> We've been using host header names for quite some time, though not
> specifically as a security measure. It forces the browser to provide an
HTTP
> Host header to identify the from which FQDN it's requesting. This allows
you
> to bind multiple virtual servers to a single IP address (which is why we
use
> it).
Yes, I use it myself for that very same reason, but I always left the
default directory in there as well using the IP address of that machine and
no host header. We do have one server that has no domain names and no host
headers. I was wondering if it would make sense to point a domain name to
it and use host headers exclusively. Basically you're saying that it's an
option now but the next worm may be able to circumvent this as well using
simple reverse DNS lookup.
Good info. Thanks.
tom
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
