FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179839 is a reply to message #179832] Tue, 11 December 2012 16:26 Go to previous messageGo to previous message
M. Strobel is currently offline  M. Strobel
Messages: 386
Registered: December 2011
Karma:
Senior Member
Am 11.12.2012 11:53, schrieb Tony Marston:
> I always understood than when activated through a web browser that
> $_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] identified the domain name under
> which the script was being run, but I have come across some instances where both
> SERVER_NAME and HTTP_HOST appear to be spoofed, and I wondered if this is legitimate
> or not.
>
> I have an application which exists on a live server and a test server, with a
> different database for each, and they both share a common config file which
> identifies which server it is running on so that it can use the relevant database
> credentials. If the server name does not match either of the live or test domain
> names (such as mydomain.com and test.mydomain.com) then it uses invalid credentials
> which causes an error when attempting to access the database. I never though that
> this error would ever appear, but lately I have been getting errors such as the
> following:
>
> Fatal Error: mysqli_connect(): Access denied for user 'default'@'localhost' (using
> password: YES).
> Error in line 259 of file
> '/var/www/vhosts/mydomain.com/httpdocs/transix/includes/dml.mysqli.class.in c'.
> PHP_SELF: /index.php
> CURRENT DIRECTORY: /var/www/vhosts/mydomain.com/httpdocs
> SERVER_ADDR: nnn.nnn.nnn.nnn
> SERVER_NAME: www.yahoo.com
> HTTP_HOST: www.yahoo.com
> REMOTE_ADDR: 109.108.142.236
> REQUEST_URI: http://www.yahoo.com/
>
> In order to run this script on my live server the URL should have been
> www.mydomain.com but here you can see it reported as www.yahoo.com. How is this
> possible?

I can think of several ways:

The client did not use HTTP/1.1 = client request without a hostname

Something like apache mod_rewrite on the server is doing it

any other misconfiguration on the server sites (hopefully temporary)

/Str.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Recommendations for PHP Chart generation?
Next Topic: Printing out or displaying for debugging
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 21:46:36 GMT 2024

Total time taken to generate the page: 0.04721 seconds