FUDforum: comp.lang.php » When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script?

Home » Imported messages » comp.lang.php » When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script?

Show: Today's Messages :: Polls :: Message Navigator

Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179839 is a reply to message #179832]

Tue, 11 December 2012 16:26

M. Strobel
Messages: 386
Registered: December 2011

Karma:

Senior Member

Am 11.12.2012 11:53, schrieb Tony Marston:
> I always understood than when activated through a web browser that
> $_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] identified the domain name under
> which the script was being run, but I have come across some instances where both
> SERVER_NAME and HTTP_HOST appear to be spoofed, and I wondered if this is legitimate
> or not.
>
> I have an application which exists on a live server and a test server, with a
> different database for each, and they both share a common config file which
> identifies which server it is running on so that it can use the relevant database
> credentials. If the server name does not match either of the live or test domain
> names (such as mydomain.com and test.mydomain.com) then it uses invalid credentials
> which causes an error when attempting to access the database. I never though that
> this error would ever appear, but lately I have been getting errors such as the
> following:
>
> Fatal Error: mysqli_connect(): Access denied for user 'default'@'localhost' (using
> password: YES).
> Error in line 259 of file
> '/var/www/vhosts/mydomain.com/httpdocs/transix/includes/dml.mysqli.class.in c'.
> PHP_SELF: /index.php
> CURRENT DIRECTORY: /var/www/vhosts/mydomain.com/httpdocs
> SERVER_ADDR: nnn.nnn.nnn.nnn
> SERVER_NAME: www.yahoo.com
> HTTP_HOST: www.yahoo.com
> REMOTE_ADDR: 109.108.142.236
> REQUEST_URI: http://www.yahoo.com/
>
> In order to run this script on my live server the URL should have been
> www.mydomain.com but here you can see it reported as www.yahoo.com. How is this
> possible?

I can think of several ways:

The client did not use HTTP/1.1 = client request without a hostname

Something like apache mod_rewrite on the server is doing it

any other misconfiguration on the server sites (hopefully temporary)

/Str.

Report message to a moderator

[Message index]

		When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Tue, 11 December 2012 10:53
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Scott Johnson on Tue, 11 December 2012 13:28
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Paul Herber on Tue, 11 December 2012 14:01
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Wed, 12 December 2012 13:05
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Wed, 12 December 2012 07:25
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Scott Johnson on Wed, 12 December 2012 13:27
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Wed, 12 December 2012 17:22
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Daniel Pitts on Wed, 12 December 2012 18:50
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: The Natural Philosoph on Wed, 12 December 2012 19:34
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Thu, 13 December 2012 06:52
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Anders Wegge Keller on Thu, 13 December 2012 07:02
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: The Natural Philosoph on Thu, 13 December 2012 11:43
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: M. Strobel on Tue, 11 December 2012 16:26
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Wed, 12 December 2012 13:10
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Christoph Becker on Wed, 12 December 2012 12:11
		Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? By: Tony Marston on Wed, 12 December 2012 13:00

Previous Topic:	Recommendations for PHP Chart generation?
Next Topic:	Printing out or displaying for debugging

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 30 16:27:53 GMT 2024

Total time taken to generate the page: 0.05547 seconds