>>>>> "Boysenberry" == Boysenberry Payne <[EMAIL PROTECTED]> writes:
Boysenberry> I'm using a two server system. Front end Apache 1.33/php4 Boysenberry> uses mod_proxy Boysenberry> and mod_rewrite to proxy to the back end Apache2/MP2 system. Boysenberry> I was wondering if $ENV{HTTP_X_FORWARDED_HOST} is a reliable way Boysenberry> to determine the domain of the request; or is it easily spoofed? telnet your.server.example.com 80 GET /some/url HTTP/1.0 X-forwarded-for: some-other-host CR CR Yeah, that's tough to spoof. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!