FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179861 is a reply to message #179860] Thu, 13 December 2012 06:52 Go to previous messageGo to previous message
Tony Marston is currently offline  Tony Marston
Messages: 57
Registered: November 2010
Karma:
Member
"The Natural Philosopher" wrote in message
news:kaam8e$n67$1(at)news(dot)albasani(dot)net...
>
> On 12/12/12 18:50, Daniel Pitts wrote:
>> On 12/12/12 9:22 AM, Tony Marston wrote:
>>> "Scott Johnson" wrote in message news:kaa0on$qjt$1(at)dont-email(dot)me...
>>>>
>>>> On 12/11/2012 11:25 PM, Tony Marston wrote:
>>>>
>>>> >> You may try phpinfo() to get the full list of data/variables set by
>>>> >> your server. Some here may ask for that info to help you further.
>>>> >
>>>> > The output from phpinfo() looks perfectly normal and correct. It shows
>>>> > the expected values for SERVER_NAME and HTTP_HOST.
>>>> >
>>>>
>>>> If you are getting the right value in SERVER_NAME and HTTP_HOST using
>>>> phpinfo() but are then getting a different value when you use the same
>>>> variable in your script, then you have an error in your script.
>>>
>>> These is no error in the script as it runs perfectly for thousands of
>>> requests, but occasionally it fails because $_SERVER['SERVER_NAME'] and
>>> $_SERVER['HOST_NAME'] contain values which are different from those
>>> which I expect and which are reported by phpinfo(). It appears that is
>>> *IS* possible for the client to spoof these values, as reported in
>>> http://shiflett.org/blog/2006/mar/server-name-versus-http-host
>>>
>>
>> The way that HTTP works, is that the client connects to the IP address,
>> and then sends the host name it was trying to connect to as part of the
>> headers. eg. Host: www.example.com. This allows for many virtual hosts
>> on a single IP/Port.
>>
>> What could happen is that someone's DNS is pointing to your IP, and so
>> you receive a request that was meant for a different URL.
>
> all of which can be overcome by setting up the web server to reject or
> redirect requests that have the wrong 'host' parameter...

And exactly how might that be done, O Great One?

--
Tony Marston

http://www.tonymarston.net
http://www.radicore.org
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Recommendations for PHP Chart generation?
Next Topic: Printing out or displaying for debugging
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 16:35:22 GMT 2024

Total time taken to generate the page: 0.04667 seconds