On 4/30/2015 12:36 PM, Ron W wrote: > On Thu, Apr 30, 2015 at 10:36 AM, Andy Goth <andrew.m.g...@gmail.com> wrote: >> Seems I have a lot of people trying to access my repository who have >> no business doing so: >> >> I'd like to limit access based on the HTTP/1.1 Host: header. If >> Host: isn't un.is-a-geek.com <http://un.is-a-geek.com> or >> un.is-a-geek.com <http://un.is-a-geek.com>. (note final period) then >> just drop the connection. > > The HTTP Host header field is the name of "targeted" server, not the > client's host. This field is used to support virtual hosting.
I know, and in my original email I went on to say that a refinement of my simple request would be to implement virtual hosting. My point is that any attempt to access my repository other than through one of the few expected hostnames is clearly illegitimate, and I wish to block it. Because this is an application-layer thing, this cannot be done with iptables, only inside the HTTP server. -- Andy Goth | <andrew.m.goth/at/gmail/dot/com>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
