httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <>
Subject Re: Apache VirtualHost design
Date Fri, 16 Mar 2001 07:56:49 GMT
On Fri, 9 Mar 2001, Simon Kirby wrote:

> So, well, what's the point?  I don't see any advantage to this change.

the point, which i think lots of folks have forgotten, is that there are
security problems with using DNS names controlled by your customers in
your VirtualHost statements.

it's a really convoluted attack, and depends on the ordering of the
virtualhost sections.  i went over it several times in the archives when i
implemented these changes.

if folks want to revamp the model that's cool, but it's probably worth a
search to go over the details again.


View raw message