httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] Multiple URLs / One Site
Date Tue, 27 Apr 2004 18:29:15 GMT
On 27 Apr 2004 Joshua Slive wrote:

> Yes.  The most common case is a trailing-slash redirect: When someone
> requests a directory without the trailing slash, apache must redirect them
> to the same URL with a trailing slash added.

Got it, thanks.  Now why doesn't it just add the slash?  Maybe I don't 
want to know :-).

> Also, the server name is used in server-generated error documents and
> things like that.

Good point.  I imagine it must be used in the logs too, though I 
haven't looked at the logging setup yet.

> Nothing major.  You should just be sure not to rely on the SERVER_NAME
> environment variable, since an attacker could specify whatever he wants
> there.

I just checked and I'm not using this.  I'm trying to understand the 
mechanism though -- does an attacker have to map the server name they 
want to use to my IP then reference that as a URL, or can they do it 
without a DNS hack?



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message