httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcin 'Rambo' Roguski" <>
Subject RE: [users@httpd] :Mod rewrite
Date Mon, 11 Jan 2010 14:32:26 GMT
> Marcin, I'm also curious about your statement about security hole when
> spoofing a domain name via mod-rewrite. Isn't mod-rewrite *all* about
> spoofing URL's (which can include domain name part)?

As you mentioned, remapping is not the same as spoofing. Imagine someone's
ability to send you back URI as the current domain
when you're actually at (obviously, that's simply
impossible, but if you look at the senders question, it's kinda that what
he's trying to achieve - of course, in this case, with innocent subdomain

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message