Return-Path: 
 <users-return-92923-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 21098 invoked from network); 11 Jan 2010 14:22:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 11 Jan 2010 14:22:14 -0000
Received: (qmail 93961 invoked by uid 500); 11 Jan 2010 14:22:11 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 93926 invoked by uid 500); 11 Jan 2010 14:22:11 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 93917 invoked by uid 99); 11 Jan 2010 14:22:11 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jan 2010 14:22:11 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=SPF_PASS,UNPARSEABLE_RELAY
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of schoenb@cae.com designates
 142.39.200.100 as permitted sender)
Received: from [142.39.200.100] (HELO mail3.cae.ca) (142.39.200.100)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jan 2010 14:21:59 +0000
Received: from mail3.cae.ca (localhost [127.0.0.1])
Received: from caeims02.caecorp.cae.com (caeims02.cae.ca [142.39.249.238])
Received: from caemex01.caecorp.cae.com ([142.39.21.52]) by
 caeims02.caecorp.cae.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 11 Jan 2010 09:20:35 -0500
Received: from caehub01.caecorp.cae.com ([142.39.21.50]) by
 caemex01.caecorp.cae.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 11 Jan 2010 09:20:34 -0500
Received: from CAEHUB02.caecorp.cae.com (142.39.20.44) by
 caehub01.caecorp.cae.com (142.39.21.50) with Microsoft SMTP Server (TLS) id
 8.1.340.0; Mon, 11 Jan 2010 09:20:34 -0500
Received: from CAEMEX80.caecorp.cae.com ([142.39.19.23]) by
 caehub02.caecorp.cae.com ([142.39.20.44]) with mapi; Mon, 11 Jan 2010
 09:20:34 -0500
From: Oliver Schoenborn <schoenb@cae.com>
To: "users@httpd.apache.org" <users@httpd.apache.org>
Date: Mon, 11 Jan 2010 09:20:35 -0500
Thread-Topic: [users@httpd] :Mod rewrite
Thread-Index: AcqSwbDdRmEstLyJQBG+S3lBoYkbLwABoUHA
Message-ID: 
 <F9A1252A5C3CEF4C8C2F70752F372BF60B5DDBCE@CAEMEX80.caecorp.cae.com>
References: <e37498431001071006g72512783y555f96e225ae5a9c@mail.gmail.com>
    <88911.18160.qm@web110013.mail.gq1.yahoo.com>
    <1263020827.4b482b1be856d@arrowana.singnet.com.sg>
    <hi9dlp$6kl$1@ger.gmane.org>
    <1263102500.4b496a24cca31@discus.singnet.com.sg>
    <5ddb50771001092252m39d8f5e1n486a41b521cf4409@mail.gmail.com>
    <1263214346.4b4b1f0a1154a@arrowana.singnet.com.sg>
    <2EAA7C1A-C283-4DE9-B222-84FA3EA641C4@rcbowen.com>
 <c44a95a81811f479f070595f35986b26.squirrel@webmail.id.uw.edu.pl>
In-Reply-To: <c44a95a81811f479f070595f35986b26.squirrel@webmail.id.uw.edu.pl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
x-tm-as-product-ver: SMEX-8.0.0.4125-6.000.1038-17124.004
x-tm-as-result: No--45.323700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 11 Jan 2010 14:20:34.0822 (UTC)
 FILETIME=[3D501260:01CA92C9]
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: RE: [users@httpd] :Mod rewrite

> From: Marcin 'Rambo' Roguski [mailto:rambo@id.uw.edu.pl]
>=20
> >> Instead of display  a dummy url :
> >> http://s1.ncs.com/inventoryappl
>=20
> > spoofing DNS, I'm not at all sure what he was talking about
>=20
> From my understanding the question was if one can hide real url and
> display a fake one at users client (i.e. browser).

Marcin, I'm also curious about your statement about security hole when spoo=
fing a domain name via mod-rewrite. Isn't mod-rewrite *all* about spoofing =
URL's (which can include domain name part)? OK, it is used to remap URL tre=
es for moving / restructuring a website (which is not spoofing) but it is a=
lso used to allow for more user-friendly URL's that are then mapped to vari=
ous servers, web apps etc, which *is* a kind of spoofing. Similarly, manipu=
late domain name given by client to infer real URL to use in backend (also =
kind of spoofing).=20
Oliver

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org