httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trli...@clayst.com
Subject Re: [users@httpd] Multiple URLs / One Site
Date Tue, 27 Apr 2004 18:29:15 GMT
On 27 Apr 2004 Joshua Slive wrote:

> Yes.  The most common case is a trailing-slash redirect: When someone
> requests a directory without the trailing slash, apache must redirect them
> to the same URL with a trailing slash added.

Got it, thanks.  Now why doesn't it just add the slash?  Maybe I don't 
want to know :-).

> Also, the server name is used in server-generated error documents and
> things like that.

Good point.  I imagine it must be used in the logs too, though I 
haven't looked at the logging setup yet.

> Nothing major.  You should just be sure not to rely on the SERVER_NAME
> environment variable, since an attacker could specify whatever he wants
> there.

I just checked and I'm not using this.  I'm trying to understand the 
mechanism though -- does an attacker have to map the server name they 
want to use to my IP then reference that as a URL, or can they do it 
without a DNS hack?

Thanks,

--
Tom




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message