On Fri, 23 Mar 2001, Dan Harkless wrote: > A URL containing an IP address is not canonical for HTTP. HTTP 1.1 does > virtual hosting via the "Host:" header, so multiple distinct servers can be > on a single IP. If you restrict based on IP, you'll block access to both > http://www.juicysex.com/ and http://www.bible-history.org/, should they both > be on the same box. Quite true. However, one or none of the sites has the be the default for requests where the site isn't specified. So, if the default is juicysex, then the IP address can be blocked. If it's bible history, then you don't. The bypass only "works" if the restricted site is the default. Ryan
- Re: SurfControl Bypass Vulnerability Don Weber
- Re: SurfControl Bypass Vulnerability skelly
- Re: SurfControl Bypass Vulnerability Witter, Franklin
- Re: SurfControl Bypass Vulnerability Chris St. Clair
- Re: SurfControl Bypass Vulnerability Darren Reed
- Re: SurfControl Bypass Vulnerability Paul Cardon
- Re: SurfControl Bypass Vulnerability Dan Harkless
- Re: SurfControl Bypass Vulnerability Ben Ford
- Re: SurfControl Bypass Vulnerabi... Valdis Kletnieks
- Re: SurfControl Bypass Vulnerability c0ncept
- Re: SurfControl Bypass Vulnerability Ryan Russell
- Re: SurfControl Bypass Vulnerability Andrew Moran
- Re: SurfControl Bypass Vulnerability Riad S. Wahby
- Re: SurfControl Bypass Vulnerability Dag-Erling Smorgrav
- Re: SurfControl Bypass Vulnerability King, John
- Re: SurfControl Bypass Vulnerability ASMDood
