class=""name"" valign=""top"">" & _
 Encode(item) & "</td><td class=""data"" valign=""top"">" & _
 Encode(Session(item)) & "</td></tr>" & vbcrlf)
 End If
 Next
 Response.Write("</table>" & vbcrlf & "</body>" & vbcrlf & "</html>")
End Sub

Function CheckAccess(strCurrentIP, strAllowedIPs)
 Dim i
 Dim arrAllowedIPs
 Dim blnReturnValue
 blnReturnValue = False
 arrAllowedIPs = Split(strAllowedIPs, "|")
 For i = 0 to uBound(arrAllowedIPs)
 If Instr(strCurrentIP, arrAllowedIPs(i)) > 0 Then
 blnReturnValue = True
 End If
 Next
 CheckAccess = blnReturnValue
End Function

Function Encode(strInput)
 Dim strReturn
 If IsNull(strInput) Then
 strReturn = "(Null)"
 Else
 strReturn = strInput
 End If
 strReturn = CStr(strReturn)
 strReturn = Server.HTMLEncode(strReturn)
 strReturn = Replace(strReturn, vbcrlf, " " & vbcrlf)
 strReturn = Replace(strReturn, " ", "  ")
 Encode = strReturn
End Function
%>

The server variables made available on a IIS 6.0 running classic ASP are:

ALL_HTTP
ALL_RAW
APPL_MD_PATH
APPL_PHYSICAL_PATH
AUTH_PASSWORD
AUTH_TYPE
AUTH_USER
CERT_COOKIE
CERT_FLAGS
CERT_ISSUER
CERT_KEYSIZE
CERT_SECRETKEYSIZE
CERT_SERIALNUMBER
CERT_SERVER_ISSUER
CERT_SERVER_SUBJECT
CERT_SUBJECT
CONTENT_LENGTH
CONTENT_TYPE
GATEWAY_INTERFACE
HTTPS
HTTPS_KEYSIZE
HTTPS_SECRETKEYSIZE
HTTPS_SERVER_ISSUER
HTTPS_SERVER_SUBJECT
INSTANCE_ID
INSTANCE_META_PATH
LOCAL_ADDR
LOGON_USER
PATH_INFO
PATH_TRANSLATED
QUERY_STRING
REMOTE_ADDR
REMOTE_HOST
REMOTE_USER
REQUEST_METHOD
SCRIPT_NAME
SERVER_NAME
SERVER_PORT
SERVER_PORT_SECURE
SERVER_PROTOCOL
SERVER_SOFTWARE
URL
HTTP_CACHE_CONTROL
HTTP_CONNECTION
HTTP_KEEP_ALIVE
HTTP_ACCEPT
HTTP_ACCEPT_CHARSET
HTTP_ACCEPT_ENCODING
HTTP_ACCEPT_LANGUAGE
HTTP_COOKIE
HTTP_HOST
HTTP_USER_AGENT

Tags: asp, html

Page last updated 2008-01-01 18:54. Some rights reserved (CC by 3.0)