Server variables script
This script can be used to get a quick overview of all ASP serverside variables, including application and session variables.Any arrays in the variables are automatically looped to show contents, and HTML content is encoded before output.
Warning: Do not put the script on a publicly accessible server unless you know what you are doing. Use password access restrictions on the web server and/or the build-in IP filter (edit the strAllowedIPs string). Security sensitive data like database connection strings and server environment parameters will be revealed by the script.
The sourcecode is below the screenshot:

<%
Option Explicit
Dim strAllowedIPs
strAllowedIPs = "10.0.0.|192.168.0.|11.22.33.44" ' Use "|" as separator.
If CheckAccess(Request.ServerVariables("REMOTE_ADDR"), strAllowedIPs) Then
Call ShowPage()
Else
Response.Write("Access denied")
Response.End
End If
Sub ShowPage()
%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />
<meta name="robots" content="noindex,nofollow" />
<title>Server info</title>
<style>
body, td { font-family: Verdana;
font-size: 9pt;
padding-left: 5px;
}
hr { border: solid 1px green;
}
td.name { color: blue;
}
td.data { color: green;
}
</style>
</head>
<body>
<%
Response.Write("<h2>Server info</h2>" & vbcrlf & _
"Server date/time and format: " & Now() & "<br />" & vbcrlf & _
"Session ID: " & Session.SessionID & "<br />" & vbcrlf & _
"<table>" & vbcrlf & _
"<tr><td><b><br>Server variables</b></td><td></td></td>" & vbcrlf)
Dim item, strContent, itemArray, arrCurrent, i
For Each item In Request.ServerVariables
If (item = "ALL_HTTP" Or item = "ALL_RAW") And _
(Request.QueryString("showall") <> "true") Then
strContent = "<a href=""" & _
Request.ServerVariables("SCRIPT_NAME") & _
"?showall=true"">Click to show</a>"
Else
strContent = Encode(Request.ServerVariables(item))
End If
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & "</td><td class=""data"" valign=""top"">" & _
strContent & "</td></tr>" & vbcrlf)
Next
Response.Write("<tr><td><b><br>Application variables</b></td><td></td></td>" & vbcrlf)
For Each item In Application.Contents
If IsArray(Application(item)) Then
ItemArray = Application(item)
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(array)</b></td><td class=""data"" valign=""top""><hr />")
On Error Resume Next
For i = 0 to uBound(ItemArray)
Response.Write(Encode(ItemArray(i)) & "<br /><hr />" & vbcrlf)
If Err <> 0 Then
Response.Write("<i>Multidimensional array column " & i & "</i><br /><hr />" & vbcrlf)
End If
Next
On Error Goto 0
Response.Write("</td></tr>" & vbcrlf)
ElseIf IsObject(Application(item)) Then
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(object)</b></td><td class=""data"" valign=""top""><i>" & _
Encode(TypeName(Application(item))) & "</i></td></tr>" & vbcrlf)
Else
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & "</td><td class=""data"" valign=""top"">" & _
Encode(Application(item)) & "</td></tr>" & vbcrlf)
End If
Next
Response.Write("<tr><td><b><br>Session variables</b></td><td></td></td>" & vbcrlf)
For Each item In Session.Contents
If IsArray(Session(item)) Then
ItemArray = Session(item)
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(array)</b></td><td class=""data"" valign=""top""><hr />")
