Greg, This is a clever hack. Nice job.
The only concern I have is a security concern -- I'm worried any time I see the server emitting user-generated content without first performing some validation on it. For this reason, I think it would best if the host header could be compared to some list of valid hosts on the server, be it entries in a directory, database records, or something else. Off the top of my head, I can't think of a way to exploit the hack you've made, but I' m not thinking too hard. Also, it may be possible to exploit other people' s browsers by providing an URL that resolves, somehow, to your server, but on redirect causes the visitor's browser to do a Bad Thing, so it wouldn't be your server that's compromised, but other peoples' browsers. Pete.
