httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcin 'Rambo' Roguski" <ra...@id.uw.edu.pl>
Subject RE: [users@httpd] :Mod rewrite
Date Mon, 11 Jan 2010 14:32:26 GMT
> Marcin, I'm also curious about your statement about security hole when
> spoofing a domain name via mod-rewrite. Isn't mod-rewrite *all* about
> spoofing URL's (which can include domain name part)?

As you mentioned, remapping is not the same as spoofing. Imagine someone's
ability to send you back URI www.yourbankname.com as the current domain
when you're actually at nastysite.thief.com (obviously, that's simply
impossible, but if you look at the senders question, it's kinda that what
he's trying to achieve - of course, in this case, with innocent subdomain
spoofing)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message