Hold on a second.
That's still not going to be a good spoof because you also would check
REMOTE_CLIENT as usual, and expect to always see your front-end's IP
there, so Randal's example isn't completely accurate, since you'll see
the real client's IP there and thus know not to trust the
On Dec 17, 2005, at 5:56 PM, Frank Wiles wrote:
The best way to do this is to use the virtual hosts on the front
end to your advantage. So on the front end you tell the backend
which domain it came from:
VirtualHost domain.com:80
ProxyPass / http://localhost:8080/domain.com/
Hello Everyone,
I'm using a two server system. Front end Apache 1.33/php4 uses
mod_proxy
and mod_rewrite to proxy to the back end Apache2/MP2 system.
I was wondering if $ENV{HTTP_X_FORWARDED_HOST} is a reliable way
to determine the domain of the request; or is it easily spoofed?
Boysenberry == Boysenberry Payne [EMAIL PROTECTED] writes:
BoysenberryI'm using a two server system. Front end Apache 1.33/php4
Boysenberry uses mod_proxy
Boysenberry and mod_rewrite to proxy to the back end Apache2/MP2 system.
BoysenberryI was wondering if $ENV{HTTP_X_FORWARDED_HOST}
Using the PerlPreConnectionHandler in my original post they would
only be able to do it from a server in my IP hash and they don't have
telnet access on that server. But I see your point.
In my situation I have a bunch of domains on a couple of IPs I mostly
want to make sure they come from
On Sat, 17 Dec 2005 16:51:20 -0600
Boysenberry Payne [EMAIL PROTECTED] wrote:
Hello Everyone,
I'm using a two server system. Front end Apache 1.33/php4
uses mod_proxy
and mod_rewrite to proxy to the back end Apache2/MP2 system.
I was wondering if $ENV{HTTP_X_FORWARDED_HOST}