Jamie Heilman wrote:
And here's an argument which is not security related:Leonardo Rochael Almeida wrote:RewriteRule ^(.*)$ http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:%{SERVER_PORT}/some/folder/VirtualHostRoot$1 [P,L] This way you don't have to worry about what hostname the user uses to access their site.[security considerations snipped]
This RewriteRule is broken, because HTTP_HOST might contain the port number. IIRC, wget does this, and the HTTP RFC does allow that.
cheers,
oliver
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )