httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Schoenborn <>
Subject RE: [users@httpd] :Mod rewrite
Date Mon, 11 Jan 2010 14:20:35 GMT
> From: Marcin 'Rambo' Roguski []
> >> Instead of display  a dummy url :
> >>
> > spoofing DNS, I'm not at all sure what he was talking about
> From my understanding the question was if one can hide real url and
> display a fake one at users client (i.e. browser).

Marcin, I'm also curious about your statement about security hole when spoofing a domain name
via mod-rewrite. Isn't mod-rewrite *all* about spoofing URL's (which can include domain name
part)? OK, it is used to remap URL trees for moving / restructuring a website (which is not
spoofing) but it is also used to allow for more user-friendly URL's that are then mapped to
various servers, web apps etc, which *is* a kind of spoofing. Similarly, manipulate domain
name given by client to infer real URL to use in backend (also kind of spoofing). 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message