Hello Yann,
ylavic: I would have liked more (doc) emphasis on the lower security of
"Require forward-dns" vs "Require host"'s double DNS lookup
How about adding something like:
From a security perspective, getting access to a protected page is somehow
easier with "forward-dns" because the attacker needs only to control the
DNS for the domain, while they would also need to control the reverse DNS
with "host". Now, if you have important confidential data, they would not
be only protected by host-based authorizations, would they?
--
Fabien.
