>>>>> "Boysenberry" == Boysenberry Payne <[EMAIL PROTECTED]> writes:
Boysenberry> I'm using a two server system. Front end Apache 1.33/php4
Boysenberry> uses mod_proxy
Boysenberry> and mod_rewrite to proxy to the back end Apache2/MP2 system.
Boysenberry> I was wondering if $ENV{HTTP_X_FORWARDED_HOST} is a reliable way
Boysenberry> to determine the domain of the request; or is it easily spoofed?
telnet your.server.example.com 80
GET /some/url HTTP/1.0
X-forwarded-for: some-other-host
CR
CR
Yeah, that's tough to spoof. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
