On Fri, Apr 11, 2014 at 10:34 AM Andre Nathan <andre...@gmail.com> wrote:
> The issue I'm facing is that a malicious user would still be able to find > the real server address via Apache's SERVER_ADDR environment variable, eg. > from a PHP script. I tried using SetEnv / SetEnvIf to change it's value or > unset it, but apparently this is not possible. I believe writing a module > to do just that won't work either, since as I understand it, the variable > is set after all modules are processed. > Sorry for reviving an ancient thread, but it could be useful for the archives. I've just found out that this has been possible since 2.4.26 using ProxyFCGISetEnvIf. Regards, Andre
