Leonardo Rochael Almeida wrote: > RewriteRule ^(.*)$ >http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:%{SERVER_PORT}/some/folder/VirtualHostRoot$1 > [P,L] > > This way you don't have to worry about what hostname the user uses to > access their site.
Ugh. The host header should be considered tainted data, and you just slapped it into a proxy request blindly. This probably isn't a good idea. Apache is only going to hold your hand so much here when it comes to protecting against various attempts at coercion. Go read src/main/http_vhost.c from the apache 1.3 source, jump down to around line 690. Apache's sanity checking is done in the context of the filesystem, not Zope URI space. There are things its going to let through which could lead to undesired behavior--underscores, question marks--use your imagination. (btw, your pattern is goofy, you don't need the ^ or $, (.*) is greedy enough by itself) -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway." -Holly _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )