Using the PerlPreConnectionHandler in my original post they would
only be able to do it from a server in my IP hash and they don't have
telnet access on that server. But I see your point.
In my situation I have a bunch of domains on a couple of IPs I mostly
want to make sure they come from those IPs, then find a way to know
which domain the proxy originates from.
Maybe I should have asked is there a more reliable way than using
$ENV{HTTP_X_FORWARDED_HOST} to determine the domain
of an originating proxy request in a two tier system as I described?
Boysenberry
boysenberrys.com | habitatlife.com | selfgnosis.com
On Dec 17, 2005, at 5:24 PM, Randal L. Schwartz wrote:
"Boysenberry" == Boysenberry Payne <[EMAIL PROTECTED]>
writes:
Boysenberry> I'm using a two server system. Front end Apache
1.33/php4
Boysenberry> uses mod_proxy
Boysenberry> and mod_rewrite to proxy to the back end Apache2/MP2
system.
Boysenberry> I was wondering if $ENV{HTTP_X_FORWARDED_HOST} is a
reliable way
Boysenberry> to determine the domain of the request; or is it easily
spoofed?
telnet your.server.example.com 80
GET /some/url HTTP/1.0
X-forwarded-for: some-other-host
CR
CR
Yeah, that's tough to spoof. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777
0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!