On Error Resume Next
For i = 0 to uBound(ItemArray)
Response.Write(Encode(ItemArray(i)) & "<br /><hr />" & vbcrlf)
If Err <> 0 Then
Response.Write("<i>Multidimensional array column " & i & "</i><br /><hr />" & vbcrlf)
End If
Next
On Error Goto 0
Response.Write("</td></tr>" & vbcrlf)
ElseIf IsObject(Session(item)) Then
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(object)</b></td><td class=""data"" valign=""top""><i>" & _
Encode(TypeName(Session(item))) & "</i></td></tr>" & vbcrlf)
Else
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & "</td><td class=""data"" valign=""top"">" & _
Encode(Session(item)) & "</td></tr>" & vbcrlf)
End If
Next
Response.Write("</table>" & vbcrlf & "</body>" & vbcrlf & "</html>")
End Sub
Function CheckAccess(strCurrentIP, strAllowedIPs)
Dim i
Dim arrAllowedIPs
Dim blnReturnValue
blnReturnValue = False
arrAllowedIPs = Split(strAllowedIPs, "|")
For i = 0 to uBound(arrAllowedIPs)
If Instr(strCurrentIP, arrAllowedIPs(i)) > 0 Then
blnReturnValue = True
End If
Next
CheckAccess = blnReturnValue
End Function
Function Encode(strInput)
Dim strReturn
If IsNull(strInput) Then
strReturn = "(Null)"
Else
strReturn = strInput
End If
strReturn = CStr(strReturn)
strReturn = Server.HTMLEncode(strReturn)
strReturn = Replace(strReturn, vbcrlf, "<br />" & vbcrlf)
strReturn = Replace(strReturn, " ", " ")
Encode = strReturn
End Function
%>
Option Explicit
Dim strAllowedIPs
strAllowedIPs = "10.0.0.|192.168.0.|11.22.33.44" ' Use "|" as separator.
If CheckAccess(Request.ServerVariables("REMOTE_ADDR"), strAllowedIPs) Then
Call ShowPage()
Else
Response.Write("Access denied")
Response.End
End If
Sub ShowPage()
%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />
<meta name="robots" content="noindex,nofollow" />
<title>Server info</title>
<style>
body, td { font-family: Verdana;
font-size: 9pt;
padding-left: 5px;
}
hr { border: solid 1px green;
}
td.name { color: blue;
}
td.data { color: green;
}
</style>
</head>
<body>
<%
Response.Write("<h2>Server info</h2>" & vbcrlf & _
"Server date/time and format: " & Now() & "<br />" & vbcrlf & _
"Session ID: " & Session.SessionID & "<br />" & vbcrlf & _
"<table>" & vbcrlf & _
"<tr><td><b><br>Server variables</b></td><td></td></td>" & vbcrlf)
Dim item, strContent, itemArray, arrCurrent, i
For Each item In Request.ServerVariables
If (item = "ALL_HTTP" Or item = "ALL_RAW") And _
(Request.QueryString("showall") <> "true") Then
strContent = "<a href=""" & _
Request.ServerVariables("SCRIPT_NAME") & _
"?showall=true"">Click to show</a>"
Else
strContent = Encode(Request.ServerVariables(item))
End If
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & "</td><td class=""data"" valign=""top"">" & _
strContent & "</td></tr>" & vbcrlf)
Next
Response.Write("<tr><td><b><br>Application variables</b></td><td></td></td>" & vbcrlf)
For Each item In Application.Contents
If IsArray(Application(item)) Then
ItemArray = Application(item)
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(array)</b></td><td class=""data"" valign=""top""><hr />")
On Error Resume Next
For i = 0 to uBound(ItemArray)
Response.Write(Encode(ItemArray(i)) & "<br /><hr />" & vbcrlf)
If Err <> 0 Then
