httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: security holes and other fun stuff
Date Mon, 15 Jul 1996 23:16:53 GMT
> At any rate, if you want, there's an undocumented "feature" that will
> deactive host-header based resolving for a virtual host: make the
> ServerName end with a dot, e.g. "ServerName" - it
> should still be a valid name, but the Apache code that checks Host:
> headers will never find a match for it, because it strips off trailing
> dots.

	Would you suggest using this to workaround the port-number
virtual host bug I found? I am really edgy about doing a release of
apache-ssl-us with the patch I posted because I'm not familiar with
the code and I'm pretty sure my patch doesn't really fix things in the
right way.

Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider

View raw message