httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Schoenborn <scho...@cae.com>
Subject RE: [users@httpd] :Mod rewrite
Date Mon, 11 Jan 2010 14:20:35 GMT
> From: Marcin 'Rambo' Roguski [mailto:rambo@id.uw.edu.pl]
> 
> >> Instead of display  a dummy url :
> >> http://s1.ncs.com/inventoryappl
> 
> > spoofing DNS, I'm not at all sure what he was talking about
> 
> From my understanding the question was if one can hide real url and
> display a fake one at users client (i.e. browser).

Marcin, I'm also curious about your statement about security hole when spoofing a domain name
via mod-rewrite. Isn't mod-rewrite *all* about spoofing URL's (which can include domain name
part)? OK, it is used to remap URL trees for moving / restructuring a website (which is not
spoofing) but it is also used to allow for more user-friendly URL's that are then mapped to
various servers, web apps etc, which *is* a kind of spoofing. Similarly, manipulate domain
name given by client to infer real URL to use in backend (also kind of spoofing). 
Oliver

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message