Response.Write("<i>Multidimensional array column " & i & "</i><br /><hr />" & vbcrlf)
End If
Next
On Error Goto 0
Response.Write("</td></tr>" & vbcrlf)
ElseIf IsObject(Application(item)) Then
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(object)</b></td><td class=""data"" valign=""top""><i>" & _
Encode(TypeName(Application(item))) & "</i></td></tr>" & vbcrlf)
Else
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & "</td><td class=""data"" valign=""top"">" & _
Encode(Application(item)) & "</td></tr>" & vbcrlf)
End If
Next
Response.Write("<tr><td><b><br>Session variables</b></td><td></td></td>" & vbcrlf)
For Each item In Session.Contents
If IsArray(Session(item)) Then
ItemArray = Session(item)
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(array)</b></td><td class=""data"" valign=""top""><hr />")
On Error Resume Next
For i = 0 to uBound(ItemArray)
Response.Write(Encode(ItemArray(i)) & "<br /><hr />" & vbcrlf)
If Err <> 0 Then
Response.Write("<i>Multidimensional array column " & i & "</i><br /><hr />" & vbcrlf)
End If
Next
On Error Goto 0
Response.Write("</td></tr>" & vbcrlf)
ElseIf IsObject(Session(item)) Then
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & _
" <b>(object)</b></td><td class=""data"" valign=""top""><i>" & _
Encode(TypeName(Session(item))) & "</i></td></tr>" & vbcrlf)
Else
Response.Write("<tr><td class=""name"" valign=""top"">" & _
Encode(item) & "</td><td class=""data"" valign=""top"">" & _
Encode(Session(item)) & "</td></tr>" & vbcrlf)
End If
Next
Response.Write("</table>" & vbcrlf & "</body>" & vbcrlf & "</html>")
End Sub
Function CheckAccess(strCurrentIP, strAllowedIPs)
Dim i
Dim arrAllowedIPs
Dim blnReturnValue
blnReturnValue = False
arrAllowedIPs = Split(strAllowedIPs, "|")
For i = 0 to uBound(arrAllowedIPs)
If Instr(strCurrentIP, arrAllowedIPs(i)) > 0 Then
blnReturnValue = True
End If
Next
CheckAccess = blnReturnValue
End Function
Function Encode(strInput)
Dim strReturn
If IsNull(strInput) Then
strReturn = "(Null)"
Else
strReturn = strInput
End If
strReturn = CStr(strReturn)
strReturn = Server.HTMLEncode(strReturn)
strReturn = Replace(strReturn, vbcrlf, "<br />" & vbcrlf)
strReturn = Replace(strReturn, " ", " ")
Encode = strReturn
End Function
%>
The server variables made available on a IIS 6.0 running classic ASP are:
- ALL_HTTP
- ALL_RAW
- APPL_MD_PATH
- APPL_PHYSICAL_PATH
- AUTH_PASSWORD
- AUTH_TYPE
- AUTH_USER
- CERT_COOKIE
- CERT_FLAGS
- CERT_ISSUER
- CERT_KEYSIZE
- CERT_SECRETKEYSIZE
- CERT_SERIALNUMBER
- CERT_SERVER_ISSUER
- CERT_SERVER_SUBJECT
- CERT_SUBJECT
- CONTENT_LENGTH
- CONTENT_TYPE
- GATEWAY_INTERFACE
- HTTPS
- HTTPS_KEYSIZE
- HTTPS_SECRETKEYSIZE
- HTTPS_SERVER_ISSUER
- HTTPS_SERVER_SUBJECT
- INSTANCE_ID
- INSTANCE_META_PATH
- LOCAL_ADDR
- LOGON_USER
- PATH_INFO
- PATH_TRANSLATED
- QUERY_STRING
- REMOTE_ADDR
- REMOTE_HOST
- REMOTE_USER
- REQUEST_METHOD
- SCRIPT_NAME
- SERVER_NAME
- SERVER_PORT
- SERVER_PORT_SECURE
- SERVER_PROTOCOL
- SERVER_SOFTWARE
- URL
- HTTP_CACHE_CONTROL
- HTTP_CONNECTION
- HTTP_KEEP_ALIVE
- HTTP_ACCEPT
- HTTP_ACCEPT_CHARSET
- HTTP_ACCEPT_ENCODING
- HTTP_ACCEPT_LANGUAGE
- HTTP_COOKIE
- HTTP_HOST
- HTTP_USER_AGENT
Page last updated 2008-01-01 18:54. Some rights reserved (CC by 3.0)