On Sat, 17 Dec 2005 16:51:20 -0600
Boysenberry Payne <[EMAIL PROTECTED]> wrote:
> Hello Everyone,
>
> I'm using a two server system. Front end Apache 1.33/php4
> uses mod_proxy
> and mod_rewrite to proxy to the back end Apache2/MP2 system.
>
> I was wondering if $ENV{HTTP_X_FORWARDED_HOST} is a reliable
> way to determine the domain of the request; or is it easily spoofed?
The best way to do this is to use the virtual hosts on the front
end to your advantage. So on the front end you "tell" the backend
which domain it came from:
<VirtualHost domain.com:80>
ProxyPass / http://localhost:8080/domain.com/
ProxyPassReverse / http://localhost:8080/domain.com/
</VirtualHost>
By passing in the domain this way you can see where it came from.
I'm sure there are probably a number of other ways to get this done,
but that was the first that popped into my head.
Also, any reason you're writing your own IP restrictions instead of
just using allow from/deny from in Apache?
---------------------------------
Frank Wiles <[EMAIL PROTECTED]>
http://www.wiles.org
---------------------------------
